Privacy Skills Are Going to be a Big Deal in Software Engineering

There’s
no doubt the future of software engineering will incorporate privacy standards.
But it’s a nascent field that software and standards organizations are only now
beginning to explore.

Privacy Skills Are Going to Be a Big Deal in Software EngineeringPrivacy
design isn’t widely understood by engineers in standards organizations and
guidance doesn’t exist, according to the Internet Architecture Board’s call for
papers for the
MIT Privacy Workshop
.

Yet
that guidance is critical. Among other things, HTML5 greatly expands the
ability to gather and store data. That’s ramped up privacy concerns.

It
also makes privacy engineering, if you will, so cutting-edge that new training
and skillsets are musts. Expanded data collection means privacy will have to be
engineered into standards and applications much like security now is.

Google
has already begun doing that, according to Senior VP of Engineering and Research Alan
Eustace. The company is adding engineers to assist newly appointed Privacy Engineering
Director Alma Whitten. And, Google’s requiring engineers to maintain privacy
design documents to record how user data is handled.

The
search giant’s hardly alone. Changes in healthcare information storage, “smart
grid” energy and utility networks, and cloud computing already point to
privacy needs.

All
this means more jobs, or at least more privacy skills. But the question remains:
What education and training should software engineers have?

To
start, they’ll need legal and regulatory know-how in determining how
information is protected, says Marc Noble, director of government affairs for
the International Information
Systems Security Certification Consortium
(ISC)². “I think you’ll have
to have a strong legal background and a strong technical background, which is
very difficult to achieve,” he says.

And,
privacy is a compliance issue. Data has to be handled in ways consistent with
laws, business goals and user expectations, adds J. Trevor Hughes, chief
executive and president of the International Association of Privacy Professionals. To
build protections and legal compliance into your systems, you’ll have to
understand privacy.

The
organization’s Certified Information Privacy Professional/IT is believed to be
the only privacy certification available that’s geared to computer science.

But
technology outpaces legislation, notes Ann Cavoukian, the information and privacy commissioner for
Ontario, Canada. “It’s not obvious to
me the extent to which privacy engineers need a legal background,” she
says. Instead, she thinks they’ll need to collaborate with company attorneys to
ensure legislative requirements are met.

Still,
her bottom line is simple: For engineers with privacy training, the job opportunities
“are literally boundless.”

– Terry Sheridan

Post a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>