Information security and privacy by design