Cover Image

The Privacy Engineer's Manifesto : Getting from Policy to Code to QA to Value.

Bibliographic Details
Main Author: Dennedy, Michelle.
Other Authors: Fox, Jonathan., Finneran, Tom.
Format: eBook
Language:English
Published: Berkeley, CA : Apress L. P., 2014.
Edition:1st ed.
Subjects:
Electronic books.
Online Access:Click to View
Table of Contents:
  • Intro
  • Contents at a Glance
  • Contents
  • About the Authors
  • About the Technical Reviewers
  • Acknowledgments
  • Foreword, with the Zeal of a Convert
  • Part1: Getting Your Head Around Privacy
  • Chapter 1: Technology Evolution, People, and Privacy
  • The Relationship Between Information Technology Innovation and Privacy
  • The Information Age
  • The Firewall Stage
  • The Net Stage
  • The Extranet Stage
  • Access Stage
  • The Intelligence Stage
  • The Dawning of the Personal Information Service Economy
  • Data-Centric and Person-Centric Processing
  • Conclusion
  • Chapter 2: Foundational Concepts and Frameworks
  • What Is Privacy?
  • Privacy Engineering
  • Personal Information
  • Privacy
  • An Operational Definition of Privacy
  • Processing of Personal Information
  • Authorized
  • Fair and Legitimate
  • Fair Information Processing Principles and the OECD Guidelines
  • Collection Limitation Principle
  • Data Quality Principle
  • Purpose Specification Principle
  • Use Limitation Principle
  • Security Safeguards Principle
  • Openness Principle
  • Individual Participation Principle
  • Accountability Principle
  • Other Governance Standards of which to be aware
  • Privacy Is Not Confidentiality and Security Is Not Privacy
  • Confidentiality ≠ Privacy
  • Security ≠ Privacy
  • The Overlaps
  • The Disconnects
  • Conclusion
  • Chapter 3: Data and Privacy Governance Concepts
  • Data Management: The Management of "Stuff"
  • Data Governance
  • Benefits of Data Governance
  • The Privacy and Data Governance/Stewardship Connection
  • Data Privacy Governance Frameworks
  • Generally Accepted Privacy Principles (GAPP)
  • Impact of Frameworks on the Privacy Engineer
  • Frameworks Are Not the Same as Laws
  • Privacy by Design
  • How Privacy Engineering and Privacy by Design work Together
  • Conclusion
  • Part2: The Privacy Engineering Process.
  • Chapter 4: Developing Privacy Policies
  • Elements of Privacy Engineering Development
  • Privacy Policy Development
  • What Is a Good Policy?
  • Designing a Privacy Policy
  • What Should Be Included in a Privacy Policy?
  • General-Level Privacy Policy Development
  • Enterprise-Specific Privacy Development
  • Internal vs. External Policies
  • Policies, Present, and Future
  • Conclusion
  • Chapter 5: Developing Privacy Engineering Requirements
  • Three Example Scenarios
  • Example Scenario 1: The Privacy Component
  • Example Scenario 2: A Runner's App
  • Example Scenario 3: Hospitality Vacation Planner
  • Privacy Requirements Engineering
  • Privacy Requirements Engineering
  • Use Cases: A Tool for Requirements Gathering
  • Use Cases within Privacy Engineering
  • Privacy Requirements Derived from Privacy Frameworks
  • Develop Privacy Requirement Use Cases
  • Use Case Metadata
  • Use Case Metadata Model
  • The Privacy Engineer's Use of Use Case Metadata
  • Determining Data Requirements
  • How Does the Distribution Channel Impact Privacy Engineering Requirements?
  • Cloud Privacy Requirements
  • Conclusion
  • Chapter 6: A Privacy Engineering Lifecycle Methodology
  • Enterprise Architecture
  • Architectural Views
  • Solution Architecture
  • Develop Procedures, Processes, and Mechanisms
  • Methodology
  • System Engineering Lifecycle
  • The Use of Models within the Methodology
  • Stage 1: Project Initiation and Scoping Workshop
  • Project Initiation Defines Project Processes
  • Requirements Definition Within the Scoping Workshop
  • Scoping Deliverables
  • Stage 2: Develop Use Cases and Class or Data Models
  • Develop Business Activity Diagrams
  • Using the Business Activity Diagram for Privacy Assessment
  • Defining Business and Privacy Data Classes
  • Using the Unified Modeling Language Class Model as a Data Model
  • Example: Privacy Component Class Model.
  • Data Modeling Steps
  • Stage 3: Design an Engineered Solution
  • User Interface Design
  • Basic User Interface Design Steps
  • Mapping Business Class Objects to System and Technology Objects
  • Prototyping Caveats
  • User Interface Prototype
  • Component Design
  • What Is Component Architecture?
  • Example: Privacy Component
  • Privacy Rules
  • Develop a System Activity Diagram
  • Dynamic Modeling
  • Define Service Components and Supporting Metadata
  • Privacy Enabling Technologies
  • Stage 4: Complete System Development
  • Stages 5 and 6: Quality Assurance and Rollout
  • Develop and Execute Test Cases
  • Testing and Rollout Deliverables
  • Knowledge Transfer
