Privacy engineering (and engineers) are hot!
Privacy engineering has emerged as a vital function for almost every business. Privacy engineers can bridge the gap between legal and technology teams to deliver privacy enhancing and legal compliant processes, products and services. This emerging field is interesting – includes a variety of activities, most focused on embedding privacy into systems but also requiring the ability to operate successfully in an cross-functional role.
And privacy engineers are in high demand!
Here’s some information that might be helpful if you’re thinking about entering this exciting new field…
Why do we need Privacy Engineers?
The volume and complexity of data continues to increase, and businesses are increasingly interested in how they can collect and use data for lots of different purposes. However, until the last couple of years, with the introduction of significant new privacy laws and a growing understanding of the importance of ensuring customer trust, the rapid evolution of data infrastructure rarely included consideration of privacy as part of the design or development process.
All this has changed in the last few years with the growing recognition of the importance of ensuring privacy is supported by technology and engineering. And with this growing recognition has come the need for a technical discipline that can mediate privacy, GRC, technology and engineering needs. And so the privacy engineer is born!
What is Privacy Engineering?
Privacy engineering is the practice of building tools and processes that apply privacy protections to personal data. Privacy engineers take legal requirements, regulations, privacy policies, and other organizational priorities, and ensure that the product or service being developed actually delivers on those requirements, at a technical level.
Privacy engineers interface with different stakeholders with diverse training and priorities, from lawyers to product designers to project managers. So communication skills are also important.
Those in the field report a mix of technical and non-technical responsibilities.
Some of the things privacy engineers might do are:
- Inspect code before deployment to assess privacy risk.
- Identify and implement the best methods for anonymization or pseudonymisation across the data lifecycle.
- Ensure that the minimum personal data required is collected.
- Design clear privacy controls for users (e.g. in mobile app’s).
What else do Privacy Engineers do?
Other things that privacy engineers might do include:
Supporting Data Subject Rights
Data subjects have many rights, including the right to access their information, to delete it and in some case to ask that it be made available in a format that makes it easily transferable to another platform. Privacy engineers can assist in developing solutions that:
- Ensure that all relevant data is made available and no data is overlooked (when responding to access requests);
- Only the date required to be deleted is deleted without impacting essential referential integrity between databases in the business backend.
Privacy engineers also collaborate with designers to ensure that data controls are useful and usable, presenting clear and transparent options to end-users.
Data minimisation is a key privacy principle, specifically referenced in the GDPR. Data minimisation means the processing of the minimum amount of data needed for an activity. For example, if you are an online theatre ticket seller, you don’t need information about marital status or dietary preferences (unless food is included in the theatre experience).
Privacy engineers can prevent privacy issues by examining code for unnecessary data collection. They can also ensure that data minimisation principles are implemented throughout the data life cycle, particularly in storage.
For more information about data minimisation, see our blog post here.
Privacy by design
Contemporary privacy engineering is about baking privacy into development of all your products and services, making privacy a key component of the design process. A key tool for privacy engineering is the Privacy by Design framework. The framework, first developed by Dr. Ann Cavoukian, integrates privacy into the design process rather than only considering privacy retroactively.
For more information about Privacy by Design, see our previous blog posts here.
Where does the privacy engineer fit?
Because this is still an emerging field, there’s no real consistency with where privacy engineers fit within an organisation. Privacy engineering can be housed under a variety of teams: IT, Information, Design, GRC, Engineering or Security. Privacy engineers may also have a range of titles: “Software Engineer,” “Technical Program Manager,” and Data Engineer,”
How do you become a privacy engineer?
As privacy engineering is an interdisciplinary field, a variety of different career paths may can lead to privacy engineering. In Australia there are currently few courses directed at creating privacy engineers though privacy is increasingly being included in technology and cyber degrees. As the field becomes more prominent and structured, specific training programs will likely increase.
IAPP’s Certified Information Privacy Technologist
One option for those looking at moving into privacy engineering is to complete IAPP’s Certified Information Privacy Technologist (CIPT) certification.
The Body of Knowledge for the CIPT is broken into seven modules:
- Module 1: Foundational principles
- Module 2: The role of technology in privacy
- Module 3: Privacy threats and violations.
- Module 4: Technical measures and privacy-enhancing technologies
- Module 5: Privacy engineering
- Module 6: Privacy by design methodology
- Module 7: Technology challenges of privacy
Those who take the IAPP training course also get access to two useful text books:
- An Introduction to Privacy for Technology Professionals is an official textbook of the CIPT Program.
- Its affiliated textbook Strategic Privacy by Design, Second Edition in digital and print versions.
For more information about the CIPT, read some of our earlier blog posts:
- CIPT Qualifications and your career: Where will this certification take you?
- How to prepare for the CIPT exam
- Which CIPP certification is right for me
Privacy Training by Privacy 108
If you’re uncertain what privacy training will benefit you in your career or help to advance your organisation’s privacy program, get in touch. Privacy 108 offers training courses for privacy industry certifications, including IAPP’s CIPT certification, as well as tailored privacy training for organisations. So, we would love to help you determine what education and training best meets your needs.
Our privacy courses are led by IAPP-certified instructor, Dr Jodie Siganto. Jodie has close to 20 years’ experience as an educator and is widely recognised as one of Australia’s leading privacy professionals.
Find more information here: https://privacy108.com.au/cipt/
Contact us: email@example.com