Or maybe this should be called the ATLS of privacy perhaps? ATLS, or Advanced Trauma Life Support is a training programme for dealing with medical trauma incidents and is typically used by first responders such as paramedics to an incident.
Now as we move to a DevOps oriented model
- think of a highly integrated Agile with a "right now" delivery
timescale - then the way we will have to react to compliance, privacy
impact assessments, privacy engineering etc is going to be on the same
kind of time-scale. Certainly if we are late or delayed with the PIA
then the product is going to be shipped - with some interesting security
and privacy consequences certainly!
So, I conjecture
it makes sense that we bring our PIA/compliance activities not just to
the engineering level but also to the speed of development and
This means that the PIA is going to have to
be extremely focused and very strictly run. Effectively we need the
DevOps privacy version of the medical ABC.
The question then becomes what is the equivalent to the medical ABC?
As I've stated before, privacy can [must] learn a lot of things from medicine (and aviation) - such as checklists -
in that they both work in very agile, unstructured and reactive
environments. Privacy in a DevOps situation can not rely upon
traditional compliance or work at the usual, relative glacial speed
associated with such work.
Ian Oliver (2015). Privacy as a Safety Critical Concept. 1st International Workshop on Privacy Engineering. California. (Keynote Talk)
Ian Oliver (2014). Privacy Engineering: A Data Flow and Ontological Approach. CreateSpace. 978-1497569713 (see: http://www.amazon.co.uk/dp/1497569710 )