Why do so many internet applications end up being hit with privacy disasters? Why not make sure they handle personal data properly to begin with? There’s a process for that, and it’s called “privacy engineering”.
Michelle Dennedy is chief privacy officer with information security firm McAfee and, along with a family member and her business partner, is co-author of the book The Privacy Engineer’s Manifesto: Getting from Policy to Code to QA to Value. The ebook is available for free.
As I wrote in my ZDNet Australia column a few days ago:
“Oftentimes what you find is that [privacy] is the realm of the lawyer, or the risk manager if you’re lucky, or maybe the odd finance guy will wander into the cave every now and again,” Dennedy said. “Then you go and you talk to the people who are slinging code, or buying services or software or techniques, or going to the cloud and dreaming up technical stuff, and they say to you, ‘Kinda leave us in our cave over here, and go write your little policies, they’re so cute, and then maybe at the end of it — maybe — you get to write some terms and conditions to get me out of my obligations.'”
You recognise that scenario, right? It’s another of those ethical shortfalls, where the rules that society has agreed to operate by are seen as just another inconvenience to be avoided.
Privacy engineering is the process of turning various policies, from privacy laws to the needs of the business’ plan for data, into something that programmers can work with — indeed. something they’ll want to work with because it’s now an engineering problem. It’s also something that quality assurance (QA) processes can deal with.
This interview was recorded on 6 May 2014 in Sydney, Australia.
Corrupted Nerds: Conversations podcast only via RSS and iTunes.
Corrupted Nerds: Extra podcast only via RSS and iTunes.
All Corrupted Nerds podcasts via RSS, iTunes and SoundCloud.
If you enjoyed this podcast, why not make a tip? Every contribution helps me provide these podcasts for free.
- Michelle Dennedy’s blog at McAfee.
- The Privacy Engineer’s Manifesto: Getting from Policy to Code to QA to Value.
- Unified Modelling Language (UML).
- Carnegie Mellon University’s course Master of Science in Information Technology in Privacy Engineering.
- Wikipedia entry on the sharing economy.
[Photo: Original photo of Michelle Dennedy via BankInfoSecurity.com, not credited. Digital manipulation by Stilgherrian, available for re-use under a Creative Commons Attribution-NoDerivs license (CC BY-ND).]
Conversations 10: Privacy engineering with Michelle Dennedy by Corrupted Nerds is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
Based on a work at http://corruptednerds.com/pod/c00010/