This paper surveys the emerging discipline of privacy engineering. Privacy engineers require multidisciplinary knowledge and skills. To be effective, they need to have an understanding of both technical and non-technical considerations. Privacy engineers are tasked with managing risks. The paper reviews several risk models that they can adopt, some based on Fair Information Practice Principles and legal compliance, others stemming from user-centric harms and integrity of context. Privacy engineers must then apply systematic risk analyses, using tools such as privacy impact assessments, to measure and quantify identified risks. Finally, privacy engineers must design controls to mitigate those risks, including privacy-respecting architectures, effective privacy policies, and a range of data management methods including minimization, anonymization, aggregation, and the use privacy-enhancing technologies.
There is a growing understanding that innovation and competitiveness must be approached from a “design-thinking” perspective – namely, a way of viewing the world and overcoming constraints that is at once holistic, interdisciplinary, integrative, creative, innovative, and inspiring. Privacy, too, must be approached from the same design-thinking perspective. Privacy and data protection should be incorporated into networked data systems and technologies by default, and become integral to organizational priorities, project objectives, design processes, and planning operations. Ideally, privacy and data protection should be embedded into every standard, protocol, and data practice that touches our lives. This will require skilled privacy engineers and common methodologies and tools. This paper seeks to promote a broader understanding and deeper practice of privacy engineering.