In the early days, there was barely a playbook for privacy governance, and privacy professionals had to make it up as they went along. Today, there is a wealth of wisdom, and it’s being applied to the emerging area of AI.
I’ve been following privacy books for many years, and I’ve created a free resource that includes information about 500+ privacy books over the last 70+ years.
In this post, I’ll briefly discuss some key books on privacy and AI governance. Each has something unique to offer, and I think they all belong on the bookshelves of all privacy and AI governance professionals.
Kenneth A. Bamberger and Deirdre K. Mulligan, Privacy on the Ground: Driving Corporate Behavior in the United States and Europe (2015)
Bamberger and Mulligan conducted an extensive study of privacy professionals in five countries. Through interviews with many privacy professionals, they compare what privacy laws state versus how they are operationalized on the ground. They find that more ambiguous laws lead to stronger compliance programs than more clear and detailed laws.
Michelle Dennedy, Jonathan Fox, and Tom Finneran, The Privacy Engineer’s Manifesto: Getting from Policy to Code to QA to Value (2014)
This book is a practical and intellectual guide to privacy engineering. It is fun to read and has many concrete examples, case studies, and charts and diagrams.
R. Jason Cronk, Strategic Privacy by Design (2018)
Jason Cronk’s book is a comprehensive practical guide to designing for privacy. I must confess I’m somewhat biased because he uses my privacy taxonomy to identify privacy harms to be addressed. His book is superb at providing concrete examples and practical advice. I’m tremendously impressed to see my taxonomic framework transformed into a workable approach that can be implemented internally at organizations.
Dominique Shelton Leipzig, Trust.: Responsible AI, Innovation, Privacy and Data Leadership (2023)
Dominique Shelton Leipzig has spent years studying board-level discussions and thinking, and she shares her knowledge in this terrific book. Addressed to executives and board members of companies, Trust discusses the importance and practicalities of privacy and AI governance. The book shows how to translate privacy and AI governance issues into a language that will resonate with the C-Suite and Board.
Valerie Lyons & Todd Fitzgerald, The Privacy Leader Compass (2024)
This book is a highly detailed guide to privacy governance with short call out essays by many contributors, including me. There is a ton of information packed into this volume, along with many useful figures and diagrams. Although the book is quite dense, I love thumbing through it to stumble upon useful short essays by a cast of leading privacy experts.
Teresa “T” Troester-Falk, So You Got the Privacy Officer Title. Now What? (2025)
Teresa Troester-Falk has decades of experience as a privacy professional, and her book provides clear practical guidance in a succinct and digestible way. She presents the information in lists and charts so the book can be read quickly and used as a reference.
Robert Stribley, Design for Privacy: Keeping Personal Information Private (2025)
A great book on privacy by design that focuses extensively on technological design. The color printing and copious images make the book engaging to read. There are many interesting call outs, including an interesting interview of Harry Brignull who coined the term “dark patterns.” Stribley includes many case studies and practical examples, and I appreciate his engagement with the academic literature. This is a highly practical and sophisticated book.
Shoshana Rosenberg, Practical AI Governance: Building a Program for Oversight and Strategy (2026)
As I wrote in my blurb for this book, “Practical AI Governance is a comprehensive, practical guide for how companies can thoughtfully and responsibly address the complexities of AI. Shoshana Rosenberg writes with passion, experience, and wisdom. This book is essential for any executive or board member that must navigate today’s difficult questions regarding AI.” The book has tremendous detail, rigor, and sophistication.
Amy Worley, The Confidence Advantage: Optimizing Privacy, Cybersecurity and AI Governance for Growth (2026)
Amy Worley’s The Confidence Advantage serves as a succinct and practical guide to data governance. She does a superb job at providing the big picture points concisely. The book is a quick read and is digestible and clear.
H. Jeff Smith, Managing Privacy: Information Technology and Corporate America (1994)
Believe it or not, there’s a book about privacy governance from 1994, and it’s worth reading for more than historical interest. Smith notes that many companies that processed massive quantities of personal data either lacked policies or had them but drifted away from adhering to them over time. This book still has relevance for modern privacy programs, as it demonstrates the difficulties in maintaining rigorous compliance.
Daniel J. Solove & Paul M. Schwartz, Privacy Law Fundamentals (IAPP 7th edition 2024)
Finally, I can’t resist mentioning my own book with Paul Schwartz, Privacy Law Fundamentals (IAPP 7th edition 2024). This is a succinct guide to privacy laws. It is designed to be a handy reference, summarizing privacy law in a concise and digestible manner. It includes key provisions of privacy statutes; leading cases; tables summarizing the statutes; summaries of key state privacy laws; and overviews of various agency enforcement actions.
* * * *
Professor Daniel J. Solove is a law professor at George Washington University Law School. Through his company, TeachPrivacy, he has created the largest library of computer-based privacy and data security training, with more than 180 courses.
Subscribe to Solove’s Free Substack
A supplement to Solove’s regular newsletter with more in-depth discussions
