Abstract

Morgan et al. examine the notion of corporate citizenship and suggest that for it to be effective companies need to minimize harm and maximize benefits through its activities and, in so doing, take account of and be responsive to a full range of stakeholders. Specifically, they call for a “next generation” approach to corporate citizenship that embeds structures, systems, processes and policies into and across the company’s value chain. We take this notion of corporate citizenship and apply it to Privacy by Design concepts in a value chain model. Privacy by Design is comprised of Seven Foundational Principles, and as we develop the Privacy by Design Value Chain, those principles are incorporated. First, we examine the primary activities in the value chain and consider each of these seven principles, and then we extend the analysis to the support activities. Finally, we consider privacy implications and the challenges to be faced in supply chain and federated environments. Designing privacy into the value chain model is a practical, business view of organizational and privacy issues. This puts privacy where it belongs in an organization—everywhere personal information exists. We conclude that further research is needed to consider the internal stakeholders’ communications among the various departments within an organization with the goal of better communications and shared values, and we believe the value chain approach helps to further this research agenda. Also, federated environments necessitate that organizations can “trust” their third parties providers. Research and case studies are needed regarding how these organizations can create value and competitive advantages by voluntarily providing their customers with privacy practice compliance reports. For the most part, the future is bright for the protection of personal information because solutions, not problems are being proposed, researched, developed and implemented.