Why is privacy engineering suddenly important?

What is privacy engineering and why should we care about it?

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

At the very start of the 20th Century, Abigail Robertson visited a photographic studio in Rochester, New York, to have her portrait taken. The image captured was beautiful. It showed a porcelain head and shoulders, turned in semiprofile, with brunette hair arranged neatly above the nape. This was a private family picture, which was sold into a public advertisement, and ended up plastered on 250,000 posters across the state.

Abigail Robertson sued for $15,000. Her consent had never been sought and her plea was mental distress. Her lawyer argued that she was not a public figure, she was a private citizen, and displaying her image against her will violated “the sacred right of privacy”. The press was on her side, the public were incensed and now, over a century later, it provides the start of a very long running debate about privacy.

Today people are still deeply (and justifiably) concerned about how their images are reused but now, more worryingly, a wealth of deeply personal data also exists. This means the parameters of privacy have expanded. So, while the moral battle on privacy may have been won over a century ago and the legal battle on privacy is gradually gaining ground, there are a whole host of logistical details that still haven’t been fleshed out yet. Legislation like the GDPR “right to be forgotten” brings this closer to the fore.

What is privacy engineering?

Privacy engineering is an attempt to tackle these logistics. It is multidiscipline, which makes it difficult to hire for and even more complex to put into practice because it covers legal issues, computer science, data governance and IT security. The first Masters in the subject was launched at Carnegie Mellon in fall 2013 but skills still remain in short supply.

It is a subject that only really started getting talked about widely about two years ago and this tended to be in quite an academic way. “There are many different, non-agreed-upon definitions of privacy engineering,” explained National Institution of Standards and Technology (NIST) senior privacy policy analyst Naomi Lefkovitz at the Global Privacy Summit in 2015. “But a methodology for mitigating risk tends to be a thread through many of the different definitions.”

To continue reading this article register now

NEW! Download the Fall 2018 digital issue of CIO