Privacy Engineering Beginner’s Literature
A short overview on selected books, papers, standards and guidelines that will provide beginners in the field an overview on privacy engineering.
Books
- N. Bhajaria: Data Privacy – A Runbook for Engineers
- R. Cronk: Strategic Privacy by Design
- M. Dennedy et al.: The Privacy Engineer’s Manifesto: Getting from Policy to Code to QA to Value
- J.-H. Hoepman: Privacy is hard and seven other myths (my recommendation for absolute beginners in privacy engineering)
- W. Stallings: Information Privacy Engineering and Privacy by Design
Papers & Reports
- A. Cavoukian: Privacy by Design
- L. Cranor & L. Kissner: Privacy Engineering Superheroes
- M. Deng et al.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements
- C. Dwork & A. Roth: The algorithmic foundations of differential privacy
- D. Evans et al.: A Pragmatic Introduction to Secure Multi-Party Computation
- S. Gürses: Can you engineer privacy? On the potentials and challenges of applying privacy research in engineering practice
- S. Gürses & J. van Hoboken: Privacy after the Agile Turn
- S. Gürses & J. del Alamo: Privacy Engineering: Shaping an Emerging Field of Research and Practice
- M. Hansen et al.: Protection Goals for Privacy Engineering
- J. Heurix et al.: A taxonomy for privacy enhancing technologies
- J.-H. Hoepman: Privacy Design Strategies
- B. Kostova et al.: Privacy Engineering Meets Software Engineering. On the Challenges of Engineering Privacy By Design
- S. Pearson & A. Benameur: A Decision Support System for Design for Privacy
- A. Pfitzmann & M. Hansen: A terminology for talking about privacy by data minimization
- S. Spiekermann & L. Cranor: Engineering Privacy
- K. Wuyts et al.: LIND(D)UN privacy threat tree catalog
Standards & Guidelines
- CNIL: GDPR Developer’s Guide
- Conference of the Independent Data Protection Supervisory Authorities of the Federation and the Länder: Standard Data Protection Model
- EDPB: Guidelines 4/2019 on Article 25 – Data Protection by Design and by Default
- ENISA: Date Protection Engineering — From Theory to Practice
- ICO: Data protection by design and default
- ISO/IEC 27550 – Information technology — Security techniques — Privacy engineering for system life cycle processes
- ISO/IEC 29100:2011 – Information technology — Security techniques — Privacy framework
- ISO 31700-1:2023 – Consumer protection — Privacy by design for consumer goods and services — Part 1: High-level requirements
- ISO/TR 31700-2:2023 – Consumer protection — Privacy by design for consumer goods and services — Part 2: Use cases
- NIST: NISTIR 8062 – An Introduction to Privacy Engineering and Risk Management in Federal Systems
- NIST: NIST Privacy Framework: A tool for improving privacy through enterprise risk management, version 1.0