2014 - A Privacy Engineer’s Manifesto - Michelle Dennedy, Jonathan Fox & Tom Finneran
We’d like to leave you with a manifesto that provides some guiding principles for you as a privacy engineer. These principles are an attempt to illuminate a belief system in which the seemingly opposing motives of creating corporate profit and respecting individual privacy can live in harmony. Here you may find a meeting grounds that enables both your organization and your customers to profit—each in their own ways.
1. Data about people is valuable in and of itself.
Data provide commercial value to businesses in addition to their inherent value from a personal perspective. They also provide value as an exchange or a unique identifier to build social connections. A privacy engineer understands this principle as bedrock and strives to find innovative ways to extend the value of data while protecting their inherent value.
2. A privacy engineer needs more than just technical skills to protect and extend the value of data.
The inherent value of data that is attained from or attributable to human beings requires a number of different perspectives and skill sets to be effective. The privacy engineer, as a modern renaissance type discipline, views personal data through legal, creative, and personal lenses.
3. A privacy engineer draws from artistic creativity and expression to innovate and communicate.
Beyond learning from sister disciplines to add to the known world of technology, the privacy engineer seeks to create simplicity, clarity, and beauty to engage and inform users and owners of systems. The tools of engagement can use sound, taste, touch, sight, smell, intuition, or any other artistic medium. Technologies, policies, laws, organization, and metric modalities all have interfaces. Effective interfaces can be engaging, challenging, educational, elegant, emotive, and even beautiful where innovation meets art.
4. A privacy engineer learns from, but disregards, the failures of the past.
While building on past successes as well as the remnants of previous attempts at success, a privacy engineer closely regards and incorporates existing tools, policies, and frameworks as scaffolding to create something wonderful. (Borrowed heavily from Intel founder Bob Noyes.) A privacy engineer strives to map and develop data systems in a scientific fashion in order to create new or improved means of delivering value to all parties who have a vested interest in the data.
5. We are all privacy engineers.
We all possess or are the subject of PI and have a vested interest in protecting it. Some of us have occasion to operate as “professional privacy engineers,” but all of us at least operate as “citizen privacy engineers” when we act as stewards of our own PI and the PI of others.
6. For the privacy engineer, with the mantra to innovate comes the mantra to do no harm.
The privacy engineer’s goal should be to harness the inherent value of data and innovate to create additional value. But the most basic requirement for the privacy engineer is to do no harm and to plan to eliminate as much secondary or unanticipated harm as possible.
7. Innovation and complexity need not be the adversary of privacy engineering, although failure of imagination may be.
What is not thought of cannot be recognized and therefore cannot be managed. Failures of imagination are thus the biggest enemy of the privacy engineer. Failure to imagine a new possibility means that a value creating opportunity or a risk mitigation opportunity has been missed.
8. The privacy engineer must be able to understand, calculate, mitigate, and accept risk.
The privacy engineer cannot ignore risk or fall prey to the idea that it can be completely eliminated. By embracing both risk and value, the privacy engineer can strive to find solutions that deliver maximum value at an acceptable risk level to the organization and the individual.
9. Privacy engineering happens inside and outside of code.
Coding, building systems, and the business processes that support the product lifecycle are critical. A foundation of privacy principles and operational business processes can support development of products that promote privacy. At the same time, the individual doing the developing may see opportunities for innovation that can only be envisioned by one who is at the proverbial drawing board.
10. A privacy engineer needs to differentiate between bad ideas and bad implementations.
A bad idea is one that goes against privacy principles or lacks sound judgment about using and protecting PI. A bad implementation is when the design goal is sound but the implementation is not due to poor usability, unmitigated risks, or an approach that weakens the bond of trust with users. In the latter scenario, a bad implementation that may harm data privacy may be rearchitected or protected in another layered fashion, whereas, in the former, a bad idea should be acknowledged and quickly ended before damage is done.
Michelle Finneran Dennedy VP, Chief Privacy Officer, McAfee.
Michelle currently serves as McAfee’s Chief Privacy Officer where she is responsible for the development and implementation of McAfee’s data privacy policies and practices, working across business groups to drive data privacy excellence across the security continuum. Before coming to McAfee, Michelle founded The iDennedy Project, a public service organization to address privacy needs in sensitive populations, such as children and the elderly, and emerging technology paradigms. Michelle is also a founder and editor in chief of a new media site—theIdentityProject.com—that was started as an advocacy and education site, currently focused on the growing crime of Child ID theft. Michelle was the Vice President for Security & Privacy Solutions for the Oracle Corporation. Before the Oracle acquisition of Sun, Michelle was Chief Data Governance Officer within the Cloud Computing division at Sun Microsystems, Inc. Michelle also served as Sun’s Chief Privacy Officer. Michelle has a JD from Fordham University School of Law and a BS degree with university honors from The Ohio State University. In 2009, she was awarded the Goodwin Procter-IAPP Vanguard award for lifetime achievement and the EWF – CSO Magazine Woman of Influence award for work in the privacy and security fields. In 2012, she was recognized by the National Diversity Council as one of California’s Most Powerful & Influential Women.
