You are previewing The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to Value.
O'Reilly logo
The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to Value

Book Description

"It's our thesis that privacy will be an integral part of the next wave in the technology revolution and that innovators who are emphasizing privacy as an integral part of the product life cycle are on the right track." --The authors of The Privacy Engineer's Manifesto

The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to Value is the first book of its kind, offering industry-proven solutions that go beyond mere theory and adding lucid perspectives on the challenges and opportunities raised with the emerging "personal" information economy.

The authors, a uniquely skilled team of longtime industry experts, detail how you can build privacy into products, processes, applications, and systems. The book offers insight on translating the guiding light of OECD Privacy Guidelines, the Fair Information Practice Principles (FIPPs), Generally Accepted Privacy Principles (GAPP) and Privacy by Design (PbD) into concrete concepts that organizations, software/hardware engineers, and system administrators/owners can understand and apply throughout the product or process life cycle—regardless of development methodology—from inception to retirement, including data deletion and destruction.

In addition to providing practical methods to applying privacy engineering methodologies, the authors detail how to prepare and organize an enterprise or organization to support and manage products, process, systems, and applications that require personal information. The authors also address how to think about and assign value to the personal information assets being protected. Finally, the team of experts offers thoughts about the information revolution that has only just begun, and how we can live in a world of sensors and trillions of data points without losing our ethics or value(s)...and even have a little fun.

The Privacy Engineer's Manifesto is designed to serve multiple stakeholders: Anyone who is involved in designing, developing, deploying and reviewing products, processes, applications, and systems that process personal information, including software/hardware engineers, technical program and product managers, support and sales engineers, system integrators, IT professionals, lawyers, and information privacy and security professionals. This book is a must-read for all practitioners in the personal information economy.

Privacy will be an integral part of the next wave in the technology revolution; innovators who emphasize privacy as an integral part of the product life cycle are on the right track.

Foreword by Dr. Eric Bonabeau, PhD, Chairman, Icosystem, Inc. & Dean of Computational Sciences, Minerva Schools at KGI.

What you'll learn

  • What's at stake as concerns data privacy become critical considerations for users, developers, and enterprise stakeholders

  • Comprehensive foundational understanding of the issues and how they are interconnected

  • What the emerging job description of "privacy engineer" means

  • Key development models for privacy architecture

  • How to assemble an engineering privacy tool box (including developing privacy use cases and requirements

  • Organizational design implications of privacy engineering

  • Quality Assurance (QA) methodologies for privacy policy compliance

  • Models for valuing data

  • The 10-point Manifesto of the Privacy Engineer

  • Who this book is for

    The Privacy Engineer's Manifesto is designed to serve multiple stakeholders: Anyone who is involved in designing, developing, deploying, and reviewing products, processes, applications, and systems that process personal information, including software/hardware engineers, technical program and product managers, support and sales engineers, system integrators, IT professionals, lawyers, and information privacy and security professionals. A must read for all practitioners in the personal information economy.

