no doubt the future of software engineering will incorporate privacy standards.
But it’s a nascent field that software and standards organizations are only now
beginning to explore.
design isn’t widely understood by engineers in standards organizations and
guidance doesn’t exist, according to the Internet Architecture Board’s call for
papers for the
MIT Privacy Workshop.
that guidance is critical. Among other things, HTML5 greatly expands the
ability to gather and store data. That’s ramped up privacy concerns.
also makes privacy engineering, if you will, so cutting-edge that new training
and skillsets are musts. Expanded data collection means privacy will have to be
engineered into standards and applications much like security now is.
has already begun doing that, according to Senior VP of Engineering and Research Alan
Eustace. The company is adding engineers to assist newly appointed Privacy Engineering
Director Alma Whitten. And, Google’s requiring engineers to maintain privacy
design documents to record how user data is handled.
search giant’s hardly alone. Changes in healthcare information storage, “smart
grid” energy and utility networks, and cloud computing already point to
this means more jobs, or at least more privacy skills. But the question remains:
What education and training should software engineers have?
start, they’ll need legal and regulatory know-how in determining how
information is protected, says Marc Noble, director of government affairs for
the International Information
Systems Security Certification Consortium (ISC)Â². “I think you’ll have
to have a strong legal background and a strong technical background, which is
very difficult to achieve,” he says.
privacy is a compliance issue. Data has to be handled in ways consistent with
laws, business goals and user expectations, adds J. Trevor Hughes, chief
executive and president of the International Association of Privacy Professionals. To
build protections and legal compliance into your systems, you’ll have to
organization’s Certified Information Privacy Professional/IT is believed to be
the only privacy certification available that’s geared to computer science.
technology outpaces legislation, notes Ann Cavoukian, the information and privacy commissioner for
Ontario, Canada. “It’s not obvious to
me the extent to which privacy engineers need a legal background,” she
says. Instead, she thinks they’ll need to collaborate with company attorneys to
ensure legislative requirements are met.
her bottom line is simple: For engineers with privacy training, the job opportunities
“are literally boundless.”
— Terry Sheridan