by Daniel J. Solove
I was fortunate to pick up a copy of The Privacy Engineer’s Manifesto, a new book by Michelle Finneran Dennedy, Jonathan Fox, and Thomas Finneran.
I’ve read a lot of practical “how to” stuff about privacy before that’s vague and not very specific, but this book is so refreshingly detailed, has great depth, and is concrete. It’s a real achievement, and a book that deserves attention.
The book demonstrates how privacy principles get implemented in practice and engineered into products and services. This notion has become known as “Privacy by Design,” a term coined by Ann Cavoukian, the Information and Privacy Commissioner of Ontario, Canada.
One difficulty with many discussions of Privacy by Design is that they are quite vague. They amount to simple epithets to “bake in privacy,” but they provide little by way of practical guidance. And many discussions breeze past the fundamental questions of what privacy is and why it is valuable. This is akin to building without a blueprint, and many attempts to engage in Privacy by Design amount to throwing in a few design elements that provide an appearance that something is being done about privacy. But such attempts often are incomplete and are based on overly narrow conceptions of privacy. Many important issues can be overlooked in this way.
To do Privacy by Design right, one must begin with the fundamental questions. What is privacy? What does it matter? Designing for privacy isn’t haphazardly adding an element or two, but a systematic and thorough consideration of all the dimensions of privacy, not just easy or convenient ones.
What makes The Privacy Engineer’s Manifesto so valuable a book is that it does real justice to Privacy by Design. It addresses the fundamental issues of what privacy is and why it is valuable. Its approach to Privacy by Design is comprehensive. And the book is detailed. Far from a vague call to start building, this book is a true architecture textbook. In addition, the book has concrete examples and applications of its approach. The Privacy Engineer’s Manifesto is immensely useful in thinking about how privacy concepts can be translated into practice
The book has contributions from a group of privacy all-stars, including Annie Antón, Ann Cavoukian, Jay Cline, Peggy Eisenhauer, Ken Mortensen, Jules Polonetsky, Richard Purcell, Peter Swire, and Eduardo Ustaran, among others.
Although the book looks imposing like a software training book, and although it is very detailed and does very serious work, it is also fun, with interesting quotes, diagrams, short essays by contributors, and more. The passion of the authors really comes through. The authors’ love of privacy and technology is genuine, and the book is lively and engaging.
I find that the most enjoyable way to read this book is to jump around to various parts. It is written in a way that various sections can stand alone or be read out of order, and I love being able to go through a book this way. Every time I flip to a new page, there’s something interesting. This is a neat design, one that coheres yet also allows for freedom to graze.
The Privacy Engineer’s Manifesto is packed with useful information. Everyone designing products or services involving personal data should read this book. More broadly, this book should be part of every privacy professional’s library.
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of training on privacy and security topics. This post was originally posted on his blog at LinkedIn, where Solove is an “LinkedIn Influencer.” His blog has more than 600,000 followers.
If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
* Professor Solove’s LinkedIn Influencer blog
* Professor Solove’s Twitter Feed
* Professor Solove’s Newsletter
Please join one or more of Professor Solove’s LinkedIn Discussion Groups:
* Privacy and Data Security
* HIPAA Privacy & Security
* Education Privacy and Data Security