You are now in the main content area

How does Privacy by Design Certification work?

The Privacy by Design Certification process begins when your organization submits a Privacy by Design application which can be found word filehere. The Privacy by Design Centre of Excellence reviews your application, afterword your information is forwarded to Deloitte our assessment partner, to begin the assessment process.

We have partnered with Deloitte Canada to provide assessment services for the Privacy by Design Certification. Assessment services will be carried out under a separate agreement between your organization and Deloitte.  Deloitte will scrutinize the product(s), services(s) and/or offering(s) being certified, conduct interviews, and examine operational processes. Deloitte will then issue a report based on the assessment methodolgy and scorecard technique developed exclusively for Privacy by Design Certification which examines the organization’s adherence to Privacy by Design. The criteria are based on the 7 Foundational Principles of Privacy by Design:

  1. Proactive not Reactive; Preventative not Remedial
  2. Privacy as the Default Setting
  3. Privacy Embedded into Design
  4. Full Functionality – Positive-Sum, not Zero-Sum
  5. End-to-End Security – Full Lifecycle Protection
  6. Visibility and Transparency – Keep it Open
  7. Respect for User Privacy – Keep it User-Centric

Upon completion of the assessment, Deloitte’s report will be forwarded to both your organization and the Privacy by Design Centre of Excellence for review. After examining the report, Ryerson's Privacy by Design Centre of Excellence will issue a decision as to whether certification will be granted. Successful applicants will be granted the use of our Certification Shield on any material related to your certified products, services or offerings and will be listed on our website so that customers can indepdently validate your certification.

Successful applicants who have been granted the use of our Certification Shield will demonstrate to the public and consumers alike their commitment to privacy. Our shield is a validation of an organization’s privacy framework, showing that an organization is well-equipped to meet the needs of today’s privacy conscious consumer.

Certifications are valid for a three year period, but must be renewed annually. We will remind you well in advance of your anniversary period with all the details on how to keep your certification current.

An important part of renewing your certification is an attestation form in which your organization attests that there has been no change which would affect your certification.

When Ryerson is satisfied with your attestation and upon payment of the renewal fee, your Privacy by Design Certification is renewed for another year.