The Privacy Control Conundrum
There is a significant gap & glaring absence of well-defined, privacy-specific controls in the industry. Instead of clear, actionable measures, the industry is awash with objectives often mislabeled as controls…
Design Assurance Standard Public Release
Introducing the Design Assurance Standard for public commentary! The Design Process Standard (Process Standard) was adopted in January 2023 with this Design Assurance Standard (Assurance Standard) following two years later…
Privacy’s Lack of Control
I’m running into increasing calls from clients and colleagues in the privacy engineering world for a comprehensive and authoritative list of controls. Research and extensive discussion has revealed several uncomfortable truths…
A Privacy Engineer’s Thoughts on Criticism of the Solove Taxonomy
Last week, I voraciously consumed a 2023 law review article published by María P. Angel and Ryan Calo criticizing Daniel Solove ’s Taxonomy of Privacy and Professor Solove’s 2024 critique […]
Privacy Engineering 10 years on
In July 2023, Kim Wuyts and Isabel Barbera invited R Jason Cronk to present the keynote talk to the International Workshop on Privacy Engineering in Delft, Netherlands. Subsequent to that, and because we felt there wouldn’t be an overlapping audience, Nandita Narla and Nikita Samarin, invited him to give the same talk to another group of privacy engineers at the PEP23 workshop ahead of SOUPS in Anaheim, CA. For those who couldn’t be there at either event, Jason decided to write this blog post to summarize the talk.
Privacy by Design Standards: ISO v IOPD Compare and Contrast
Earlier this year, both the Institute of Operational Privacy Design (IOPD) and the International Organization for Standardization (ISO) released standards. This blog looks at both standards, comparing and contrasting the two.
Introducing the Design Process Standard (v 1.0)
It’s been four years in the making! The Standards Committee spent over a year drafting, discussing, editing, reediting, soliciting and responding to public comments, and we eventually created the 1st iteration of what we hope will become a gold standard in Privacy by Design.
The Certification Ecosystem
I’ve learned a lot about certification in that two years as I planned, researched and began to identify the steps best course of action to create this institute. While different […]
The DRAFT Design Process Standard
The IOPD is putting forth a draft of it’s first standard, the IOPD Design Process Standard, for how to implement and measure a company’s compliance with privacy by design requirements that are found in some of the privacy regulations and laws.
Welcome to the Institute of Operational Privacy Design
For many years now, I’ve been concerned about the bombastic claims of many organizations that they do “privacy by design.” While I’ve tried to channel some of that concern into […]
