Privacy by Design: Mission Impossible

Greetings, Architects!

This week, we enter the digital danger zone: that twilight realm where data must be both available to everyone and private from everyone. Yes, it's time to tackle the ultimate paradox in enterprise architecture — Privacy by Design in a world that wants it all.

The Main Story: Stakeholder Schizophrenia

Meet our protagonist, Dana — the Enterprise Architect whose job description now reads like a spy thriller. One minute, Legal wants airtight privacy. The next, Marketing demands "real-time behavioral analytics down to the customer's shoe size." IT wants clean role-based access. HR wants audit trails. Finance wants plausible deniability.

Cue Dana, nodding slowly, whispering:
"So… you want zero trust… but full trust?"

A project kickoff begins with this stunning briefing from the CISO:

“We need end-to-end encryption, open APIs, GDPR compliance, and maybe just a sprinkle of biometric tracking. But discreet. Oh, and the Board still wants dashboards.”

Dana tightens the metaphorical black turtleneck. It's an impossible mission. Naturally, Dana accepts.

TOGAF to the Rescue (With a Straight Face)

Enter Phase E: Opportunities and Solutions. TOGAF reminds us to define constraints before designing solutions, but in Dana’s world, constraints mutate hourly.

She pulls out trusty TOGAF artifacts:

  • The Business Architecture viewpoint: clearly outlines who needs what data and why (a.k.a. “Who will yell the loudest in meetings”)

  • The Information System Architecture: mapping data flows and ownership (and politely ignoring that everyone thinks they own everything)

  • The Risk Catalog: filled with real risks, imagined risks, and “risks Legal heard about at a conference”

Educational Twist: A Real Privacy-By-Design Survival Kit

  • Start with Purpose: Know the real business value of the data. If it's just “because we can,” stop.

  • Map Roles to Goals: Use TOGAF's Capability Maps to match access with actual responsibility.

  • Segment Everything: Apply TOGAF’s Architecture Partitioning to isolate data domains.

  • Bake in Governance: Establish policy through Architecture Governance Frameworks, not post-incident emails.

Humor in Diagrams

Share and Connect

Ever tried designing a privacy-first architecture for a company that uses 12 SaaS tools and three freelancers named ‘admin’? Share your horror stories — anonymized, of course.

Next Week’s Tease

The Myth of the Omniscient Enterprise Architect — how to survive when everyone thinks you know everything (including how to fix the printer).