Extending the value chain to incorporate privacy by design principles

Morgan et al. (2009) examine the notion of corporate citizenship and suggest that for it to be effective companies need to minimize harm and maximizebenefits through its activities and, in so doing, take account of and be responsive to afull range of stakeholders. Specifically, they call for a “next generation” approach tocorporate citizenship that embeds structures, systems, processes and policies into andacross the company’s value chain. We take this notion of corporate citizenship andapply it to Privacy by Design concepts in a value chain model. Privacy by Design iscomprised of Seven Foundational Principles (Cavoukian 2009), and as we developthe Privacy by Design Value Chain, those principles are incorporated. First, weexamine the primary activities in the value chain and consider each of these sevenprinciples, and then we extend the analysis to the support activities. Finally, weconsider privacy implications and the challenges to be faced in supply chain andfederated environments. Designing privacy into the value chain model is a practical, business view of organizational and privacy issues. This puts privacy where itbelongs in an organization—everywhere personal information exists. We concludethat further research is needed to consider the internal stakeholders’ communicationsamong the various departments within an organization with the goal of bettercommunications and shared values, and we believe the value chain approach helpsto further this research agenda. Also, federated environments necessitate thatorganizations can “trust” their third parties providers. Research and case studies areneeded regarding how these organizations can create value and competitiveadvantages by voluntarily providing their customers with privacy practicecompliance reports. For the most part, the future is bright for the protection ofpersonal information because solutions, not problems are being proposed, researched, developed and implemented