Privacy design isn't widely understood by engineers in standards organizations and guidance doesn't exist, according to the Internet Architecture Board's call for papers for the MIT Privacy Workshop. Yet that guidance is critical. Among other things, HTML5 greatly expands the ability to gather and store data. That's ramped up privacy concerns. It also makes privacy engineering, if you will, so cutting-edge that new training and skillsets are musts. Expanded data collection means privacy will have to be engineered into standards and applications much like security now is. Google has already begun doing that, according to Senior VP of Engineering and Research Alan Eustace. The company is adding engineers to assist newly appointed Privacy Engineering Director Alma Whitten. And, Google's requiring engineers to maintain privacy design documents to record how user data is handled. The search giant's hardly alone. Changes in healthcare information storage, "smart grid" energy and utility networks, and cloud computing already point to privacy needs. All this means more jobs, or at least more privacy skills. But the question remains: What education and training should software engineers have? To start, they'll need legal and regulatory know-how in determining how information is protected, says Marc Noble, director of government affairs for the International Information Systems Security Certification Consortium (ISC)². "I think you'll have to have a strong legal background and a strong technical background, which is very difficult to achieve," he says. And, privacy is a compliance issue. Data has to be handled in ways consistent with laws, business goals and user expectations, adds J. Trevor Hughes, chief executive and president of the International Association of Privacy Professionals. To build protections and legal compliance into your systems, you'll have to understand privacy. The organization's Certified Information Privacy Professional/IT is believed to be the only privacy certification available that's geared to computer science. But technology outpaces legislation, notes Ann Cavoukian, the information and privacy commissioner for Ontario, Canada. "It's not obvious to me the extent to which privacy engineers need a legal background," she says. Instead, she thinks they'll need to collaborate with company attorneys to ensure legislative requirements are met. Still, her bottom line is simple: For engineers with privacy training, the job opportunities "are literally boundless." -- Terry Sheridan Privacy Skills Are Going to be a Big Deal in Software Engineering
There's no doubt the future of software engineering will incorporate privacy standards. But it's a nascent field that software and standards organizations are only now beginning to explore. Privacy design isn't widely understood by engineers in standards organizations and guidance doesn't exist, according to the Internet Architecture Board's call for papers for the MIT Privacy Workshop. Yet that guidance is critical. Among other things, HTML5 greatly expands the ability to gather and store data. That's ramped up privacy concerns. It also makes privacy engineering, if you will, so cutting-edge that new training and skillsets are musts. Expanded data collection means privacy will have to be engineered into standards and applications much like security now is. Google has already begun doing that, according to Senior VP of Engineering and Research Alan Eustace. The company is adding engineers to assist newly appointed Privacy Engineering Director Alma Whitten. And, Google's requiring engineers to maintain privacy design documents to record how user data is handled. The search giant's hardly alone. Changes in healthcare information storage, "smart grid" energy and utility networks, and cloud computing already point to privacy needs. All this means more jobs, or at least more privacy skills. But the question remains: What education and training should software engineers have? To start, they'll need legal and regulatory know-how in determining how information is protected, says Marc Noble, director of government affairs for the International Information Systems Security Certification Consortium (ISC)². "I think you'll have to have a strong legal background and a strong technical background, which is very difficult to achieve," he says. And, privacy is a compliance issue. Data has to be handled in ways consistent with laws, business goals and user expectations, adds J. Trevor Hughes, chief executive and president of the International Association of Privacy Professionals. To build protections and legal compliance into your systems, you'll have to understand privacy. The organization's Certified Information Privacy Professional/IT is believed to be the only privacy certification available that's geared to computer science. But technology outpaces legislation, notes Ann Cavoukian, the information and privacy commissioner for Ontario, Canada. "It's not obvious to me the extent to which privacy engineers need a legal background," she says. Instead, she thinks they'll need to collaborate with company attorneys to ensure legislative requirements are met. Still, her bottom line is simple: For engineers with privacy training, the job opportunities "are literally boundless." -- Terry Sheridan
Privacy design isn't widely understood by engineers in standards organizations and guidance doesn't exist, according to the Internet Architecture Board's call for papers for the MIT Privacy Workshop. Yet that guidance is critical. Among other things, HTML5 greatly expands the ability to gather and store data. That's ramped up privacy concerns. It also makes privacy engineering, if you will, so cutting-edge that new training and skillsets are musts. Expanded data collection means privacy will have to be engineered into standards and applications much like security now is. Google has already begun doing that, according to Senior VP of Engineering and Research Alan Eustace. The company is adding engineers to assist newly appointed Privacy Engineering Director Alma Whitten. And, Google's requiring engineers to maintain privacy design documents to record how user data is handled. The search giant's hardly alone. Changes in healthcare information storage, "smart grid" energy and utility networks, and cloud computing already point to privacy needs. All this means more jobs, or at least more privacy skills. But the question remains: What education and training should software engineers have? To start, they'll need legal and regulatory know-how in determining how information is protected, says Marc Noble, director of government affairs for the International Information Systems Security Certification Consortium (ISC)². "I think you'll have to have a strong legal background and a strong technical background, which is very difficult to achieve," he says. And, privacy is a compliance issue. Data has to be handled in ways consistent with laws, business goals and user expectations, adds J. Trevor Hughes, chief executive and president of the International Association of Privacy Professionals. To build protections and legal compliance into your systems, you'll have to understand privacy. The organization's Certified Information Privacy Professional/IT is believed to be the only privacy certification available that's geared to computer science. But technology outpaces legislation, notes Ann Cavoukian, the information and privacy commissioner for Ontario, Canada. "It's not obvious to me the extent to which privacy engineers need a legal background," she says. Instead, she thinks they'll need to collaborate with company attorneys to ensure legislative requirements are met. Still, her bottom line is simple: For engineers with privacy training, the job opportunities "are literally boundless." -- Terry Sheridan