In 1995, an important report was published by Canadian and Dutch information commissioners which introduced the concept of ‘‘Privacy by Design’’. It sets out seven principles that should be considered when designing your organisation’s systems and processes which would safeguard people’s privacy. The report was accompanied by the conviction of its authors that privacy by design was essential if we, the consumer, were to trust business and governments to look after our personal data. If the authors had known then what a data mart the world would become they might have baulked at the enormity of the task of building privacy into our organisation’s procedures and IT architecture. Data have become a currency. Over 20 years later, privacy by design has hardly made a dent. The incentive for change has been missing. But the time has now come to think differently. Finally, the impetus for building privacy by design into your organisation’s data architecture is there.