If we’re going to live in a world where privacy is still a value our society upholds, we need to do our part as privacy champions to elevate issues of personal privacy and data security. But the actual implementation of sound privacy practices often resides with teams of engineers under the direction of legal and technical leaders.
So how should engineers translate our shared values around privacy into the technology we use every day? One concept which gets brought into the conversation a great deal is Privacy by Design (PbD). With Privacy by Design, privacy is not an afterthought, but purposefully incorporated into the development of products, services, and operations. This idea of “baked in” privacy can even give start-ups a competitive advantage. But what’s the recipe for really baking in privacy? What are the ingredients? Who are the chefs in the kitchen?
In this article we’ll look at one framework for implementing PbD as well as a case study of one ad targeting start-up who invested in a PbD approach.
Beginning with a Framework for Privacy by Design
The principles of PbD are sound, but as principles, leave open for development a specific roadmap for how to best implement the practice. This was a prime concern in a recent Privacy Engineering & Assurance report (PDF) issued recently by Nokia:
“There is an increasing emergence of legislative work around privacy, but that will not answer the “How?”, either. At the same time, today, privacy is implemented in this technology dominated world. It is the engineers of these technologies who need the answer to “How?”
Nokia’s prime interest centered on creating a discipline for PbD rather than an ad hoc approach of “do’s and don’ts.” In their report, they propose an eight-point framework for organizations engaged in Privacy Engineering & Assurance.
From the PDF (emphasis mine):
“As a discipline, Privacy Engineering & Assurance needs to:
1. Consist of two components: i) Privacy Engineering ,which identifies privacy threats and risks, as well as designs and implements privacy safeguarding controls into products and services; and ii) Privacy Assurance, which verifies the products and services conformance to such privacy safeguarding controls and regulatory compliance;
2. Be based on an industry accepted privacy knowledge base consisting of privacy principles, privacy related threats and their underlying engineering vulnerabilities, privacy risks that could harm individuals, privacy safeguarding requirements and guidelines and design patterns for implementing privacy safeguarding controls.
3. Ensure compliance with applicable data protection and other privacy laws;
4. Be based on and compatible with best industry guidance for software engineering as defined by the IEEE Software Engineering Book of Knowledge;
5. Integrate a code of ethics and professionalism into the discipline, based on ACM Software Engineering Code of Ethics & Professional Practice;
6. Leverage existing disciplines of product security and business continuity and their associated processes, activities and tools;
7. Be an integral mechanism for managing privacy risks in a broader organizational risk management context;
8. Create demonstrable evidence that accountable organizations are utilizing best practice processes in identifying, analyzing and mitigating privacy risks.”
The report goes on to detail processes, including threat identification and mitigation cycles, and to recommend mapping privacy activities on to the product creation process. The analysis concludes that PbD is, by modern technology standards, a business management system.
A Case Study in Implementing Privacy by Design
One tech firm which recently drew back the curtain on what it really means to embrace PbD was the ad targeting firm 4Info. The company’s AdHaven Bullseye ad targeting system “connects information from advertisers’ own customer databases with household, purchase and other demographic and psychographic data from partners including Acxiom and Nielsen Catalina Solutions.”
According to 4Info, integrating a PbD process occupied at least 20% of its year-and-a-half development cycle and resulted in a 30% increase in secure data storage cost. In their experience, this type of investment in advertising is not the norm, with advertisers typically looking to push the envelope when it comes to privacy.
During the process, 4Info had to solve a number of challenges. This included de-identifying and segregating data, as well as implementing legal controls which prevented improper data merging. What’s more, the targeting software had to provide sub-150ms response times, despite the fact that the information used in the targeting was secured across different data storage centers. No small portion of the labor hours involved cross-departmental meetings with legal and engineering to map out data flows, and 4Info also had to endure a thorough privacy review by a major consumer packaged goods (CPG) company.
But for 4Info, the process was worth the investment. The company knew it needed to be able to survive increased scrutiny in the ad targeting space, especially with the lessons learned from companies such as DoubleClick and media attention such as the WSJ’s recent series on privacy.
It’s encouraging to note that for a relatively small company of only 37 employees, 4Info employs a Chief Privacy Officer.
Engineering Privacy by Design is the Future
It may seem expensive to implement PbD, but companies should weigh the expense of retrofitting software and services for privacy compliance down the road as well as the potential cost of future damage control should a breach or privacy abuse become apparent.
Encourage engineers to be privacy champions. The same engineers who build powerful tools capable of sharing our personal information and tracking us are also concerned about privacy. As insiders, they have a view on what it takes to make data protection choices and how to safeguard our privacy through privacy engineering.
If you’re an engineer or product manager and have questions about PbD in practice, be sure to check out this video from the Bureau of Consumer Protection and this informative “how-to” book The Privacy Engineer’s Manifesto.