Course Release Date: June 4, 2021

D111- Privacy Design Strategies

Approximate Length – 15 Minutes

Intended Audience – Privacy Engineers and other Privacy Professionals, Security Engineers,  Software Developers, Managers, Architects and Engineers.

Lesson Description

NIST 800-53 rev 5 lists over a thousand security and privacy controls. Where to begin? Privacy by design mandates a strategic approach to mitigating privacy risks. 

Professor Jaap-Henk Hoepman, of Radboud University, has identified eight privacy design strategies and an underlying 26 tactics to mitigate privacy and security risks. This lesson meticulously goes through each tactic with example of each. 

Learning Areas

  • Hoepman Privacy Design Strategies
  • Minimize: Exclude, Select, Strip, Destroy
  • Separate: Isolate and Distribute
  • Hide: Restrict, Obfuscate, Mix, and Dissociate
  • Abstract: Group and Summarize
  • Enforce: Create, Maintain, Uphold
  • Demonstrate: Record, Audit, and Report
  • Inform: Supply, Notify, Explain
  • Control: Consent, Choose, Update, and Retract

Lesson Objectives

Participants will learn the eight privacy design strategies:

  • Four Technical Strategies: Minimize, Separate, Abstract, and Hide
  • Four Process Oriented Strategies: Enforce, Demonstrate, Inform, and Control


Additional detail about the privacy notice design space for UI/UX developer in course U104.


This lesson will prepare designers and developers to create interfaces purposefully designed not to manipulate users.