Privacy-by-design

Privacy-by-design (PbD) is a framework that was developed in the 1990s by Dr Ann Cavoukian and has since been adopted by the Global Privacy Assembly. PbD’s purpose is to protect data, the data owners, data custodians, and those who exchange data in digital environments. It is built on seven principles:

1. Proactive not reactive, preventative not remedial

2. Privacy as a default setting

3. Privacy embedded into design

4. Full functionality: positive-sum not zero-sum

5. End-to-end security – full lifecycle protection

6. Visibility and transparency – keep it open

7. Respect for user privacy – keep it user centric

PbD is not just about implementing these principles when designing and developing technology solutions, these principles should inform a company’s decision-making and business processes. By considering privacy at all stages of business development as well as privacy awareness with all staff, a company can strive to develop solutions that prevent privacy-related issues.

Meeco’s PbD Implementation

Meeco's solutions are all built with PbD in mind, we never read, mine or sell personal data. We provide the infrastructure for our partners to enable their customers to access, control and exchange their identity and personal data. We maintain user privacy by ensuring that all user data is end-to-end encrypted. This means that there is no way for anyone other than the data owner to view, edit, or manage the data without explicit consent of the owner.

The Meeco Wallet and Enterprise Portal both demonstrate user-centric design. This is visible via their user interfaces (UIs) at each stage of a workflow where information is clearly conveyed to the user. By plainly stating why and where action is required, including providing consent, users can make informed decisions when sharing their data.

We hope that these PbD principles will be adopted by all of our customers when integrating with, implementing and utilising our APIs and supporting components.

Security-by-design

Security-by-design (SbD) is a concept that promotes the inclusion of security considerations at each stage of a product’s lifecycle. For example, instead of a a product development team creating fixes or patches once a security threat has been identified, the entire team considers who, why and how a threat may occur at each stage of planning, design and development. By adopting this approach the final product delivered is more robust, less susceptible to data breaches, and generally more secure for users to engage with.

Meeco’s SbD Implementation

In August 2021, Meeco successfully passed the ISO27001 Security Audit and is now certified in Australia, Belgium and the UK. Meeco has successfully passed several major European and Australian retail bank security audits, along with an independent audit against the NIST Cybersecurity Framework by KPMG. We were able to achieve these outcomes by proving that SbD is implemented throughout our product lifecycle.

Examples of how we achieve SbD are listed below:

Secure Software Development Life Cycle

• Security awareness and training

• Static code analysis

Cybersecurity Mitigation Strategies

• Information Security Manual (ISM) and Essential Eight

• ISO 27001Controls / Security Council

• Azure Security Center / Defender for Cloud

Separation of Concerns

• Separate development and operational teams