Jonathan Fox is the Global Director of Data Privacy at McAfee.
Previous to McAfee, he was the Worldwide Director of Privacy at eBay Inc., and before that, Deputy Chief Privacy Officer at Sun Microsystems, Inc. Jonathan’s principal areas of focus are product development, behavioral advertising, training, mobile applications, data licensing, government relations, social shopping, quality assurance, and mergers and acquisitions. He has worked closely with marketing, information security, engineering, internal audit, professional services, technical support, and cloud teams to establish policies and operate programs to ensure the protection of customer and employee personal information. He is a Certified Information Privacy Professional (CIPP/US), a Certified Information Privacy Manager (CIPM), and was a Certified Information Security Manager (CISM). He is on the International Association of Privacy Professional’s Certification Advisory Board. His prior roles have included Editor-in-Chief of sun.com, business development manager for a new media startup, senior manager of electronic and intellectual property licensing for Random House, and Program Delivery Manager for the Oracle Developer’s Programme. He is a graduate of Columbia University. He regularly speaks at industry events on privacy issues.His writing credits include:THE CIO AND THE CPO — A VISION FOR TEAMWORK AND SUCCESS, Sun Microsystems, 2006ESTABLISHING A PRIVACY OFFICE, Sun Microsystems, 2007PRIVACY IN THE PARTICIPATION AGE, Sun Microsystems, Inc., 2008
Thomas R. Finneran is a principal consultant for the IDennedy Project.
He has proposed an approach to use the Organization for the Advancement of Structured Information Standards (OASIS) UML Standard for privacy analysis. He was a consultant for over 25 years for CIBER, Inc. He has acquired over 25 years of experience in the field of information technology. His strengths include enterprise (including data, information, knowledge, business, and application) architecture, business and data analysis, UML object analysis and design, logical data modeling, database systems design and analysis, information resource management methodologies, CASE and metadata repository tools, project management, and computer law. He is experienced in almost all application system areas, including real-time data collection systems, inventory control, sales and order processing, personnel, all types of financial systems, the use of expert systems, and project management systems. He has developed and taught training courses in the areas of use cases, relational concepts, strategic data planning, logical data modeling, and the utilization of CASE tools, among others. He is also an experienced intellectual property patent lawyer. For various companies, he has held such titles as director, MIS; manager, corporate data strategy; manager, data administration; managing consultant; manager, standards and education; and systems designer. These companies include the Standard Oil Company, Corning Glass Works, ITT, ADR, and the U.S. Navy. In addition, he was vice president and general counsel of TOMARK, Inc., the developer of the highly successful ABEND-AID software package. He has a bachelor of arts (Ohio State University), a master’s of business administration (Roosevelt University), and a juris doctor’s degree (Cleveland State). He is a member of the bar of the U.S. Supreme Court and a member of the bar of Ohio, New Jersey, Connecticut and a member of the Patent Bar. His published papers include:Enterprise Architecture: What and Why (www.tdan.com/i007ht03.htm); Enterprise Architecture: The What’s and How’s (www.tdan.com/i018ht02.htm); A Component-Based Knowledge Management System (www.tdan.com/i009hy04.htm); A Best Practices Assessment (www.tdan.com/i012ht04.htm); E-Biz Metrics (www.tdan.com/i014hy03.htm); Doing .Net Right: Looking at the Critical Success Factors (www.tdan.com/i020hy04.htm); “Data Deliverables”, Database Management (Auerbach Press) (1990);“Business Analysis for Database Design” (Datamation, Nov. 1977)
Michelle Dennedy, Jonathan Fox & Tom Finneran (2014). About the Authors. In The Privacy Engineer’s Manifesto Getting from Policy to Code to QA to Value (pp. xvii-xix). Berkeley: Apress Disponible en: https://link.springer.com/book/10.1007/978-1-4302-6356-2#toc
Primera edición: Michelle Dennedy, Jonathan Fox & Tom Finneran (2014). A Privacy Engineer’s Manifesto. In The Privacy Engineer’s Manifesto Getting from Policy to Code to QA to Value (pp. 315-317). Berkeley: Apress.