  • Conclusion
  • Chapter 7: The Privacy Component App
  • Privacy Component Context Diagram
  • Use Case Requirements to Build a "Privacy Component"
  • The Privacy Component Class Model
  • Developing the Unified Modeling Language Class Model
  • Privacy Component User Interface Requirements
  • Design the Privacy Component Solution
  • The Privacy Component Solution Architecture
  • The Privacy Component Class Structure
  • Privacy Component System Activity Diagram
  • Privacy Assessment Using the System Activity Diagram
  • Develop the Privacy Component Design
  • Using the System Development Methodology for the Privacy Component
  • Conclusion
  • Chapter 8: A Runner's Mobile App
  • The Runner's Mobile App Use Case
  • The Runner's App Class or Data Model
  • The Runner's App User Experience Requirements
  • Design the App Structure
  • The Runner's App System Activity Diagram
  • Privacy Assessment Using a System Activity Diagram
  • Develop the Runner's App Component Design
  • Using the System Development Methodology
  • Conclusion
  • Chapter 9: Vacation Planner Application
  • Requirements Definition
  • Use Case Metadata for Hospitality Vacation Planner Enterprise Application.
  • Develop Business Activity Diagrams
  • Business Activity Diagram for Scenario 3: Vacation Planning
  • Activity Diagram Used as a Part of Privacy Assessment
  • Privacy Component Class and Data Model
  • Vacation Planner User Interface Requirements
  • Design the Vacation Planner Solution
  • The Vacation Planner Solution Architecture
  • The Vacation Planner Component Architecture Structure
  • Develop System Activity Diagrams
  • Dynamic Modeling
  • Define Service Components and Supporting Metadata
  • Using the System Development Methodology
  • Conclusion
  • Chapter 10: Privacy Engineering and Quality Assurance
  • Quality Assurance
  • Using Frameworks to Create a Privacy Quality Assurance Checklist
  • Purpose
  • Notice
  • Choice or Consent
  • Transfer
  • Access, Correction, or Deletion
  • Security
  • Minimization
  • Proportionality
  • Retention
  • Act Responsibly
  • Privacy Concerns During Quality Assurance
  • Vector 1: Managing Privacy During Quality Assurance
  • Vector 2: Privacy Impact Assessment: A Validation Tool
  • Who Is Usually Involved in a PIA?
  • What Should a Privacy Impact Assessment Document Contain?
  • Vector 3: The Importance and Value of Privacy Impact Assessment to Key Stakeholders
  • Resources for Conducting Privacy Impact Assessments
  • Conclusion
  • Part3: Organizing for the Privacy Information Age
  • Chapter 11: Engineering Your Organization to Be Privacy Ready
  • Privacy Responsibilities in Different Parts of the Organization
  • Privacy Awareness and Readiness Assessments
  • Define Existing Systems and Processes
  • Consider the Context
  • Skills Assessment
  • Building the Operational Plan for Privacy Awareness and Readiness
  • Building a Communication and Training Plan for Privacy Awareness and Readiness
  • Communicating
  • Internal Communications
  • External Communication
  • A Word About What Are Usually Important, but Boring Words.
  • Monitoring and Adapting the Strategy
  • Conclusion
  • Chapter 12: Organizational Design and Alignment
  • Organizational Placement and Structure
  • Horizontal Privacy Team: Pros
  • Horizontal Privacy Teams: Cons
  • Common Privacy Engineering Roles
  • Challenges of Bringing Privacy Engineering to the Forefront
  • Expanding Executive Management Support
  • Spreading Awareness and Gaining Cultural Acceptance
  • Extending Your Reach with Limited Resources
  • Creating Alliances
  • Expanding the Scope of Data Governance
  • Remaining Productive Amid Competing Priorities and Demands
  • Best Practices for Organizational Alignment
  • Aligning with Information Technology and Information Security
  • Aligning with Data Governance Functions
  • Benefits of Data Governance
  • Business Benefits of Alignment
  • Other Benefits
  • Conclusion
  • Part4: Where Do We Go from Here?
  • Chapter 13: Value and Metrics for Data Assets
  • Finding Values for Data
  • Valuation Models
  • Model 1
  • Model 2
  • Model 3
  • Model 4
  • Model 5
  • Building the Business Case
  • Turning Talk into Action
  • Conclusion
  • Chapter 14: A Vision of the Future: The Privacy Engineer's Manifesto
  • Where the Future Doesn't Need Us
  • Even Social Networks (and Their Leaders) Get Cranky When Their Privacy Is Compromised
  • Let's Remember How We Got Here
  • Privacy Is Not a One-Size-Fits-All Formula
  • Innovation and Privacy
  • Societal Pressures and Privacy
  • It Still Comes Down to Trust and Value
  • A New Building Code for Privacy
  • Getting Started
  • A Privacy Engineer's Manifesto
  • Conclusion
  • Appendix A: Use-Case Metadata
  • Example Use-Case Format
  • Appendix B: Meet the Contributors
  • Index.

Similar Items