Privacy By Design
Trigger Boundary
- •Use when user data is collected, transformed, or exposed by a feature.
- •Do not use for low-level vulnerability triage only; use
security-*. - •Do not use for post-incident retrospective artifacts; use
incident-postmortem.
Goal
Make privacy controls explicit and enforceable before implementation.
Inputs
- •Feature scope and data-flow summary
- •Data categories, storage paths, and transfer boundaries
- •Regulatory obligations for US, Japan, and EU markets
Outputs
- •Privacy control matrix with ownership
- •Data minimization and retention decisions
- •User-rights and consent handling requirements
Workflow
- •Map data lifecycle from collection to deletion.
- •Define lawful basis and consent handling rules.
- •Minimize collected data and remove unnecessary identifiers.
- •Define retention, deletion, and access-control policies.
- •Validate cross-border transfer and audit requirements.
Quality Gates
- •Every personal data element has explicit purpose and lawful basis.
- •Retention/deletion behavior is defined and testable.
- •User-rights request flow is operationally feasible.
- •Required privacy approvals are documented.
Failure Handling
- •Stop when lawful basis or purpose limitation is undefined.
- •Escalate when cross-border transfer safeguards are missing.