book

The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to Value

by Michelle Finneran Dennedy, Jonathan Fox, Thomas R. Finneran

January 2014

Intermediate to advanced

400 pages

11h 8m

English

Apress

Read now

Unlock full access

The Relationship Between Information Technology Innovation and Privacy The Information Age The Dawning of the Personal Information Service EconomyConclusion
What Is Privacy?Privacy Engineering Personal Information PrivacyFair Information Processing Principles and the OECD GuidelinesOther Governance Standards of which to be aware Privacy Is Not Confidentiality and Security Is Not PrivacyConclusion
Data Management: The Management of “Stuff”Data GovernanceData Privacy Governance Frameworks Generally Accepted Privacy Principles (GAPP)Privacy by Design Conclusion
Elements of Privacy Engineering DevelopmentPrivacy Policy DevelopmentDesigning a Privacy PolicyEnterprise-Specific Privacy DevelopmentInternal vs. External PoliciesPolicies, Present, and FutureConclusion
Three Example ScenariosPrivacy Requirements EngineeringPrivacy Requirements EngineeringDetermining Data RequirementsConclusion
Enterprise ArchitectureMethodologyStage 1: Project Initiation and Scoping WorkshopStage 2: Develop Use Cases and Class or Data ModelsStage 3: Design an Engineered SolutionStage 4: Complete System DevelopmentStages 5 and 6: Quality Assurance and RolloutConclusion
Privacy Component Context DiagramThe Privacy Component Class ModelPrivacy Component User Interface RequirementsDesign the Privacy Component SolutionDevelop the Privacy Component DesignUsing the System Development Methodology for the Privacy ComponentConclusion
The Runner’s Mobile App Use CaseThe Runner’s App Class or Data ModelThe Runner’s App User Experience RequirementsDesign the App StructureThe Runner’s App System Activity DiagramPrivacy Assessment Using a System Activity DiagramDevelop the Runner’s App Component DesignUsing the System Development MethodologyConclusion
Requirements DefinitionPrivacy Component Class and Data ModelVacation Planner User Interface RequirementsDesign the Vacation Planner SolutionUsing the System Development MethodologyConclusion
Quality AssuranceUsing Frameworks to Create a Privacy Quality Assurance ChecklistPrivacy Concerns During Quality AssuranceResources for Conducting Privacy Impact AssessmentsConclusion
Privacy Responsibilities in Different Parts of the OrganizationPrivacy Awareness and Readiness AssessmentsBuilding the Operational Plan for Privacy Awareness and ReadinessBuilding a Communication and Training Plan for Privacy Awareness and ReadinessConclusion
Organizational Placement and StructureCommon Privacy Engineering RolesChallenges of Bringing Privacy Engineering to the ForefrontBest Practices for Organizational AlignmentBenefits of Data GovernanceBusiness Benefits of AlignmentConclusion
Finding Values for DataValuation ModelsBuilding the Business CaseTurning Talk into ActionConclusion
Where the Future Doesn’t Need UsEven Social Networks (and Their Leaders) Get Cranky When Their Privacy Is CompromisedLet’s Remember How We Got HerePrivacy Is Not a One-Size-Fits-All FormulaInnovation and PrivacySocietal Pressures and PrivacyIt Still Comes Down to Trust and ValueA New Building Code for PrivacyGetting StartedA Privacy Engineer’s ManifestoConclusion
Example Use-Case Format

Overview

"It's our thesis that privacy will be an integral part of the next wave in the technology revolution and that innovators who are emphasizing privacy as an integral part of the product life cycle are on the right track." --The authors of The Privacy Engineer's Manifesto

The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to Value is the first book of its kind, offering industry-proven solutions that go beyond mere theory and adding lucid perspectives on the challenges and opportunities raised with the emerging "personal" information economy.

The authors, a uniquely skilled team of longtime industry experts, detail how you can build privacy into products, processes, applications, and systems. The book offers insight on translating the guiding light of OECD Privacy Guidelines, the Fair Information Practice Principles (FIPPs), Generally Accepted Privacy Principles (GAPP) and Privacy by Design (PbD) into concrete concepts that organizations, software/hardware engineers, and system administrators/owners can understand and apply throughout the product or process life cycle—regardless of development methodology—from inception to retirement, including data deletion and destruction.

In addition to providing practical methods to applying privacy engineering methodologies, the authors detail how to prepare and organize an enterprise or organization to support and manage products, process, systems, and applications that require personal information. The authors also address how to think about and assign value to the personal information assets being protected. Finally, the team of experts offers thoughts about the information revolution that has only just begun, and how we can live in a world of sensors and trillions of data points without losing our ethics or value(s)...and even have a little fun.

The Privacy Engineer's Manifesto is designed to serve multiple stakeholders: Anyone who is involved in designing, developing, deploying and reviewing products, processes, applications, and systems that process personal information, including software/hardware engineers, technical program and product managers, support and sales engineers, system integrators, IT professionals, lawyers, and information privacy and security professionals. This book is a must-read for all practitioners in the personal information economy.

Privacy will be an integral part of the next wave in the technology revolution; innovators who emphasize privacy as an integral part of the product life cycle are on the right track.

Foreword by Dr. Eric Bonabeau, PhD, Chairman, Icosystem, Inc. & Dean of Computational Sciences, Minerva Schools at KGI.

What you'll learn

What's at stake as concerns data privacy become critical considerations for users, developers, and enterprise stakeholders

Comprehensive foundational understanding of the issues and how they are interconnected

What the emerging job description of "privacy engineer" means

Key development models for privacy architecture

How to assemble an engineering privacy tool box (including developing privacy use cases and requirements

Organizational design implications of privacy engineering

Quality Assurance (QA) methodologies for privacy policy compliance

Models for valuing data

The 10-point Manifesto of the Privacy Engineer

Who this book is for

The Privacy Engineer's Manifesto is designed to serve multiple stakeholders: Anyone who is involved in designing, developing, deploying, and reviewing products, processes, applications, and systems that process personal information, including software/hardware engineers, technical program and product managers, support and sales engineers, system integrators, IT professionals, lawyers, and information privacy and security professionals. A must read for all practitioners in the personal information economy.