The Privacy Engineer's Companion: A Workbook of Guidance, Tools, Methodologies, and Templates

Learn to engineer privacy into software, systems, and applications. This book is a resource for developers, engineers, architects, and coders. It provides tools, methodologies, templates, worksheets and guidance on engineering privacy into software - from ideation to release and beyond - whether it is for tools, technologies, products, systems, solutions, or applications.
The Privacy Engineer's Companion A Workbook of Guidance, Tools, Methodologies, and Templates can be used in conjunction with the 2014 ApressOpen bestseller, The Privacy Engineer's Manifesto. It trains and equips users to engage in their own privacy scoping requirements workshops, write privacy use cases, or "stories," for agile development, document UI privacy patterns, conduct assessments; align with product and information security teams. And, perhaps most importantly, the book brings clarity to a vitally important need - the protection of personal information -- that is often shrouded in mystery during the engineering process. Get from policy to code to QA to value, all within these pages.
What You'll Learn:

• How to think of the Fair Information Principles as actionable, normative statements
• How to decode privacy into functional requirements that can be designed and coded
• How to prepare and conduct a privacy scoping requirements workshop
• How to translate privacy requirements into usable stories for agile development
• How to guide user interface designers in designing privacy controls and interfaces
• How to access software, systems, applications, and apps to see if the necessary privacy controls are in place
• How to create privacy engineering documentation (such as data flow diagrams and privacy impact assessments) so that tribal lore is translated into institutional knowledge
• How to access and ready the enterprise to support privacy engineering

Who This Book Is For: This book is designed for a wide audience and to serve multiple stakeholders. This audience consists of anyone involved in architecting, designing, developing, deploying, and reviewing systems, products, processes, applications, and apps that process personal information. This workbook will appeal to software/hardware engineers, technical program and product managers, support and sales engineers, system integrators, IT professionals, lawyers, and information privacy and security professionals.

Michelle Finneran Dennedy (@mdennedy) is Vice President and Chief Privacy Officer at Cisco, where she works to raise awareness and create tools that promote privacy, quality, integrity, respect and asset-level possibilities for data. A sought-after technology industry speaker and thought leader, Michelle is passionate about data privacy and protection, and for building better technology that matters. She works closely with families, executives, innovators and dreamers at all levels and in businesses and organizations at all stages to support the combination of policy, practice and tools. She is a board member of the International Association of Privacy Professionals (IAPP) and the Committee for Economic Development (CED) and the chair of the IEEE 7002 Working Group on Data Privacy.
Jonathan Fox, Director of Privacy Engineering and Strategy and Planning, is a member of Cisco's Chief Privacy Office and co-author of THE PRIVACY ENGINEER'S MANIFESTO, Getting from Policy to Code to QA to Value (ApressOpen 2014). With over 17 years of privacy experience, Jonathan's principal areas of focus have been product development, government relations, mergers and acquisitions, and training. He is a Certified Information Privacy Professional (CIPP/US), a Certified Information Privacy Manager (CIPM), and was a Certified Information Security Manager (CISM). Prior to Cisco, Jonathan was a Senior Privacy Engineer at Intel. His previous roles have included Director of Data Privacy, McAfee; Director of Privacy, eBay; Deputy Chief Privacy Officer for Sun Microsystems, and Editor-in-Chief of sun.com. Jonathan frequently speaks at industry events and is a member of the IEEE P7002 Personal Data Privacy Working Group and the OASIS Privacy by Design Documentation for Software Engineers Technical Committee.
Thomas R Finneran is a principal consultant for the iDennedy Project. He has proposed an approach to use the Organization for the Advancement of Structured Information Standards (OASIS) UML Standard for privacy analysis. He was a consultant for over 25 years for CIBER, Inc. He has acquired over 25 years of experience in the field of information technology. His strengths include enterprise (including data, information, knowledge, business, and application) architecture, business and data analysis, UML object analysis and design, logical data modeling, database systems design and analysis, information resource management methodologies, CASE and metadata repository tools, project management, and computer law. He is experienced in almost all application system areas, including real-time data collection systems, inventory control, sales and order processing, personnel, all types of financial systems, the use of expert systems, and project management systems. He has developed and taught training courses in the areas of use cases, relational concepts, strategic data planning, logical data modeling, and the utilization of CASE tools, among others. He is also an experienced intellectual property patent lawyer. For various companies, he has held such titles as director, MIS; manager, corporate data strategy; manager, data administration; managing consultant; manager, standards and education; and systems designer. These companies include the Standard Oil Company, Corning Glass Works, ITT, ADR, and the U.S. Navy. In addition, he was vice president and general counsel of TOMARK, Inc., the developer of the highly successful ABEND-AID software package. He has a bachelor of arts (Ohio State University), a masters of business administration (Roosevelt University), and a juris doctor's degree (Cleveland State). He is a member of the bar of the U.S. Supreme Court and a member of the bar of Ohio, New Jersey, Connecticut and a member of the Patent Bar
Lisa Bobbitt, CISSP, CIPM, is the lead Privacy Engineering architect in Cisco's Privacy Office. Lisa is passionate about embedding privacy awareness, governance, and technology across Cisco by building on the foundation of years of working and innovating (6 patents) in mainframe connectivity, mobile routing protocols, innovative concepts in 3D, voice/video/data in Stadium Vision, government adaptation and trustworthy systems. She believes everyone, as a digital citizen, should be a privacy advocate starting with understanding the value of authorized use of our personally identifiable information while the processors of our personal data making it easy for each person to manage their PII. Lisa has a BS in Computer Science from North Carolina State University and an MBA from Duke University.
Michele D. Guel is a Distinguished Engineer in Cisco's Trust Strategy Office. Her current focus and passion is formulating security and privacy strategies for smart, connect communities (Internet of Things). During her 22 years at Cisco, she has had the opportunity to work on all facets of cybersecurity and had the opportunity to establish many "Firsts" at Cisco. As a security architect for many year, Michele was always about "Building it in, not bolting it on." She is now bringing this passion to the privacy field with a focus on privacy engineering in the IoT Space. Michele holds the following certifications: CISSP, CIPM, GSEC401, and is a member of the IEEE P7002 Personal Data Privacy Working Group. She has a MS in Software Engineering with a concentration in Cybersecurity. Michele has been an avid participant, speaker, teacher, influencer and evangelist in the cyber security industry for over 27 years.