A Privacy Engineering Primer

The practice of Privacy Engineering is not just a matter of formulating privacy rules for engineers. Rather, if data privacy is considered to be a non-functional systems requirement alongside other functional and non-functional objectives, then privacy outcomes can be designed for in a transparent and rational way, integrated with cybersecurity and other risk considerations. "Engineering" after all is the practice of resolving competing demands on complex systems design.

We should not sugarcoat privacy. The politically correct idea that “privacy is good for business” is a bit loose, and can be difficult to quantify and defend in the face of many design demands. Some find this to be an uncomfortable truth, but in reality, privacy is often in tension with usability, cost, cybersecurity, and digital business opportunity. Information systems are increasingly complex and have to manage many stakeholder interests, including privacy.

How do systems designers and security risk management professionals balance these needs?

This interactive workshop will introduce three practical privacy engineering tools.

After a recap of privacy principles and Privacy Impact Assessment methods, the tools will be presented and the audience will participate in the application of the methods to topical real-life challenges arising from Generative AI.

1. Privacy Policy for Design Thinking.

Privacy policies have got a bad rap. They can be dense legal documents, contrived to mask shady data collection practices and cover a company’s backside. But as a statement of intent, drafted by the design team, a privacy policy can dynamically bridge legal, business, engineering and security stakeholders.

We will work through the What, Why, Who, How, Where and When of personal information collection, using a relatable example such as an AI chat bot or another application of the audience’s choosing.

2. Personal Information Flow Mapping.

A graphical tool for systematically flushing out and accounting for all personal information collected, created, used, retained, disclosed and destroyed by an information system. Along the way we will clarify in plain language certain subtleties in “personal information”, “collection”, “use” and “disclosure”.

3. Privacy-informed TRA.

Standard cyber threat & risk assessment examines the Confidentiality, Integrity and Availability of information assets. Here we extend the information asset inventory with privacy factors such as consent, jurisdiction, and openness, resulting in a unified cross-disciplinary risk assessment spanning privacy and security, that helps to build privacy into the formative stages of any large cyber project.