My latest fascination and my passion seems to be “privacy” now! 🙂 I am always fascinated by some new topic or other and I finally have the zeal and zest to learn about privacy and a relatively new field called ‘Privacy Engineering’.
Security slowly developed in the world about 25 – 30 years ago and today it is an accepted fact that it must be incorporated into every stage of the SDLC. Similarly, “privacy” is the new kid in the block and it is slowly gaining momentum as well. Huge amounts of data are being collected at every click of the mouse and all this data is stored and tracked to form insights about every individual. It is quite creepy to learn that an unknown person is tracking our name, age, DOB, our shopping habits, our eating habits, our sleeping habits and more. “Privacy” awareness has risen and more privacy laws have come into existence to curb misuse of private data.
What is ‘Privacy Engineering’?
“Privacy” is always at the intersection of privacy laws and technical controls.
Privacy Engineering is engineering ‘Privacy by design’ principles into different domains of software systems and services such as software development, system design, data science, physical architecture, process design, information technology infrastructure and human-computer interaction/user experience design.
Privacy Engineers have to work cross functionally across different teams to build in privacy and they know a bit of programming, designing, legal aspects and SQL and NoSQL queries as well.
Let us see how Privacy Engineering principles can be enforced in practice:
Data retention: Privacy engineers will try and make sure that data will be retained only for the said time and will be deleted within the said date that is specified by the user(as an example, “Erase my data after 30 days” means that data will be deleted after 30 days)
Data minimization: Privacy engineers will ensure that minimal and only required data is collected at any point of time. For example, if there is a ‘Contact Me’ form, “Name”, “Email” and “Message” are the only required fields and no other fields such as “Phone number” or “Address” are required. This type of data minimization will ensure that data disposal will not be a difficult task later.
Data Subject Requests(DSRs): If a data subject requests a data erasure in a DSR, Privacy engineers ensure that data relating to the data subject is suitably identified across all systems and suitably erased.
The Privacy Engineer also works with designers to root out “dark patterns” which might cause legal challenges in the future.
Given that huge amount is gathered online and they are not used in the proper way, we can understand that “Privacy Engineering” has a bright future ahead.
Do you want to study more about this topic? Carnegie Mellon University in the US might be the only University today that offers a Certificate program in Privacy Engineering… read more about it here:
https://privacy.cs.cmu.edu/privacy-cert/index.html
Have a delightful day spilling only the least amount of data! 🙂
References:
- https://ethyca.com/privacy-engineering-all-you-need-to-know
- https://iapp.org/news/a/privacy-engineering-the-what-why-and-how/