Privacy Engineering Book Contents

So as the Privacy Engineering book approaches its first major milestone, that of having the contents finalised and much of the chapters in a state for formal reviewing.

Though I must admit there are some quite unique spelling and grammatical errors in there at the moment; not to mention formatting but fortunately LaTeX is every helpful in that respect.



So here's the TOC:

1. Introduction
2. Case Study
3. Data Flow Modelling
4. Security Classifications
5. Information Type Classifications
6. Data Transformation Classifications
7. Provenance Classifications
8. Purpose and Usage Classifications
9. Controller and Processor Classifications
10. Identity Classifications
11. External Classifications
• Personal Information
• PII
• Traffic Data
• Risk Classifications
12. Requirements Structuring
13. Policies and Control
14. Risk and Privacy Impact Assessments
15. Examples and Patterns
16. Privacy Enhancing Technologies
17. Constructing a Privacy Programming
18. Privacy Auditing

As with all these things the specific ordering might change and some subsections might move but all-in-all things are now stable.

As with all work of this type, just the act of writing down things reveals glaring errors and missing knowledge - or at least many, many things that I have taken for granted. Take requirements engineering for example, just understanding how requirements are derived and structured has been a fairly major undertaking. Most of this is quite obvious but locked away in neurons and other structures [1] for the most part.

In other ways this has been very much like writing a PhD thesis, although without the fun of being a student and with added distractions of daily life, family and work; though the latter is the test-bed for many of these ideas and from where most of them were derived. I must admit finding technical areas where relatively little work has been made in the area of privacy, such as engineering requirements, has been enlightening, especially when one has to rely upon gut instinct and good old-fashioned research skills.

Still the joy of research especially when being led into areas such as organisational risk management, checklists, surgical and anaesthetic safety, aviation, industrial accident prevention, process etc is immensely fun.

Anyway, the deadline I'm working to is mid-May 2014, though to quote Douglas Adams:

“I love deadlines. I love the whooshing noise they make as they go by.”

References:

[1] Hagan, Hameroff & Tuszynski (2002) "Quantum computation in brain microtubules? Decoherence and biological feasibility," Physical Review E, 65, 061901.