"It's our thesis that privacy will be an integral part of the next wave in the technology revolution and that innovators who are emphasizing privacy as an integral part of the product life cycle are on the right track." --The authors of The Privacy Engineer's Manifesto
The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to Value is the first book of its kind, offering industry-proven solutions that go beyond mere theory and adding lucid perspectives on the challenges and opportunities raised with the emerging "personal" information economy.
The authors, a uniquely skilled team of longtime industry experts, detail how you can build privacy into products, processes, applications, and systems. The book offers insight on translating the guiding light of OECD Privacy Guidelines, the Fair Information Practice Principles (FIPPs), Generally Accepted Privacy Principles (GAPP) and Privacy by Design (PbD) into concrete concepts that organizations, software/hardware engineers,and system administrators/owners can understand and apply throughout the product or process life cycle—regardless of development methodology—from inception to retirement, including data deletion and destruction.
In addition to providing practical methods to applying privacy engineering methodologies, the authors detail how to prepare and organize an enterprise or organization to support and manage products, process, systems, and applications that require personal information. The authors also address how to think about and assign value to the personal information assets being protected. Finally, the team of experts offers thoughts about the information revolution that has only just begun, and how we can live in a world of sensors and trillions of data points without losing our ethics or value(s)...and even have a little fun.
The Privacy Engineer's Manifesto is designed to serve multiple stakeholders: Anyone who is involved in designing, developing, deploying and reviewing products, processes, applications, and systems that process personal information, including software/hardware engineers, technical program and product managers, support and sales engineers, system integrators, IT professionals, lawyers, and information privacy and security professionals. This book is a must-read for all practitioners in the personal information economy.
Privacy will be an integral part of the next wave in the technology revolution; innovators who emphasize privacy as an integral part of the product life cycle are on the right track.
Conditions of Use
This book is licensed under a Creative Commons License (CC BY). You can download the ebook The Privacy Engineer's Manifesto for free.
- Title
- The Privacy Engineer's Manifesto
- Subtitle
- Getting from Policy to Code to QA to Value
- Publisher
- Apress
- Author(s)
- Jonathan Fox, Michelle Dennedy, Tom Finneran
- Published
- 2014-01-27
- Edition
- 1
- Format
- eBook (pdf, epub, mobi)
- Pages
- 436
- Language
- English
- ISBN-10
- 1430263555
- ISBN-13
- 9781430263562
- License
- CC BY
- Book Homepage
- Free eBook, Errata, Code, Solutions, etc.
Cover
Title
Copyright
About ApressOpen
Dedication
Contents at a Glance
Contents
About the Authors
About the Technical Reviewers
Acknowledgments
Foreword, with the Zeal of a Convert
Introduction
PART 1: Getting Your Head Around Privacy
CHAPTER 1: Technology Evolution, People, and Privacy
The Relationship Between Information Technology Innovation and Privacy
The Information Age
The Firewall Stage
The Net Stage
The Extranet Stage
Access Stage
The Intelligence Stage
The Dawning of the Personal Information Service Economy
Data-Centric and Person-Centric Processing
Conclusion
CHAPTER 2: Foundational Concepts and Frameworks
What Is Privacy?
Privacy Engineering
Personal Information
Privacy
An Operational Definition of Privacy
Fair Information Processing Principles and the OECD Guidelines
Collection Limitation Principle
Data Quality Principle
Purpose Specification Principle
Use Limitation Principle
Security Safeguards Principle
Openness Principle
Individual Participation Principle
Accountability Principle
Other Governance Standards of which to be aware
Privacy Is Not Confidentiality and Security Is Not Privacy
Confidentiality ≠ Privacy
Security ≠ Privacy
The Overlaps
The Disconnects
Conclusion
CHAPTER 3: Data and Privacy Governance Concepts
Data Management: The Management of “Stuff”
Data Governance
Benefits of Data Governance
The Privacy and Data Governance/Stewardship Connection
Data Privacy Governance Frameworks
Generally Accepted Privacy Principles (GAPP)
Impact of Frameworks on the Privacy Engineer
Frameworks Are Not the Same as Laws
Privacy by Design
How Privacy Engineering and Privacy by Design work Together
Conclusion
PART 2: The Privacy Engineering Process
CHAPTER 4: Developing Privacy Policies
Elements of Privacy Engineering Development
Privacy Policy Development
What Is a Good Policy?
Designing a Privacy Policy
What Should Be Included in a Privacy Policy?
General-Level Privacy Policy Development
Enterprise-Specific Privacy Development
Internal vs. External Policies
Policies, Present, and Future
Conclusion
CHAPTER 5: Developing Privacy Engineering Requirements
Three Example Scenarios
Example Scenario 1: The Privacy Component
Example Scenario 2: A Runner’s App
Example Scenario 3: Hospitality Vacation Planner
Privacy Requirements Engineering
Privacy Requirements Engineering
Use Cases: A Tool for Requirements Gathering
Use Cases within Privacy Engineering
Privacy Requirements Derived from Privacy Frameworks
Develop Privacy Requirement Use Cases
The Privacy Engineer’s Use of Use Case Metadata
Determining Data Requirements
How Does the Distribution Channel Impact Privacy Engineering Requirements?
