Privacy engineering

Last updated

Privacy engineering is an emerging field of engineering which aims to provide methodologies, tools, and techniques to ensure systems provide acceptable levels of privacy. Its focus lies in organizing and assessing methods to identify and tackle privacy concerns within the engineering of information systems. [1]

Contents

In the US, an acceptable level of privacy is defined in terms of compliance to the functional and non-functional requirements set out through a privacy policy, which is a contractual artifact displaying the data controlling entities compliance to legislation such as Fair Information Practices, health record security regulation and other privacy laws. In the EU, however, the General Data Protection Regulation (GDPR) sets the requirements that need to be fulfilled. In the rest of the world, the requirements change depending on local implementations of privacy and data protection laws.

Definition and scope

The definition of privacy engineering given by National Institute of Standards and Technology (NIST) is: [2]

Focuses on providing guidance that can be used to decrease privacy risks, and enable organizations to make purposeful decisions about resource allocation and effective implementation of controls in information systems.

While privacy has been developing as a legal domain, privacy engineering has only really come to the fore in recent years as the necessity of implementing said privacy laws in information systems has become a definite requirement to the deployment of such information systems. For example, IPEN outlines their position in this respect as: [3]

One reason for the lack of attention to privacy issues in development is the lack of appropriate tools and best practices. Developers have to deliver quickly in order to minimize time to market and effort, and often will re-use existing components, despite their privacy flaws. There are, unfortunately, few building blocks for privacy-friendly applications and services, and security can often be weak as well.

Privacy engineering involves aspects such as process management, security, ontology and software engineering. [4] The actual application of these derives from necessary legal compliances, privacy policies and 'manifestos' such as Privacy-by-Design. [5]

Relationship between PbD and Privacy Engineering Pbdmanifestoengineering.png
Relationship between PbD and Privacy Engineering

Towards the more implementation levels, privacy engineering employs privacy enhancing technologies to enable anonymisation and de-identification of data. Privacy engineering requires suitable security engineering practices to be deployed, and some privacy aspects can be implemented using security techniques. A privacy impact assessment is another tool within this context and its use does not imply that privacy engineering is being practiced.

One area of concern is the proper definition and application of terms such as personal data, personally identifiable information, anonymisation and pseudo-anonymisation which lack sufficient and detailed enough meanings when applied to software, information systems and data sets.

Another facet of information system privacy has been the ethical use of such systems with particular concern on surveillance, big data collection, artificial intelligence etc. Some members of the privacy and privacy engineering community advocate for the idea of ethics engineering or reject the possibility of engineering privacy into systems intended for surveillance.

Software engineers often encounter problems when interpreting legal norms into current technology. Legal requirements are by nature neutral to technology and will in case of legal conflict be interpreted by a court in the context of the current status of both technology and privacy practice.

Core practices

As this particular field is still in its infancy and somewhat dominated by the legal aspects, the following list just outlines the primary areas on which privacy engineering is based:

Despite the lack of a cohesive development of the above areas, courses already exist for the training of privacy engineering. [8] [9] [10] The International Workshop on Privacy Engineering co-located with IEEE Symposium on Security and Privacy provides a venue to address "the gap between research and practice in systematizing and evaluating approaches to capture and address privacy issues while engineering information systems". [11] [12] [13]

A number of approaches to privacy engineering exist. The LINDDUN [14] methodology takes a risk-centric approach to privacy engineering where personal data flows at risk are identified and then secured with privacy controls. [15] [16] Guidance for interpretation of the GDPR has been provided in the GDPR recitals, [17] which have been coded into a decision tool [18] that maps GDPR into software engineering forces [18] with the goal to identify suitable privacy design patterns. [19] [20] One further approach uses eight privacy design strategies - four technical and four administrative strategies - to protect data and to implement data subject rights. [21]

Aspects of information

Privacy engineering is particularly concerned with the processing of information over the following aspects or ontologies and their relations [22] to their implementation in software:

Further to this how the above then affect the security classification, risk classification and thus the levels of protection and flow within a system can then the metricised or calculated.

