Privacy Engineering: Shaping an Emerging Field of Research and Practice

Addressing privacy and data protection systematically throughout the process of engineering information systems is a daunting task. Although the research community has made significant progress in theory and in labs, meltdowns in recent years suggest that we're still struggling to address systemic privacy issues. Privacy engineering, an emerging field, responds to this gap between research and practice. It's concerned with systematizing and evaluating approaches to capture and address privacy issues with engineering information systems. This article serves to illuminate this nascent field. The authors provide a definition of privacy engineering and describe encompassing activities. They expand on these with findings from the First International Workshop on Privacy Engineering (IWPE), and conclude with future challenges.

[1]  Stefanos Gritzalis,et al.  Addressing privacy requirements in system design: the PriS method , 2008, Requirements Engineering.

[2]  Marit Hansen,et al.  Protection Goals for Privacy Engineering , 2015, 2015 IEEE Security and Privacy Workshops.

[3]  Paul Dourish,et al.  Unpacking "privacy" for a networked world , 2003, CHI '03.

[4]  Deirdre K. Mulligan,et al.  Bridging the Gap Between Privacy and Design , 2012 .

[5]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[6]  Nick Doty,et al.  Reviewing for Privacy in Internet and Web Standard-Setting , 2015, 2015 IEEE Security and Privacy Workshops.

[7]  Seda F. Gürses,et al.  A critical review of 10 years of Privacy Technology , 2010 .

[8]  D. Mulligan,et al.  New Governance, Chief Privacy Officers, and the Corporate Management of Information Privacy in the United States: An Initial Inquiry , 2011 .

[9]  Alex Pentland,et al.  Decentralizing Privacy: Using Blockchain to Protect Personal Data , 2015, 2015 IEEE Security and Privacy Workshops.

[10]  Naomi B. Lefkovitz,et al.  Privacy Risk Management for Federal Information Systems , 2015 .

[11]  John S. Heidemann,et al.  Privacy Principles for Sharing Cyber Security Data , 2015, 2015 IEEE Security and Privacy Workshops.

[12]  Simone Wannemaker Security And Usability Designing Secure Systems That People Can Use , 2016 .

[13]  Walter Hötzendorfer,et al.  Privacy by Design in Federated Identity Management , 2015, 2015 IEEE Security and Privacy Workshops.

[14]  Helen Nissenbaum,et al.  Privacy in Context - Technology, Policy, and the Integrity of Social Life , 2009 .

[15]  Nick Mathewson,et al.  Anonymity Loves Company: Usability and the Network Effect , 2006, WEIS.

[16]  Toniann Pitassi,et al.  Fairness through awareness , 2011, ITCS '12.

[17]  Frank Piessens,et al.  FPDetective: dusting the web for fingerprinters , 2013, CCS.

[18]  Lorrie Faith Cranor,et al.  Engineering Privacy , 2009, IEEE Transactions on Software Engineering.

[19]  Eve Maler,et al.  Extending the Power of Consent with User-Managed Access: A Standard Architecture for Asynchronous, Centralizable, Internet-Scalable Consent , 2015, 2015 IEEE Security and Privacy Workshops.

[20]  Klaus Wehrle,et al.  Choose Wisely: A Comparison of Secure Two-Party Computation Frameworks , 2015, 2015 IEEE Security and Privacy Workshops.

[21]  Daniel J. Solove A Taxonomy of Privacy , 2006 .

[22]  David Wright,et al.  PRIPARE: Integrating Privacy Best Practices into a Privacy Engineering Methodology , 2015, 2015 IEEE Security and Privacy Workshops.

[23]  Seda Gurses,et al.  Two Tales of Privacy in Online Social Networks , 2013, IEEE Security & Privacy.

[24]  Sjaak Brinkkemper,et al.  Method engineering: engineering of information systems development methods and tools , 1996, Inf. Softw. Technol..

[25]  Claudia Díaz,et al.  Tor Experimentation Tools , 2015, 2015 IEEE Security and Privacy Workshops.