Intro -- Contents at a Glance -- Contents -- About the Authors -- About the Technical Reviewers -- Acknowledgments -- Foreword, with the Zeal of a Convert -- Part1: Getting Your Head Around Privacy -- Chapter 1: Technology Evolution, People, and Privacy -- The Relationship Between Information Technology Innovation and Privacy -- The Information Age -- The Firewall Stage -- The Net Stage -- The Extranet Stage -- Access Stage -- The Intelligence Stage -- The Dawning of the Personal Information Service Economy -- Data-Centric and Person-Centric Processing -- Conclusion -- Chapter 2: Foundational Concepts and Frameworks -- What Is Privacy? -- Privacy Engineering -- Personal Information -- Privacy -- An Operational Definition of Privacy -- Processing of Personal Information -- Authorized -- Fair and Legitimate -- Fair Information Processing Principles and the OECD Guidelines -- Collection Limitation Principle -- Data Quality Principle -- Purpose Specification Principle -- Use Limitation Principle -- Security Safeguards Principle -- Openness Principle -- Individual Participation Principle -- Accountability Principle -- Other Governance Standards of which to be aware -- Privacy Is Not Confidentiality and Security Is Not Privacy -- Confidentiality ≠ Privacy -- Security ≠ Privacy -- The Overlaps -- The Disconnects -- Conclusion -- Chapter 3: Data and Privacy Governance Concepts -- Data Management: The Management of "Stuff" -- Data Governance -- Benefits of Data Governance -- The Privacy and Data Governance/Stewardship Connection -- Data Privacy Governance Frameworks -- Generally Accepted Privacy Principles (GAPP) -- Impact of Frameworks on the Privacy Engineer -- Frameworks Are Not the Same as Laws -- Privacy by Design -- How Privacy Engineering and Privacy by Design work Together -- Conclusion -- Part2: The Privacy Engineering Process.

Chapter 4: Developing Privacy Policies -- Elements of Privacy Engineering Development -- Privacy Policy Development -- What Is a Good Policy? -- Designing a Privacy Policy -- What Should Be Included in a Privacy Policy? -- General-Level Privacy Policy Development -- Enterprise-Specific Privacy Development -- Internal vs. External Policies -- Policies, Present, and Future -- Conclusion -- Chapter 5: Developing Privacy Engineering Requirements -- Three Example Scenarios -- Example Scenario 1: The Privacy Component -- Example Scenario 2: A Runner's App -- Example Scenario 3: Hospitality Vacation Planner -- Privacy Requirements Engineering -- Privacy Requirements Engineering -- Use Cases: A Tool for Requirements Gathering -- Use Cases within Privacy Engineering -- Privacy Requirements Derived from Privacy Frameworks -- Develop Privacy Requirement Use Cases -- Use Case Metadata -- Use Case Metadata Model -- The Privacy Engineer's Use of Use Case Metadata -- Determining Data Requirements -- How Does the Distribution Channel Impact Privacy Engineering Requirements? -- Cloud Privacy Requirements -- Conclusion -- Chapter 6: A Privacy Engineering Lifecycle Methodology -- Enterprise Architecture -- Architectural Views -- Solution Architecture -- Develop Procedures, Processes, and Mechanisms -- Methodology -- System Engineering Lifecycle -- The Use of Models within the Methodology -- Stage 1: Project Initiation and Scoping Workshop -- Project Initiation Defines Project Processes -- Requirements Definition Within the Scoping Workshop -- Scoping Deliverables -- Stage 2: Develop Use Cases and Class or Data Models -- Develop Business Activity Diagrams -- Using the Business Activity Diagram for Privacy Assessment -- Defining Business and Privacy Data Classes -- Using the Unified Modeling Language Class Model as a Data Model -- Example: Privacy Component Class Model.

