Privacy is a dominant concern in every phase of the On!iUs operation and especially for OnliU. It is the breach of privacy in the loss of personal identifying information (PII) that is the driving force in the creation, design and deployment of OnliU.
PII is a primary target for attack in information systems. It is that PII that can be leveraged to gain access to information, physical facilities and benefits that motivates the attacker.
Privacy by Design has been adopted by the US Federal Trade Commission as the privacy best practice for US companies. On!iUs, Inc. enthusiastically embraces Privacy by Design – PbD (https://www.ipc.on.ca/english/privacy/introduction-to-pbd/) in every aspect of our operation. The seven principles of PbD are embedded in our approach to the critical problem we address, the design of our solution, OnliU, and its deployment and operation.
Paramount in our design and the service we provide is minimizing the impact to all concerned by the loss of PII. Our core function is to make stolen PII useless in the hands of the thief. Not only does this provide security for the entity that may have lost the PII to an attacker, but also to other enterprises that may be derivatively attacked using the stolen PII and importantly to the individual who had their PII stolen.
By removing the value of the PII of its use in future attacks, the motive for targeting and stealing the PII in the first place is dramatically diminished. On!iUs, Inc. firmly believes that employing OnliU is essential to any enterprise seeking to protect PII they may possesses and who are committed to employing privacy best practices.
This document will describe to the reader, whether an internal employee of On!iUs, and contractor or vendor of On!iUs, or a customer of On!iUs, the principles behind our design process and the deployment of OnliU.
On!Us, Inc. embraces the seven principles of PbD as follows:
1. Proactive not Reactive; Preventative not Remedial
The OnliU approach is characterized by incorporating in every aspect of its design and operations the criteria and requirement to be proactive rather than reactive measures. OnliU anticipates and prevents privacy invasive events before they happen. OnliU does not wait for privacy risks to materialize, OnliU greatly reduces the impact of a breach and the need for remedies for resolving privacy infractions once they have occurred — OnliU recognizes breaches are likely to occur, but if widely deployed will act to prevent them from occurring in the first place by eliminating the value of stolen PII. In short, OnliU comes before-the-fact, not after.
2. Privacy as the Default Setting
We can all be certain of one thing — the default rules! OnliU delivers the maximum degree of privacy by ensuring that personal data are automatically protected in any given IT system or business practice. If an individual does nothing, their privacy still remains intact. No action is required on the part of the individual to protect their privacy — it is built into the system, by default.
3. Privacy Embedded into Design
Privacy by Design is embedded into the design and architecture of OnliU. It is not bolted on as an add-on, after the fact. The result is that privacy becomes an essential component of the core functionality being delivered. Privacy is integral to the system, and dramatically enhances functionality.
4. Full Functionality — Positive-Sum, not Zero-Sum
OnliU delivers all a positive-sum “win-win” result for the user, not through a dated, zero-sum approach, where unnecessary trade-offs between security and privacy are made. OnliU avoids the pretense of false dichotomies, such as privacy vs. security, OnliU delivers both.
5. End-to-End Security — Full Lifecycle Protection
OnliU, has privacy embedded into the design prior to the first element of information being collected, extends securely throughout the entire lifecycle of the data involved — strong security measures are essential to privacy, from start to finish. OnliU goes one step beyond securely retaining PII; OnliU is designed so that the need for the retention of PII is eliminated completely from our operation. Thus, OnliU ensures cradle to grave, secure lifecycle management of information, end-to-end.
6. Visibility and Transparency — Keep it Open
On!iUs has as a core function and essential element of our value proposition to assure all stakeholders that whatever the business practice or technology involved, it is in fact, operating according to the stated promises and objectives, subject to independent verification. Except for proprietary technology all OnliU component parts and operations remain visible and transparent, to users and providers alike. We invite users and regulators alike to, trust but verify.
7. Respect for User Privacy — Keep it User-Centric
Above all, On!iUs requires its architects and operators to keep the interests of the individual uppermost by offering such measures as strong privacy defaults, appropriate notice, and empowering user-friendly options. We keep it user-centric by embedding as a first principle and driving value proposition the exponential increase in security by devaluing stolen PII to near zero.
© 2016 On!iUs Inc., 15250 Heather Mill Lane, Haymarket, Virginia 20169, USA. All Rights Reserved.