Neha Patil (Editor)

Privacy engineering

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit

Privacy engineering is an emerging discipline within, at least, the software or information systems domain which aims to provide methodologies, tools and techniques such that the engineered systems provide acceptable levels of privacy. In the US acceptable level of privacy is defined in terms of compliance against the functional and non-functional requirements set out through a privacy policy, while in the EU, the General Data Protection Regulation sets the requirements that need to be fulfilled. In the rest of the world, the requirements change depending on local implementations of privacy and data protection laws.

Contents

Definition and scope

The definition of privacy engineering given by NIST is:

While privacy has been developing as a legal domain, privacy engineering has only really come to the fore in recent years as the necessity of implementing said privacy laws in information systems has become a definite requirement to the deployment of such information systems. For example, IPEN outlines their position in this respect as:

Privacy engineering involves aspects such as process management, security, ontology and software engineering. The actual application of these derives from necessary legal compliances, privacy policies and `manifestos' such as Privacy-by-Design.

Towards the more implementation levels, privacy engineering employs privacy enhancing technologies to enable anonymisation and de-identification of data. Privacy engineering requires suitable security engineering practices to be deployed, and some privacy aspects can be implemented using security techniques. A privacy impact assessment is another tool within this context and its use does not imply that privacy engineering is being practiced.

One area of concern is the proper definition and application of terms such as personal data, personally identifiable information, anonymisation and pseudo-anonymisation which lack sufficient and detailed enough meanings when applied to software, information systems and data sets.

Another facet of information system privacy has been the ethical use of such systems with particular concern on surveillance, big data collection, artificial intelligence etc. Some members of the privacy and privacy engineering communication advocate the idea of Ethics engineering or reject the possibility of engineering privacy into systems intended for surveillance.

Core practices

As this particular field is still in its infancy and somewhat dominated by the legal aspects, the following list just outlines the primary areas on which privacy engineering is based:

  • Data flow modelling
  • Semantics
  • Requirements engineering
  • Risk assessment
  • Privacy management and processes
  • Development of suitable terminologies/ontologies for expressing types, usages, purposes etc of information
  • Privacy impact assessment
  • Despite the lack of a cohesive development of the above areas, courses already exist for the training of privacy engineering. The International Workshop on Privacy Engineering co-located with IEEE Symposium on Security and Privacy provides a venue to address "the gap between research and practice in systematizing and evaluating approaches to capture and address privacy issues while engineering information systems".

    Aspects of information

    As an area privacy engineering is particular concerned with the processing of information over the following aspects or ontologies and their relations to their implementation in software:

  • Information Type Ontologies (as opposed to PII or machine types)
  • Data Processing Ontologies
  • Semantics of information and data sets (see also noise and anonymisation)
  • Provenance of information, including the notion of data subject
  • Usage of information
  • Purpose of information, viz: primary vs secondary collection
  • Notions of controller and processor
  • The notions of authority and identity (ostensibly of the source(s) of data)
  • Further to this how the above then affect the security classification, risk classification and thus the levels of protection and flow within a system can then the metricised or calculated.

    Definitions of privacy

    As already stated, privacy is an area dominated by legal aspects but requiring implementation using, ostensibly, engineering techniques, disciplines and skills. Privacy Engineering as an overall discipline takes its basis from considering privacy not just as a legal aspect or engineering aspect and their unification but also utilising the following areas:

  • Privacy as a philosophical aspect
  • Privacy as an economic aspect, particular game theory
  • Privacy as a sociological aspect
  • Etc.
  • References

    Privacy engineering Wikipedia