The main point being raised is the need for a proper dialog between engineers and lawyers. I think we've seen this before, but still it is not being properly addressed and until it is privacy will remain a compliance activity rooted in a tick-box mentality with dreadful repercussions.
One only needs to take a look at the potential penalties in the EU's GDPR ... a potential fine of 4% of global turnover for a privacy violation!
The crux of this is that if you want to construct systems with privacy as an aspect, it has to be a first class aspect of that system's design. That means privacy is under the collective responsibility of lawyers, engineers and management and not the sole preserve of any of these groups.
Unfortunately going beyond this is considered by some - and I've seen too many examples of this - to be difficult and unnecessary and that legal compliance - whatever that means - is enough...
As we move to a "BigData" future, the knowledge of basic data handling, quality and governance at both engineering and legal levels is critical - not just for privacy but for basic business reasons, including consumer trust and quality of product.
How to do this is not difficult, but it does require thinking and small, but extremely beneficial cultural change...
and here's a recommendation to get those principles into use:Agreed. Need to translate high level privacy principles & PbD, into specific engineering reqs @mdennedy @i_j_oliver https://t.co/a4hgcUhGnJ— Privacy Matters (@PrivacyMatters) December 20, 2015
You can start here:Privacy Engineering and A Privacy Engineer's Manifesto@daraghobrien I found @i_j_oliver's and @mdennedy's books on privacy engineering of enormous value @ll1t— Privacy Matters (@PrivacyMatters) December 21, 2015