The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to Value

The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to Value is the first book of its kind, offering industry-proven solutions that go beyond mere theory and adding lucid perspectives on the challenges and opportunities raised with the emerging “personal” information economy.

The authors, a uniquely skilled team of longtime industry experts, detail how you can build privacy into products, processes, applications, and systems. The book offers insight on translating the guiding light of OECD Privacy Guidelines, the Fair Information Practice Principles (FIPPs), Generally Accepted Privacy Principles (GAPP) and Privacy by Design (PbD) into concrete concepts that organizations, software/hardware engineers, and system administrators/owners can understand and apply throughout the product or process life cycle—regardless of development methodology—from inception to retirement, including data deletion and destruction.

In addition to providing practical methods to applying privacy engineering methodologies, the authors detail how to prepare and organize an enterprise or organization to support and manage products, process, systems, and applications that require personal information. The authors also address how to think about and assign value to the personal information assets being protected. Finally, the team of experts offers thoughts about the information revolution that has only just begun, and how we can live in a world of sensors and trillions of data points without losing our ethics or value(s)...and even have a little fun.

The Privacy Engineer's Manifesto is designed to serve multiple stakeholders: Anyone who is involved in designing, developing, deploying and reviewing products, processes, applications, and systems that process personal information, including software/hardware engineers, technical program and product managers, support and sales engineers, system integrators, IT professionals, lawyers, and information privacy and security professionals. This book is a must-read for all practitioners in the personal information economy.

Privacy will be an integral part of the next wave in the technology revolution; innovators who emphasize privacy as an integral part of the product life cycle are on the right track.

Foreword by Dr. Eric Bonabeau, PhD, Chairman, Icosystem, Inc. & Dean of Computational Sciences, Minerva Schools at KGI.

What you’ll learn

• What's at stake as concerns data privacy become critical considerations for users, developers, and enterprise stakeholders
• Comprehensive foundational understanding of the issues and how they are interconnected
• What the emerging job description of "privacy engineer" means
• Key development models for privacy architecture
• How to assemble an engineering privacy tool box (including developing privacy use cases and requirements
• Organizational design implications of privacy engineering
• Quality Assurance (QA) methodologies for privacy policy compliance
• Models for valuing data
• The 10-point Manifesto of the Privacy Engineer

Who this book is for

The Privacy Engineer's Manifesto is designed to serve multiple stakeholders: Anyone who is involved in designing, developing, deploying, and reviewing products, processes, applications, and systems that process personal information, including software/hardware engineers, technical program and product managers, support and sales engineers, system integrators, IT professionals, lawyers, and information privacy and security professionals. A must read for all practitioners in the personal information economy.

About the Authors

Michelle currently serves as McAfee's Chief Privacy Officer where she is responsible for the development and implementation of McAfee's data privacy policies and practices, working across business groups to drive data privacy excellence across the security continuum. Before coming to McAfee, Michelle founded The iDennedy Project, a public service organization to address privacy needs in sensitive populations, such as children and the elderly, and emerging technology paradigms. Michelle is also a founder and editor in chief of a new media site—theIdentityProject.com—that was started as an advocacy and education site, currently focused on the growing crime of Child ID theft.

Michelle was the Vice President for Security & Privacy Solutions for the Oracle Corporation. Before the Oracle acquisition of Sun, Michelle was Chief Data Governance Officer within the Cloud Computing division at Sun Microsystems, Inc. Michelle also served as Sun's Chief Privacy Officer.

Michelle has a JD from Fordham University School of Law and a BS degree with university honors from The Ohio State University. In 2009, she was awarded the Goodwin Procter-IAPP Vanguard award for lifetime achievement and the EWF - CSO Magazine Woman of Influence award for work in the privacy and security fields. In 2012, she was recognized by the National Diversity Council as one of California's Most Powerful & Influential Women.

Jonathan Fox is the Global Director of Data Privacy at McAfee. Previous to McAfee, he was the Worldwide Director of Privacy at eBay Inc., and before that, Deputy Chief Privacy Officer at Sun Microsystems, Inc. Jonathan's principal areas of focus are product development, behavioral advertising, training, mobile applications, data licensing, government relations, social shopping, quality assurance, and mergers and acquisitions. He has worked closely with marketing, information security, engineering, internal audit, professional services, technical support, and cloud teams to establish policies and operate programs to ensure the protection of customer and employee personal information. He is a Certified Information Privacy Professional (CIPP/US), a Certified Information Privacy Manager (CIPM), and was a Certified Information Security Manager (CISM). He is on the International Association of Privacy Professional's Certification Advisory Board. His prior roles have included Editor-in-Chief of sun.com, business development manager for a new media startup, senior manager of electronic and intellectual property licensing for Random House, and Program Delivery Manager for the Oracle Developer's Programme. He is a graduate of Columbia University. He regularly speaks at industry events on privacy issues.

Thomas R. Finneran is a principal consultant for the IDennedy Project. He has proposed an approach to use the Organization for the Advancement of Structured Information Standards (OASIS) UML Standard for privacy analysis. He was a consultant for over 25 years for CIBER, Inc. He has acquired over 25 years of experience in the field of information technology. His strengths include enterprise (including data, information, knowledge, business, and application) architecture, business and data analysis, UML object analysis and design, logical data modeling, database systems design and analysis, information resource management methodologies, CASE and metadata repository tools, project management, and computer law. He is experienced in almost all application system areas, including real-time data collection systems, inventory control, sales and order processing, personnel, all types of financial systems, the use of expert systems, and project management systems. He has developed and taught training courses in the areas of use cases, relational concepts, strategic data planning, logical data modeling, and the utilization of CASE tools, among others. He is also an experienced intellectual property patent lawyer. For various companies, he has held such titles as director, MIS; manager, corporate data strategy; manager, data administration; managing consultant; manager, standards and education; and systems designer. These companies include the Standard Oil Company, Corning Glass Works, ITT, ADR, and the U.S. Navy. In addition, he was vice president and general counsel of TOMARK, Inc., the developer of the highly successful ABEND-AID software package. He has a bachelor of arts (Ohio State University), a master's of business administration (Roosevelt University), and a juris doctor's degree (Cleveland State). He is a member of the bar of the U.S. Supreme Court and a member of the bar of Ohio, New Jersey, Connecticut and a member of the Patent Bar.