Definitions of privacy

Privacy is an area dominated by legal aspects but requires implementation using, ostensibly, engineering techniques, disciplines and skills. Privacy Engineering as an overall discipline takes its basis from considering privacy not just as a legal aspect or engineering aspect and their unification but also utilizing the following areas: [25]

The impetus for technological progress in privacy engineering stems from general privacy laws and various particular legal acts:

See also

Notes and references

  1. Gürses, Seda, and Jose M. Del Alamo. "Privacy engineering: Shaping an emerging field of research and practice." IEEE Security & Privacy 14.2 (2016): 40-46.
  2. "Privacy Engineering at NIST". NIST. Retrieved 3 May 2015.
  3. "Background and purpose" . Retrieved 9 May 2015.
  4. Oliver, Ian (July 2014). Privacy Engineering: A Dataflow and Ontological Approach (1st ed.). CreateSpace. ISBN   978-1497569713. Archived from the original on 14 March 2018. Retrieved 3 May 2015.
  5. Gürses, Seda; Troncoso, Carmela; Diaz, Claudia (2011). Engineering Privacy by Design (PDF). International Conference on Privacy and Data Protection (CPDP) Book. Retrieved 11 May 2015.
  6. Dennedy, Fox, Finneran (2014-01-23). The Privacy Engineer's Manifesto (1st ed.). APress. ISBN   978-1-4302-6355-5.{{cite book}}: CS1 maint: multiple names: authors list (link)
  7. MITRE Corp. "Privacy Engineering Framework". Archived from the original on 4 May 2015. Retrieved 4 May 2015.
  8. "MSIT-Privacy Engineering". Carnegie Mellon University.
  9. "Privacy Engineering". cybersecurity.berkeley.edu. University of California, Berkeley.
  10. Oliver, Ian (17 March 2015). "Introduction to Privacy and Privacy Engineering". EIT Summer School, University of Brighton. Archived from the original on 18 May 2015. Retrieved 9 May 2015.
  11. "International Workshop on Privacy Engineering". IEEE Security.
  12. "IEEE Symposium on Security and Privacy". IEEE Security.
  13. Gurses, Del Alamo (Mar 2016), Privacy Engineering: Shaping an Emerging Field of Research and Practice, vol. 14, IEEE Security and Privacy
  14. "HOME". LINDDUN.
  15. "A LINDDUN-Based framework for privacy threat analysis on identification and authentication processes". Computers & Security.
  16. Wuyts, K., & Joosen, W. (2015). LINDDUN privacy threat modeling: a tutorial. CW Reports. accessed 2019-12-10
  17. "Recitals of the GDPR (General Data Protection Regulation)".
  18. 1 2 "GDPR tool".
  19. Colesky, M.; Demetzou, K.; Fritsch, L.; Herold, S. (2019-03-01). "Helping Software Architects Familiarize with the General Data Protection Regulation". 2019 IEEE International Conference on Software Architecture Companion (ICSA-C). pp. 226–229. doi:10.1109/ICSA-C.2019.00046. ISBN   978-1-7281-1876-5. S2CID   155108256.
  20. Lenhard, J.; Fritsch, L.; Herold, S. (2017-08-01). "A Literature Study on Privacy Patterns Research". 2017 43rd Euromicro Conference on Software Engineering and Advanced Applications (SEAA). pp. 194–201. doi:10.1109/SEAA.2017.28. ISBN   978-1-5386-2141-7. S2CID   26302099.
  21. Colesky, M.; Hoepman, J.; Hillen, C. (2016-05-01). "A Critical Analysis of Privacy Design Strategies". 2016 IEEE Security and Privacy Workshops (SPW). pp. 33–40. doi:10.1109/SPW.2016.23. ISBN   978-1-5090-3690-5. S2CID   15713950.
  22. Stanford Encyclopedia of Philosophy. "Semantic Conceptions of Information" . Retrieved 9 May 2015.
  23. Article 29 Data Protection Working Party (16 February 2010), Opinion 1/2010 on the concepts of "controller" and "processor", vol. 00264/10/EN WP 169{{citation}}: CS1 maint: numeric names: authors list (link)
  24. Paul Groth, Luc Moreau. "An Overview of the PROV Family of Documents". W3C. Retrieved 10 May 2015.
  25. Gurses, Seda; del Alamo, Jose M. (March 2016). "Privacy Engineering: Shaping an Emerging Field of Research and Practice". IEEE Security & Privacy. 14 (2): 40–46. doi:10.1109/MSP.2016.37. ISSN   1540-7993. S2CID   10983799.
  26. "Privacy by design | Karlstads universitet". www.kau.se.
  27. Fischer-Hübner, Simone; Martucci, Leonardo A.; Fritsch, Lothar; Pulls, Tobias; Herold, Sebastian; Iwaya, Leonardo H.; Alfredsson, Stefan; Zuccato, Albin (2018). "A MOOC on Privacy by Design and the GDPR" (PDF). In Drevin, Lynette; Theocharidou, Marianthi (eds.). Information Security Education – Towards a Cybersecure Society. IFIP Advances in Information and Communication Technology. Vol. 531. Springer International Publishing. pp. 95–107. doi:10.1007/978-3-319-99734-6_8. ISBN   978-3-319-99734-6.
  28. "Carnegie Mellon University Privacy Engineering Program".
  29. "CMU Privacy Engineering Student Blogs and Work".

