I am frequently asked about where people can learn more about privacy engineering and technical privacy topics. Recently, I compiled a list of my favorite privacy engineering resources and shared it on LinkedIn. Due to the high interest in that post, I decided to write an article providing more context on why I recommend each resource. This article will soon be published by Privado. I hope you find it useful and share these resources with others interested in privacy.
Courses:
1. Technical Privacy Masterclass by Privado.ai
– Instructor: Nishant Bhajaria
– Target Audience: Privacy Engineers, DevOps, TPMs, Privacy Operations
– Cost: Free
– Time to Complete: 2.5 – 3 hours
– Certificate of Completion: Yes
– Certification Available: No
– Reason for Recommendation: Nishant shares his wisdom from years in privacy engineering in an engaging course covering privacy & security, common privacy engineering problems, privacy tools & infrastructure, and scaling a Technical Privacy Program.
2. Our Privacy Opportunity by OpenMined.org
– Instructors: Andrew Trask and Emma Bluemke
– Target Audience: Anyone interested in privacy enhancing technologies
– Cost: Free
– Time to Complete: ~8 hours
– Certificate of Completion: Yes (for full certification process)
– Certification Available: Yes
– Reason for Recommendation: This course offers a socio-technical perspective on privacy and Privacy Enhancing Technologies, explaining their societal impact and benefits in a unique way.
3. Data Protocol’s Privacy Engineering Course Modules & Certification
– Organization: Data Protocol
– Target Audience: Privacy Engineers, DevOps, TPMs, Privacy Operations
– Cost: Free for course modules; $495 for final assessment
– Time to Complete: ~5-6 hours
– Certificate of Completion: Yes
– Certification Available: Yes
– Reason for Recommendation: Led by Nishant Bhajaria, this course covers the basics of privacy engineering, focusing on protecting data privacy while designing products and processes.
Creative Privacy Engineering Education & Awareness:
– Privacy Quest by Imagine Privacy, Inc.
– Founders: Mert Can Boyar & Gokhan Sari
– Description: Privacy Quest is a gamified learning experience inspired by Capture the Flag competitions in the application security industry. Privacy Quest was developed by the founders to assist individuals without technical backgrounds in entering the privacy engineering field. The platform offers a comprehensive learning experience covering essential IT foundations. It is also set to introduce modules for current privacy engineers to upskill in other areas. Privacy Quest caters to beginners, intermediate learners, and advanced privacy professionals, offering various challenges and competitions suitable for different skill levels. The platform will soon expand into additional related areas such as ‘Privacy and AI.’
Privacy & Data Protection Managers, Privacy Lawyers, and Privacy Engineers are recommended to explore Privacy Quest. Through immersive storytelling, visual art, music, and a gamified learning platform, users can acquire valuable privacy and security knowledge. By engaging in Quests, individuals can deepen their understanding of concepts like data protection, threat modeling, risk mitigation, and encryption. Privacy Quest equips users with practical skills necessary to navigate the intricate landscape of privacy and security, fostering continuous learning and growth. Additionally, individuals can connect with a community of privacy enthusiasts and professionals, showcase their expertise, and establish themselves as valuable assets in the privacy and security domain. Companies can also utilize Privacy Quest to provide privacy engineering education to their employees in a memorable, engaging, and effective manner. Teams can even collaborate with Privacy Quest to organize Privacy Awareness Day/Week activities, including table-top games, escape-room events, and gamified workshops.
The Hitchhiker’s Guide to Privacy Engineering (HGPE) is another resource recommended for Privacy Lawyers. Created by Mert Can Boyar, HGPE combines science fiction with data privacy to offer a fun, engaging, and immersive learning experience aimed at enhancing technical privacy skills. The project aims to provide a solid foundation in privacy engineering principles and practices, enabling privacy lawyers to address complex privacy issues effectively.
Several books are also recommended for those interested in delving deeper into privacy engineering. “Data Privacy: A Runbook for Engineers” by Nishant Bhajaria is ideal for system designers, architects, and engineers working with data in highly-distributed architectures. The book provides insights into implementing complex privacy goals and designing scalable and automated privacy programs.
“Privacy Engineering: A Dataflow and Ontological Approach” by Ian Oliver is suitable for software developers, architects, and systems designers. The book presents an approach based on data flow modeling and standardized terminological frameworks to describe information flow across systems.
“Practical Data Privacy: Enhancing Privacy and Security in Data” by Katharine Jarmul is recommended for data scientists and privacy-enhancing technology (PET) enthusiasts. The book offers a blend of technical insights and plain-language overviews of privacy technology approaches in data science workflows.
“Strategic Privacy by Design,” 2nd Edition by R. Jason Cronk, is targeted towards operational privacy managers and privacy engineers. The book focuses on building and implementing processes, products, and services that prioritize individuals’ privacy interests as a design requirement.
Overall, these resources provide valuable insights and knowledge for individuals looking to enhance their expertise in privacy engineering and related fields. Jason has enhanced his thinking by incorporating dozens of illustrative examples, a new chapter on threat modeling for privacy, an added glossary, and model answers to the exercises throughout the book.
Chapters in Jason’s book include an introduction on Privacy by Design, Building Blocks covering Actors & Their Roles, Harms I & II, Controls, and more, Modeling which discusses Threats, Interactions, Relationships, Risk Analysis, and Mitigating Risks, and Designing for Privacy which covers Design Methodology.