Conclusion
CHAPTER 6: A Privacy Engineering Lifecycle Methodology
Enterprise Architecture
Architectural Views
Solution Architecture
Develop Procedures, Processes, and Mechanisms
Methodology
System Engineering Lifecycle
The Use of Models within the Methodology
Stage 1: Project Initiation and Scoping Workshop
Project Initiation Defines Project Processes
Requirements Definition Within the Scoping Workshop
Stage 2: Develop Use Cases and Class or Data Models
Develop Business Activity Diagrams
Defining Business and Privacy Data Classes
Using the Unified Modeling Language Class Model as a Data Model
Example: Privacy Component Class Model
Data Modeling Steps
Stage 3: Design an Engineered Solution
User Interface Design
User Interface Prototype
Component Design
Example: Privacy Component
Privacy Rules
Develop a System Activity Diagram
Dynamic Modeling
Define Service Components and Supporting Metadata
Stage 4: Complete System Development
Stages 5 and 6: Quality Assurance and Rollout
Develop and Execute Test Cases
Conclusion
CHAPTER 7: The Privacy Component App
Privacy Component Context Diagram
Use Case Requirements to Build a “Privacy Component”
The Privacy Component Class Model
Developing the Unified Modeling Language Class Model
Privacy Component User Interface Requirements
Design the Privacy Component Solution
The Privacy Component Solution Architecture
The Privacy Component Class Structure
Privacy Component System Activity Diagram
Privacy Assessment Using the System Activity Diagram
Develop the Privacy Component Design
Using the System Development Methodology for the Privacy Component
Conclusion
CHAPTER 8: A Runner’s Mobile App
The Runner’s Mobile App Use Case
The Runner’s App Class or Data Model
The Runner’s App User Experience Requirements
Design the App Structure
The Runner’s App System Activity Diagram
Privacy Assessment Using a System Activity Diagram
Develop the Runner’s App Component Design
Using the System Development Methodology
Conclusion
CHAPTER 9: Vacation Planner Application
Requirements Definition
Use Case Metadata for Hospitality Vacation Planner Enterprise Application
Develop Business Activity Diagrams
Privacy Component Class and Data Model
Vacation Planner User Interface Requirements
Design the Vacation Planner Solution
The Vacation Planner Solution Architecture
The Vacation Planner Component Architecture Structure
Develop System Activity Diagrams
Dynamic Modeling
Define Service Components and Supporting Metadata
Using the System Development Methodology
Conclusion
CHAPTER 10: Privacy Engineering and Quality Assurance
Quality Assurance
Using Frameworks to Create a Privacy Quality Assurance Checklist
Purpose
Notice
Choice or Consent
Transfer
Access, Correction, or Deletion
Security
Minimization
Proportionality
Retention
Act Responsibly
Privacy Concerns During Quality Assurance
Vector 1: Managing Privacy During Quality Assurance
Vector 2: Privacy Impact Assessment: A Validation Tool
Who Is Usually Involved in a PIA?
What Should a Privacy Impact Assessment Document Contain?
Vector 3: The Importance and Value of Privacy Impact Assessment to Key Stakeholders
Resources for Conducting Privacy Impact Assessments
Conclusion
PART 3: Organizing for the Privacy Information Age
CHAPTER 11: Engineering Your Organization to Be Privacy Ready
Privacy Responsibilities in Different Parts of the Organization
Privacy Awareness and Readiness Assessments
Define Existing Systems and Processes
Consider the Context
Skills Assessment
Building the Operational Plan for Privacy Awareness and Readiness
Building a Communication and Training Plan for Privacy Awareness and Readiness
Communicating
Internal Communications
External Communication
A Word About What Are Usually Important, but Boring Words
Monitoring and Adapting the Strategy
Conclusion
CHAPTER 12: Organizational Design and Alignment
Organizational Placement and Structure
Horizontal Privacy Team: Pros
Horizontal Privacy Teams: Cons
Common Privacy Engineering Roles
Challenges of Bringing Privacy Engineering to the Forefront
Expanding Executive Management Support
Spreading Awareness and Gaining Cultural Acceptance
Extending Your Reach with Limited Resources
Creating Alliances
Expanding the Scope of Data Governance
Remaining Productive Amid Competing Priorities and Demands
Best Practices for Organizational Alignment
Aligning with Information Technology and Information Security
Aligning with Data Governance Functions
Benefits of Data Governance
Business Benefits of Alignment
Other Benefits
Conclusion
PART 4: Where Do We Go from Here?
CHAPTER 13: Value and Metrics for Data Assets
Finding Values for Data
Valuation Models
Model 1
Model 2
Model 3
Model 4
Model 5
Building the Business Case
Turning Talk into Action
Conclusion
CHAPTER 14: A Vision of the Future: The Privacy Engineer’s Manifesto
Where the Future Doesn’t Need Us
Even Social Networks (and Their Leaders) Get Cranky When Their Privacy Is Compromised
Let’s Remember How We Got Here
Privacy Is Not a One-Size-Fits-All Formula
Innovation and Privacy
Societal Pressures and Privacy
It Still Comes Down to Trust and Value
A New Building Code for Privacy
Getting Started
A Privacy Engineer’s Manifesto
Conclusion
APPENDIX A: Use-Case Metadata
Example Use-Case Format
APPENDIX B: Meet the Contributors
Index