    Table of Contents

    1. Title Page
    2. About ApressOpen
    3. Dedication
    4. Contents at a Glance
    5. Contents
    6. About the Authors
    7. About the Technical Reviewers
    8. Acknowledgments
    9. Foreword, with the Zeal of a Convert
    10. Introduction
    11. PART 1: Getting Your Head Around Privacy
      1. CHAPTER 1: Technology Evolution, People, and Privacy
        1. The Relationship Between Information Technology Innovation and Privacy
        2. The Information Age
        3. The Dawning of the Personal Information Service Economy
        4. Conclusion
      2. CHAPTER 2: Foundational Concepts and Frameworks
        1. What Is Privacy?
        2. Privacy Engineering
        3. Personal Information
        4. Privacy
        5. Fair Information Processing Principles and the OECD Guidelines
        6. Other Governance Standards of which to be aware
        7. Privacy Is Not Confidentiality and Security Is Not Privacy
        8. Conclusion
      3. CHAPTER 3: Data and Privacy Governance Concepts
        1. Data Management: The Management of “Stuff”
        2. Data Governance
        3. Data Privacy Governance Frameworks
        4. Generally Accepted Privacy Principles (GAPP)
        5. Privacy by Design
        6. Conclusion
    12. PART 2: The Privacy Engineering Process
      1. CHAPTER 4: Developing Privacy Policies
        1. Elements of Privacy Engineering Development
        2. Privacy Policy Development
        3. Designing a Privacy Policy
        4. Enterprise-Specific Privacy Development
        5. Internal vs. External Policies
        6. Policies, Present, and Future
        7. Conclusion
      2. CHAPTER 5: Developing Privacy Engineering Requirements
        1. Three Example Scenarios
        2. Privacy Requirements Engineering
        3. Privacy Requirements Engineering
        4. Determining Data Requirements
        5. Conclusion
      3. CHAPTER 6: A Privacy Engineering Lifecycle Methodology
        1. Enterprise Architecture
        2. Methodology
        3. Stage 1: Project Initiation and Scoping Workshop
        4. Stage 2: Develop Use Cases and Class or Data Models
        5. Stage 3: Design an Engineered Solution
        6. Stage 4: Complete System Development
        7. Stages 5 and 6: Quality Assurance and Rollout
        8. Conclusion
      4. CHAPTER 7: The Privacy Component App
        1. Privacy Component Context Diagram
        2. The Privacy Component Class Model
        3. Privacy Component User Interface Requirements
        4. Design the Privacy Component Solution
        5. Develop the Privacy Component Design
        6. Using the System Development Methodology for the Privacy Component
        7. Conclusion
      5. CHAPTER 8: A Runner’s Mobile App
        1. The Runner’s Mobile App Use Case
        2. The Runner’s App Class or Data Model
        3. The Runner’s App User Experience Requirements
        4. Design the App Structure
        5. The Runner’s App System Activity Diagram
        6. Privacy Assessment Using a System Activity Diagram
        7. Develop the Runner’s App Component Design
        8. Using the System Development Methodology
        9. Conclusion
      6. CHAPTER 9: Vacation Planner Application
        1. Requirements Definition
        2. Privacy Component Class and Data Model
        3. Vacation Planner User Interface Requirements
        4. Design the Vacation Planner Solution
        5. Using the System Development Methodology
        6. Conclusion
      7. CHAPTER 10: Privacy Engineering and Quality Assurance
        1. Quality Assurance
        2. Using Frameworks to Create a Privacy Quality Assurance Checklist
        3. Privacy Concerns During Quality Assurance
        4. Resources for Conducting Privacy Impact Assessments
        5. Conclusion
    13. PART 3: Organizing for the Privacy Information Age
      1. CHAPTER 11: Engineering Your Organization to Be Privacy Ready
        1. Privacy Responsibilities in Different Parts of the Organization
        2. Privacy Awareness and Readiness Assessments
        3. Building the Operational Plan for Privacy Awareness and Readiness
        4. Building a Communication and Training Plan for Privacy Awareness and Readiness
        5. Conclusion
      2. CHAPTER 12: Organizational Design and Alignment
        1. Organizational Placement and Structure
        2. Common Privacy Engineering Roles
        3. Challenges of Bringing Privacy Engineering to the Forefront
        4. Best Practices for Organizational Alignment
        5. Benefits of Data Governance
        6. Business Benefits of Alignment
        7. Conclusion
    14. PART 4: Where Do We Go from Here?
      1. CHAPTER 13: Value and Metrics for Data Assets
        1. Finding Values for Data
        2. Valuation Models
        3. Building the Business Case
        4. Turning Talk into Action
        5. Conclusion
      2. CHAPTER 14: A Vision of the Future: The Privacy Engineer’s Manifesto
        1. Where the Future Doesn’t Need Us
        2. Even Social Networks (and Their Leaders) Get Cranky When Their Privacy Is Compromised
        3. Let’s Remember How We Got Here
        4. Privacy Is Not a One-Size-Fits-All Formula
        5. Innovation and Privacy
        6. Societal Pressures and Privacy
        7. It Still Comes Down to Trust and Value
        8. A New Building Code for Privacy
        9. Getting Started
        10. A Privacy Engineer’s Manifesto
        11. Conclusion
    15. APPENDIX A: Use-Case Metadata
      1. Example Use-Case Format
    16. APPENDIX B: Meet the Contributors
    17. Index