Data Modeling Steps -- Stage 3: Design an Engineered Solution -- User Interface Design -- Basic User Interface Design Steps -- Mapping Business Class Objects to System and Technology Objects -- Prototyping Caveats -- User Interface Prototype -- Component Design -- What Is Component Architecture? -- Example: Privacy Component -- Privacy Rules -- Develop a System Activity Diagram -- Dynamic Modeling -- Define Service Components and Supporting Metadata -- Privacy Enabling Technologies -- Stage 4: Complete System Development -- Stages 5 and 6: Quality Assurance and Rollout -- Develop and Execute Test Cases -- Testing and Rollout Deliverables -- Knowledge Transfer -- Conclusion -- Chapter 7: The Privacy Component App -- Privacy Component Context Diagram -- Use Case Requirements to Build a "Privacy Component" -- The Privacy Component Class Model -- Developing the Unified Modeling Language Class Model -- Privacy Component User Interface Requirements -- Design the Privacy Component Solution -- The Privacy Component Solution Architecture -- The Privacy Component Class Structure -- Privacy Component System Activity Diagram -- Privacy Assessment Using the System Activity Diagram -- Develop the Privacy Component Design -- Using the System Development Methodology for the Privacy Component -- Conclusion -- Chapter 8: A Runner's Mobile App -- The Runner's Mobile App Use Case -- The Runner's App Class or Data Model -- The Runner's App User Experience Requirements -- Design the App Structure -- The Runner's App System Activity Diagram -- Privacy Assessment Using a System Activity Diagram -- Develop the Runner's App Component Design -- Using the System Development Methodology -- Conclusion -- Chapter 9: Vacation Planner Application -- Requirements Definition -- Use Case Metadata for Hospitality Vacation Planner Enterprise Application.

Develop Business Activity Diagrams -- Business Activity Diagram for Scenario 3: Vacation Planning -- Activity Diagram Used as a Part of Privacy Assessment -- Privacy Component Class and Data Model -- Vacation Planner User Interface Requirements -- Design the Vacation Planner Solution -- The Vacation Planner Solution Architecture -- The Vacation Planner Component Architecture Structure -- Develop System Activity Diagrams -- Dynamic Modeling -- Define Service Components and Supporting Metadata -- Using the System Development Methodology -- Conclusion -- Chapter 10: Privacy Engineering and Quality Assurance -- Quality Assurance -- Using Frameworks to Create a Privacy Quality Assurance Checklist -- Purpose -- Notice -- Choice or Consent -- Transfer -- Access, Correction, or Deletion -- Security -- Minimization -- Proportionality -- Retention -- Act Responsibly -- Privacy Concerns During Quality Assurance -- Vector 1: Managing Privacy During Quality Assurance -- Vector 2: Privacy Impact Assessment: A Validation Tool -- Who Is Usually Involved in a PIA? -- What Should a Privacy Impact Assessment Document Contain? -- Vector 3: The Importance and Value of Privacy Impact Assessment to Key Stakeholders -- Resources for Conducting Privacy Impact Assessments -- Conclusion -- Part3: Organizing for the Privacy Information Age -- Chapter 11: Engineering Your Organization to Be Privacy Ready -- Privacy Responsibilities in Different Parts of the Organization -- Privacy Awareness and Readiness Assessments -- Define Existing Systems and Processes -- Consider the Context -- Skills Assessment -- Building the Operational Plan for Privacy Awareness and Readiness -- Building a Communication and Training Plan for Privacy Awareness and Readiness -- Communicating -- Internal Communications -- External Communication -- A Word About What Are Usually Important, but Boring Words.

Monitoring and Adapting the Strategy -- Conclusion -- Chapter 12: Organizational Design and Alignment -- Organizational Placement and Structure -- Horizontal Privacy Team: Pros -- Horizontal Privacy Teams: Cons -- Common Privacy Engineering Roles -- Challenges of Bringing Privacy Engineering to the Forefront -- Expanding Executive Management Support -- Spreading Awareness and Gaining Cultural Acceptance -- Extending Your Reach with Limited Resources -- Creating Alliances -- Expanding the Scope of Data Governance -- Remaining Productive Amid Competing Priorities and Demands -- Best Practices for Organizational Alignment -- Aligning with Information Technology and Information Security -- Aligning with Data Governance Functions -- Benefits of Data Governance -- Business Benefits of Alignment -- Other Benefits -- Conclusion -- Part4: Where Do We Go from Here? -- Chapter 13: Value and Metrics for Data Assets -- Finding Values for Data -- Valuation Models -- Model 1 -- Model 2 -- Model 3 -- Model 4 -- Model 5 -- Building the Business Case -- Turning Talk into Action -- Conclusion -- Chapter 14: A Vision of the Future: The Privacy Engineer's Manifesto -- Where the Future Doesn't Need Us -- Even Social Networks (and Their Leaders) Get Cranky When Their Privacy Is Compromised -- Let's Remember How We Got Here -- Privacy Is Not a One-Size-Fits-All Formula -- Innovation and Privacy -- Societal Pressures and Privacy -- It Still Comes Down to Trust and Value -- A New Building Code for Privacy -- Getting Started -- A Privacy Engineer's Manifesto -- Conclusion -- Appendix A: Use-Case Metadata -- Example Use-Case Format -- Appendix B: Meet the Contributors -- Index.

Description based on publisher supplied metadata and other sources.

Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2022. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.