Appendices in the book include Privacy Engineering, Privacy-Enhancing Technologies, Privacy at Scale, Quantifying Risks, Model Answers to Exercises, and a Map to the CIPT Body of Knowledge.
Another recommended book, “The Privacy Engineer’s Manifesto: Getting from Policy to Code to QA to Value,” authored by Michelle Finneran Dennedy, Jonathan Fox, and Thomas R. Finneran (deceased), provides a systematic engineering approach to developing privacy policies based on enterprise goals and government regulations. The book covers various chapters such as Technology Evolution, Privacy Engineering Process, Organizing for the Privacy Information Age, and more.
Two conferences, the Privacy Engineering Practice & Respect Conference 2024 (PEPR’24) and the International Workshop on Privacy Engineering (IWPE), are recommended for Privacy Engineers and Technologists. These conferences focus on designing products and systems with privacy and respect for users, as well as presenting models, methods, techniques, and tools that support data protection engineers and organizations. The event primarily involves participants from academia, but organizers have introduced an ‘Industry Talk Track’ to allow practitioners to share their experiences, lessons learned, and challenges with a wider audience.
Non-profit Organizations to Engage with:
– Institute of Operational Privacy Design (IOPD):
Organizers: R. Jason Cronk (Enterprivacy Consulting Group) & Janelle Hsia (PrivacySWAN Consulting)
Mission: Define and promote privacy design standards for accountability and recognition of good privacy practices.
Target Audience: Operational Privacy Managers, Privacy Engineers
Recommendation: IOPD has developed the industry’s first standard for a comprehensive privacy design process, known as the IOPD Process Design Standard. This standard helps organizations reduce privacy risks and increase efficiency in design processes. Additionally, the IOPD hosts monthly discussions for members called Privacy Engineering and Technology Education Discussion (PETed).
Podcasts:
– The Shifting Privacy Left Podcast:
Host: Debra J. Farber, Privacy Tech Advisor at Principled LLC
Sponsor: Privado.ai
Content: Focuses on embedding privacy by design in product development processes before shipping. Features interviews with privacy engineers, technologists, researchers, and industry leaders.
Target Audience: Privacy Engineers & Technologists
Reason for Recommendation: The podcast delves into technical privacy topics, offering practical insights and thought-provoking discussions. Recently won awards in multiple categories, showcasing the quality and authenticity of the content.
– The AI Fundamentalists:
Hosts: Andrew Clark, Co-Founder & CTO at Monitaur; Sid Mangalik, Research Scientist at Monitaur and Computer Science PhD candidate at Stony Brook University
Organization: Monitaur
Content: Explores safe and resilient modeling systems behind AI technologies.
Target Audience: Data Scientists, AI System Designers, Privacy Engineers
Reason for Recommendation: Provides clear and practical insights into AI concepts, with a focus on privacy and ethical considerations. Offers valuable perspectives on the intersection of privacy and AI.
– Partially Redacted:
Host: Sean Falconer, Head of Marketing at Skyflow
Sponsor: Skyflow
Content: Focuses on privacy engineering topics through interviews with industry experts.
Target Audience: Privacy Engineers and Technologists
Reason for Recommendation: Offers informative discussions on privacy engineering, featuring insights from both Skyflow employees and external guests.
Threat Modeling Frameworks & Card Games:
– LINDDUN Privacy Threat Modeling for Software:
Developers: Mina Deng, Kim Wuyts, Riccardo Scandariato, Wouter Joosen, Bart Preneel, Aram Hovsepyan, Dimitri Van Landuyt, Laurens Sion, Koen Yskout
Description: LINDDUN is a privacy threat modeling framework developed by experts at KU Leuven, offering support to identify and mitigate privacy threats in software development.
Target Audience: Privacy Engineers, Security Analysts, Operational Privacy Managers
Reason for Recommendation: LINDDUN categorizes privacy threats effectively, allowing for a thorough investigation and mitigation of privacy gaps in software systems. Open-sourced resources are available for practical application. For those who prefer hands-on learning, the LINDDUN GO Card Game is available for purchase. This game consists of 33 threat cards that focus on common privacy threats and system vulnerabilities, making the privacy assessment process more interactive and collaborative. Ideal for structured brainstorming among diverse teams, all you need is the card deck and a system sketch to get started on your privacy journey.
Additionally, the PLOT4ai Framework, created by Isabel Barberá, Founder of Rhite, offers a library of 86 threats related to AI/ML categorized into 8 sections. The PLOT4ai Card Game aids AI teams in threat modeling for privacy, along with a free Self-Assessment Tool for AI projects. This framework emphasizes responsibility towards individuals and humanity as a whole, connecting with the people represented in data and those potentially impacted by AI models.
Other valuable resources include the IAPP Privacy Engineering Section for networking opportunities in IT and privacy engineering fields, the NIST Privacy Engineering Program Collaboration Space focusing on privacy risk assessment tools, and the EU Gov – EDPS’ Internet Privacy Engineering Network (IPEN) promoting privacy engineering projects and collaboration among experts and engineers.
She has taken on the role of a pro bono Advisor to the Institute of Operational Privacy by Design (IOPD) and is also a Program Committee Member for the 2024 USENIX Conference on Privacy Engineering Practice and Respect (PEPR’24).
text to make it more engaging and dynamic:
“Let’s spice things up and give this text a little makeover to make it more exciting and interesting!”
