To review, here are the important points to consider when you're designing for privacy and security:
Understand the information in your directory, how it needs to be protected, and from whom it needs to be protected.
Think about who might want to compromise the security of your directory and their motives for doing so.
Understand the ways in which the security of your directory can be compromised.
Familiarize yourself with the various tools and techniques you can use to secure your directory.
Understand the sensitivity of the data stored in your directory.
If replication or synchronization is used, understand the places to which directory content is being replicated or synchronized.
Understand the network environment and the capabilities it might offer a hostile person.
Consider the physical security of the directory servers and backups of the directory data.
Be aware of any company policies and legal requirements that may apply to you.
When designing your directory, strike a balance between security requirements and usability.