Privacy Controls: System versus Environmental
I’m sure most people are familiar with aquariums, salt or fresh water containers filled with flora and fauna plus various components to keep the aquarium alive: heaters, pumps for aeration and filtration, light, pH controllers and more. An aquarium is a system. Those components are various controls to keep the system in balance (e.g. temperature, Oxygen, pH, Nitrogen). Even some fish and plants play a role in recycling and cleaning, as anybody who had added a bottom feeding catfish to “control” the detritus knows. All of these are system controls, working within the system to manage and maintain it.
A History of the Institute of Operational Privacy Design (IOPD)
The Institute of Operational Privacy Design (IOPD) was incorporated as a membership based not for profit corporation on January 7th, 2021. It retroactively received status as a 501(c)(6) non-profit professional […]
The Privacy Control Conundrum
There is a significant gap & glaring absence of well-defined, privacy-specific controls in the industry. Instead of clear, actionable measures, the industry is awash with objectives often mislabeled as controls…
Design Assurance Standard Public Release
Introducing the Design Assurance Standard for public commentary! The Design Process Standard (Process Standard) was adopted in January 2023 with this Design Assurance Standard (Assurance Standard) following two years later…
Privacy’s Lack of Control
I’m running into increasing calls from clients and colleagues in the privacy engineering world for a comprehensive and authoritative list of controls. Research and extensive discussion has revealed several uncomfortable truths…
A Privacy Engineer’s Thoughts on Criticism of the Solove Taxonomy
Last week, I voraciously consumed a 2023 law review article published by María P. Angel and Ryan Calo criticizing Daniel Solove ’s Taxonomy of Privacy and Professor Solove’s 2024 critique […]
Privacy Engineering 10 years on
In July 2023, Kim Wuyts and Isabel Barbera invited R Jason Cronk to present the keynote talk to the International Workshop on Privacy Engineering in Delft, Netherlands. Subsequent to that, and because we felt there wouldn’t be an overlapping audience, Nandita Narla and Nikita Samarin, invited him to give the same talk to another group of privacy engineers at the PEP23 workshop ahead of SOUPS in Anaheim, CA. For those who couldn’t be there at either event, Jason decided to write this blog post to summarize the talk.
Privacy by Design Standards: ISO v IOPD Compare and Contrast
Earlier this year, both the Institute of Operational Privacy Design (IOPD) and the International Organization for Standardization (ISO) released standards. This blog looks at both standards, comparing and contrasting the two.
Introducing the Design Process Standard v1.0
It’s been four years in the making! The Standards Committee spent over a year drafting, discussing, editing, reediting, soliciting and responding to public comments, and we eventually created the 1st iteration of what we hope will become a gold standard in Privacy by Design.
The Certification Ecosystem
I’ve learned a lot about certification in that two years as I planned, researched and began to identify the steps best course of action to create this institute. While different […]