Privacy Engineering Beginner’s Literature

A short overview on selected books, papers, standards and guidelines that will provide beginners in the field an overview on privacy engineering.

Books

• N. Bhajaria: Data Privacy – A Runbook for Engineers
• R. Cronk: Strategic Privacy by Design
• M. Dennedy et al.: The Privacy Engineer’s Manifesto: Getting from Policy to Code to QA to Value
• J.-H. Hoepman: Privacy is hard and seven other myths (my recommendation for absolute beginners in privacy engineering)
• W. Stallings: Information Privacy Engineering and Privacy by Design

Papers & Reports

• A. Cavoukian: Privacy by Design
• L. Cranor & L. Kissner: Privacy Engineering Superheroes
• M. Deng et al.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements
• C. Dwork & A. Roth: The algorithmic foundations of differential privacy
• D. Evans et al.: A Pragmatic Introduction to Secure Multi-Party Computation
• S. Gürses: Can you engineer privacy? On the potentials and challenges of applying privacy research in engineering practice
• S. Gürses & J. van Hoboken: Privacy after the Agile Turn
• S. Gürses & J. del Alamo: Privacy Engineering: Shaping an Emerging Field of Research and Practice
• M. Hansen et al.: Protection Goals for Privacy Engineering
• J. Heurix et al.: A taxonomy for privacy enhancing technologies
• J.-H. Hoepman: Privacy Design Strategies
• B. Kostova et al.: Privacy Engineering Meets Software Engineering. On the Challenges of Engineering Privacy By Design
• S. Pearson & A. Benameur: A Decision Support System for Design for Privacy
• A. Pfitzmann & M. Hansen: A terminology for talking about privacy by data minimization
• S. Spiekermann & L. Cranor: Engineering Privacy
• K. Wuyts et al.: LIND(D)UN privacy threat tree catalog

Standards & Guidelines

• CNIL: GDPR Developer’s Guide
• Conference of the Independent Data Protection Supervisory Authorities of the Federation and the Länder: Standard Data Protection Model
• EDPB: Guidelines 4/2019 on Article 25 – Data Protection by Design and by Default
• ENISA: Date Protection Engineering — From Theory to Practice 
• ICO: Data protection by design and default
• ISO/IEC 27550 – Information technology — Security techniques — Privacy engineering for system life cycle processes
• ISO/IEC 29100:2011 – Information technology — Security techniques — Privacy framework
• ISO 31700-1:2023 – Consumer protection — Privacy by design for consumer goods and services — Part 1: High-level requirements
• ISO/TR 31700-2:2023 – Consumer protection — Privacy by design for consumer goods and services — Part 2: Use cases
• NIST: NISTIR 8062 – An Introduction to Privacy Engineering and Risk Management in Federal Systems
• NIST: NIST Privacy Framework: A tool for improving privacy through enterprise risk management, version 1.0

Other Sources

• IPEN Wiki for Privacy Standards and Privacy Projects