Posted in Information Security

Privacy Dispatches

How Do You Engineer Privacy? NIST Seeks Answers

Last week, the National Institute of Standards and Technology (NIST) hosted a workshop to discuss and develop the concept of privacy engineering. Although a great deal was covered, three topics recurred throughout the workshop and appeared to be of special interest to NIST, most notably the lack of technical standards concerning privacy,the role engineers can play in protecting privacy and the role NIST should play in the privacy field going forward.

Practical Privacy

How to Lose Your Data In 10 Days

By Heather Federman, CIPP/US

It’s no longer an “if” you’re the target of a data breach; it’s just a matter of “when.” Data loss incidents are becoming an unfortunate rite of passage. More and more businesses have found themselves exposed and ill-prepared to manage the fallout. While the average cost of a breach equals $5.5 million, the public reaction fosters graver implications. The resulting “business shock” not only paralyzes operations, but it also damages relationships with regulators, partners and consumers.

How can you best prepare and defend your organization? How can we all make 2014 the year of “data stewardship?”

More from Heather Federman

Privacy Profession

Engineers and Lawyers in Privacy Protection: Can We All Just Get Along?

By Peter Swire, CIPP/US

In March 2013 we participated in a panel titled “Re-Engineering Privacy Law” at the IAPP Privacy Summit. The topic of the panel closely matches the topic of this book, how to bring together and leverage the skill sets of engineers, lawyers, and others to create effective privacy policy with correspondingly compliant implementations. As a software engineering professor (Antón) and a law professor (Swire), we consider four points: (1) how lawyers make simple things complicated; (2) how engineers make simple things complicated; (3) why it may be reasonable to use the term “reasonable” in privacy rules but not in software specifications; and (4) how to achieve consensus when both lawyers and engineers are in the room.

More from Peter Swire

Trending

The Supreme Court Is Scared of Technology. This Is How Privacy Pros Can Help

By Jedidiah Bracy, CIPP/US, CIPP/E

This was a big week for emerging technology—particularly the Internet of Things (IoT)—as was showcased during the annual Consumer Electronics Show in Las Vegas, NV. Cisco’s CEO made headlines after saying the IoT has the potential to become a $19 trillion market and much of mainstream media reported on all the emerging technology: smart cars, wearable sensors and digestible computers—stuff we’ve been reporting on pretty regularly in the past year.

So it seemed fitting—and concerning—that the Associated Press reported on the wariness felt by Supreme Court justices on judges weighing in on technology and privacy issues. As Justice Elena Kagan said last summer, “The justices are not necessarily the most technologically sophisticated people.”  And the court may face it’s biggest challenge yet, if, as many suspect, it eventually weighs in on the NSA’s metadata collection programs. Justice Antonin Scalia told a group of technology experts last July that elected branches of government are better equipped to grapple with security requirements and privacy protections.

More from Jedidiah Bracy

Opinion

Is the Congressional Response to the Target Breach Off-Target?

In the aftermath of the Target breach announced last month, there has been understandable anxiety on the part of consumers and understandable concern by lawmakers about how to respond to large-scale breaches of this type.

In recent weeks, there have been calls by members of Congress for hearings on the Hill. Several Senators have demanded an investigation by the Federal Trade Commission (FTC) and have discussed legislation beefing up the FTC’s enforcement powers—although as I’ve written here previously , the FTC has not exactly needed an engraved invitation to investigate data breaches in recent years and does not seem to have been inhibited at all by the lack of clear (some might say any) authority to do so. And just this week, Sen. Patrick Leahy (D-VT) reintroduced the Personal Data Privacy and Security Act, which among other things would create a national breach notification standard.

More from Jason Weinstein

The Year in Review

2013: The Year of Privacy

Privacy Perspectives word cloud

If there ever was a “year of privacy,” surely it was 2013. A year that ends with dictionary.com selecting “privacy” as “word of the year;” with privacy making front-page headlines in The New York Times and The Washington Post (not to mention The Guardian) on a weekly, indeed almost daily, basis; with cross-Atlantic ties stretched to the limit over privacy issues, the UN passing a privacy resolution and armies of lobbyists spinning BCRs and Do-Not-Track in Washington bars and Brussels cafes—ladies and gentlemen, 2013 was the year of privacy.

More from Omer Tene

Privacy Engineering

Is 2013 the Year of the Privacy Engineer?

By Robert Jason Cronk, CIPP/US
Image .(JavaScript must be enabled to view this email address)

Nascent is a term I often use to describe the field of privacy engineering. Not until this fall have the first students of Carnegie Mellon’s Masters of Science in Information Technology—Privacy Engineering started in the newly formed one-year program. And only in the past year or so have Google, Microsoft and other techno-centric firms been advertising openings with variations of privacy engineer in the title. Though the term privacy engineering has been around since at least 2001, only recently has the computer science community tried to use it in a concrete and systematic way.

So what is privacy engineering?

More from Robert Jason Cronk

From the Tool Belt

Overcoming the Security and Privacy Challenges of the Cloud

By Chris Zoladz, CIPP/US, CIPP/E, CIPP/IT, CIPP/G

There is no doubt that the use of the cloud will continue to grow at an impressive rate. IDC estimates the cloud market will be worth over $50 billion by 2014 and over $120 billion by 2020. Even the U.S. government, who is not viewed as a leader in the use of technology, has a “cloud first” mandate. With compelling evidence that migration to the cloud will improve an organization’s bottom line and business efficiencies, it would seem to be an easy decision. 

However, the ubiquitous articles and blog posts about the seemingly insurmountable security and privacy risks of moving mainstream applications to the cloud have created ample fear, uncertainty and doubt in some organizations.

More from Chris Zoladz