Designing inclusive security and privacy 

By CfID UX Designer Sam Yu

As technology and innovation progresses at accelerated rates, privacy and security have become increasingly important. Data and information management and protection, along with its ethical and political dimensions, have become a key focus for industry.   

“Most security and privacy mechanisms were designed with the general population in mind, leaving many specific user groups under-studies and under-served, such as people with disabilities,” 

Dr. Yang Wang, Associate Professor of Information and Computer Science, University of California.  

Despite increasing concerns over privacy and security, most practices and mechanisms have not been designed with considerations for the needs of disability and other marginalised communities. This puts already underserved and more vulnerable communities open to further risks. 

In response to this situation, ‘Inclusive security and privacy’ is an area of research and practice combining designing for privacy with designing for inclusion. The idea of inclusive security and privacy is the design of inclusive mechanisms considerate of different human abilities, characteristics, needs, identifiers, and values. Protective measures should cater to the widest possible range of users. 

The Privacy by Design (PbD) framework, developed by Ann Cavoukian during her tenure as the Information and Privacy Commissioner of Ontaria, is an industry standard for embedding privacy and security considerations throughout the design process. PbD principles have been adopted globally, notably the EU’s General Data Protection Regulation (GPDR), and closer to home, the Commissioner for Privacy and Data Protection in Victoria.  

The seven key principles of Privacy by Design are:   

  • Proactive not reactive; preventative not remedial  
  • Privacy as the default setting  
  • Privacy embedded into design  
  • Full functionality – positive-sum, not zero sum  
  • End-to-end security – full lifecycle protection  
  • Visibility and transparency – keep it open  
  • Respect for user privacy – keep it user-centric  

For more information on Privacy by Design, see the resources at the end of this article.  

The Privacy by Design framework has been criticised for being too generalised and lacking in actionable guidance, and thus difficult to implement and enforce. Even so, the framework still promotes a strong approach and mindset with its focus on inclusion and accessibility.  

To support the implementation of PbD principles, here are some practical ways to make security and privacy more inclusive: 

Understanding diverse needs  

The first step to designing more inclusively is to understand the different, unique and specific needs of users. This simply involves doing the research, listening to and learning from the experiences of those who have been traditionally marginalised and underserved by design.  

Designing practices and mechanisms with users  

Participatory approaches, co-designing and community-led practices with users enable them to be directly involved in creating security and privacy mechanisms to meet their needs. Respect, support and learn from those with the lived experiences of exclusion throughout the design process.

Provide alternative mechanisms for accessibility  

Different modes of security and privacy will work for some people and not for others. To accommodate for a greater range of accessibility needs and user preferences, alternative mechanisms should be provided.  

Develop digital and data literacy  

Education and knowledge of the digital tools we use is critical in today’s age. Understanding of data is particularly important and the discussions around data ethics and politics are still emerging and contested. Empowering the public is an important strategy in ensuring privacy and security.  

Seniors with low digital literacy are a group at a particular risk of security and privacy breaches due to their limited knowledge of computer technologies and tools.  

Inclusive privacy and security design leads to benefits for all 

Privacy and security is an issue affecting all users and is becoming an increasingly essential issue in today’s design agenda. An inclusive approach to design provides broader beneficial impact to society. It first highlights the marginalisation of entire communities in society and aims to provide the means to meet their needs. Additionally, privacy and security measures designed to meet the needs of the underserved provides new ways of thinking and approaching the design that may not have been considered previously.   

Designing inclusively is not just a moral imperative, but something which will improve the privacy and security for all of society.  

Additional resources  

Inclusive Privacy Project 

7 Foundational Principles of Privacy by Design 

Privacy by Design: Effective Privacy Management in the Victorian public sector 

Three dimensions of Inclusive Design