A Practice Note discussing the privacy and data security issues organizations should consider when developing a new product or service. This Note focuses on the Privacy by Design Principles, discusses the FIPPs, ISO 31700-1 and 31700-2 standards, and various legal obligations in the EU, UK, US, and Brazil. This Note also includes special considerations for financial services products, health and fitness applications using biometric data, artificial intelligence, products and services used by children, and connected devices and the internet of things (IoT).