||New Reviews| |Software Methodologies| |Popular Science| |AI/Machine Learning| |Programming| |Java| |Linux/Open Source| |XML| |Software Tools| |Other| |Web| |Tutorials| |All By Date| |All By Title| |Resources| |About||
Keywords: Privacy, data security, P3P
Title: Privacy: What Developers and IT Professionals Should Know
Author: J.C. Cannon
Publisher: Addison Wesley
Media: Book, CD
Verdict: For software developers and IT managers there's a lot of useful material here and it's a good place to start on getting to grips with the subject
Privacy is a complex topic, and trying to bolt it on to applications after they have been designed and built is as hopeless, difficult and dangerous as trying to secure software after the event. Help is at hand in the form of 'Privacy: What Developers and IT Professionals Should Know', by J C Cannon, privacy strategist at Microsoft.
The book is organised into three sections and aims to provide a comprehensive over-view of the privacy issues that architects, managers and developers need to understand in order to build and deploy applications. This entails more than just a look at particular tools and technologies.
The first part of the book looks at what privacy means in a software context. The definition of what constitutes privacy is fairly broad, encompassing both the obvious issues of personal data storage and the more insidious dangers of web click-through tracking and the potential dangers inherent in data mining from disparate sources in order to build profiles of user (and consumer) habits. This section of the book also examines the impact of privacy legislation, pointing out that web applications are international in nature and therefore a knowledge of different rules in different markets is required. A useful chapter on managing privacy in Windows provides some useful examples of how the issues are tackled in practice. Not only does this provide some good real-world examples (the latest versions of Windows Media Player, for example, are excellent examples of how developers can get it right), it's also useful for anyone wanting to get to grips with managing their own Windows privacy settings.
Having thoroughly explored the issues, the book moves on to look at organisational infrastructure. As with IT security, Cannon suggests that privacy issues need to be taken extremely seriously and that this means that this necessarily entails organisational change. One of the suggestions is that good governance requires both a chief privacy officer and also a privacy response centre to deal with incidents.
This is followed up by a chapter on how to perform a privacy analysis. Data flow diagrams are a key technique, and the worked examples are complemented by the set of templates and icons on the accompanying CD. While the use of DFDs may have been displaced somewhat by the rise of UML Activity Diagrams, in this situation it's ideal for modelling the flow of personal information through an application.
What follows is a sample privacy-aware application, or rather a skeleton application with screens and interaction but no real functionality. It includes all the features one would expect, from P3P integration to privacy settings to centralised privacy control for group administration and data encryption. It's a good idea, and makes sense of the diverse material covered previously.
The final chapters look at database security and at digital rights management. Additional material, including checklists and document templates are included in a set of appendices.
It should be clear that privacy issues are both complex and important, and getting a handle on them is essential if people want to avoid embarrassing (and damaging) mistakes that lead to disclosure of users data or other privacy incident. For software developers and IT managers there's a lot of useful material here and it's a good place to start on getting to grips with the subject.