This panel discussion introduces one of CSA’s newest research initiatives, Implementing Privacy by Design and Default (PbDD) within DevSecOps. Researchers discuss current findings, including their approach to successfully selling privacy internally. Using Design Thinking (DT) and Human-Centered Design (HCD) based methodologies, researchers discuss how they were able to identify what really matters to stakeholders—as well as key drivers that propelled the PbDD project under study forward.
Situated non-exclusively within the DevSecOps Six Pillars framework, the current research provides additional considerations to existing processes. Of note is the use of real-world Scenario-Based Design (or modeling) to further clarify the problem and solution spaces of implementation contexts, activating essential organizational dynamics where solution-based innovations may emerge.
The scenario? A global company diagnosing infectious diseases using a downloadable AI-assisted Software as a Medical Device (SaMD) with an opportunity—an exclusive government partnership and blank check. The feasibility challenge? Compliance with all global data protection and privacy regulations.