Related Research Articles

Security engineering is the process of incorporating security controls into an information system so that the controls become an integral part of the system’s operational capabilities. It is similar to other systems engineering activities in that its primary motivation is to support the delivery of engineering solutions that satisfy pre-defined functional and user requirements, but it has the added dimension of preventing misuse and malicious behavior. Those constraints and restrictions are often asserted as a security policy.

<span class="mw-page-title-main">Software architecture</span> High level structures of a software system

Software architecture is the set of structures needed to reason about a software system and the discipline of creating such structures and systems. Each structure comprises software elements, relations among them, and properties of both elements and relations.

Data security means protecting digital data, such as those in a database, from destructive forces and from the unwanted actions of unauthorized users, such as a cyberattack or a data breach.

In the context of software engineering, software quality refers to two related but distinct notions:

In systems engineering and requirements engineering, a non-functional requirement (NFR) is a requirement that specifies criteria that can be used to judge the operation of a system, rather than specific behaviours. They are contrasted with functional requirements that define specific behavior or functions. The plan for implementing functional requirements is detailed in the system design. The plan for implementing non-functional requirements is detailed in the system architecture, because they are usually architecturally significant requirements.

Software assurance (SwA) is a critical process in software development that ensures the reliability, safety, and security of software products. It involves a variety of activities, including requirements analysis, design reviews, code inspections, testing, and formal verification. One crucial component of software assurance is secure coding practices, which follow industry-accepted standards and best practices, such as those outlined by the Software Engineering Institute (SEI) in their CERT Secure Coding Standards (SCS).

Information security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access and control system attacks. While cybersecurity regulations aim to minimize cyber risks and enhance protection, the uncertainty arising from frequent changes or new regulations can significantly impact organizational response strategies.

Software project management is the process of planning and leading software projects. It is a sub-discipline of project management in which software projects are planned, implemented, monitored and controlled.

Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information. Information assurance includes protection of the integrity, availability, authenticity, non-repudiation and confidentiality of user data. IA encompasses both digital protections and physical techniques. These methods apply to data in transit, both physical and electronic forms, as well as data at rest. IA is best thought of as a superset of information security, and as the business outcome of information risk management.

Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information.

Quality engineering is the discipline of engineering concerned with the principles and practice of product and service quality assurance and control. In software development, it is the management, development, operation and maintenance of IT systems and enterprise architectures with a high quality standard.

Privacy-enhancing technologies (PET) are technologies that embody fundamental data protection principles by minimizing personal data use, maximizing data security, and empowering individuals. PETs allow online users to protect the privacy of their personally identifiable information (PII), which is often provided to and handled by services or applications. PETs use techniques to minimize an information system's possession of personal data without losing functionality. Generally speaking, PETs can be categorized as either hard or soft privacy technologies.

Data portability is a concept to protect users from having their data stored in "silos" or "walled gardens" that are incompatible with one another, i.e. closed platforms, thus subjecting them to vendor lock-in and making the creation of data backups or moving accounts between services difficult.

<span class="mw-page-title-main">View model</span>

A view model or viewpoints framework in systems engineering, software engineering, and enterprise engineering is a framework which defines a coherent set of views to be used in the construction of a system architecture, software architecture, or enterprise architecture. A view is a representation of the whole system from the perspective of a related set of concerns.

Cloud computing security or, more simply, cloud security, refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security.

Privacy by design is an approach to systems engineering initially developed by Ann Cavoukian and formalized in a joint report on privacy-enhancing technologies by a joint team of the Information and Privacy Commissioner of Ontario (Canada), the Dutch Data Protection Authority, and the Netherlands Organisation for Applied Scientific Research in 1995. The privacy by design framework was published in 2009 and adopted by the International Assembly of Privacy Commissioners and Data Protection Authorities in 2010. Privacy by design calls for privacy to be taken into account throughout the whole engineering process. The concept is an example of value sensitive design, i.e., taking human values into account in a well-defined manner throughout the process.

<span class="mw-page-title-main">General Data Protection Regulation</span> EU regulation on the processing of personal data

The General Data Protection Regulation is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also governs the transfer of personal data outside the EU and EEA. The GDPR's goals are to enhance individuals' control and rights over their personal information and to simplify the regulations for international business. It supersedes the Data Protection Directive 95/46/EC and, among other things, simplifies the terminology.

ISO/IEC 27001 is an international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, revised in 2013, and again most recently in 2022. There are also numerous recognized national variants of the standard. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit. The effectiveness of the ISO/IEC 27001 certification process and the overall standard has been addressed in a large-scale study conducted in 2020.

<span class="mw-page-title-main">Human rights and encryption</span> Use of encryption technology to ensure human rights are maintained

Human rights applied to encryption are a concept of freedom of expression, where encryption is a technical resource in the implementation of basic human rights.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.