research-article

Engineering Privacy

Authors:

Sarah Spiekermann,

Lorrie Faith CranorAuthors Info & Claims

IEEE Transactions on Software Engineering, Volume 35, Issue 1

Pages 67 - 82

https://doi.org/10.1109/TSE.2008.88

Published: 01 January 2009 Publication History

Publisher Site

Abstract

In this paper we integrate insights from diverse islands of research on electronic privacy to offer a holistic view of privacy engineering and a systematic structure for the discipline's topics. First we discuss privacy requirements grounded in both historic and contemporary perspectives on privacy. We use a three-layer model of user privacy concerns to relate them to system operations (data transfer, storage and processing) and examine their effects on user behavior. In the second part of the paper we develop guidelines for building privacy-friendly systems. We distinguish two approaches: "privacy-by-policy" and "privacy-by-architecture." The privacy-by-policy approach focuses on the implementation of the notice and choice principles of fair information practices (FIPs), while the privacy-by-architecture approach minimizes the collection of identifiable personal data and emphasizes anonymization and client-side data storage and processing. We discuss both approaches with a view to their technical overlaps and boundaries as well as to economic feasibility. The paper aims to introduce engineers and computer scientists to the privacy research domain and provide concrete guidance on how to design privacy-friendly systems.

Cited By

View all

Aljeraisy ARana OPerera C(2024)Empowering IoT Developers with Privacy-Preserving End-User Development ToolsProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36785888:3(1-47)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1145/3678588
Millard DPacker HJordan JHewitt SMalinov YRogers N(2024)The Ethics of Mixed Reality GamesGames: Research and Practice10.1145/36758062:3(1-26)Online publication date: 30-Aug-2024
https://dl.acm.org/doi/10.1145/3675806
Belguith SOmoronyia IChitchyan Rd'Amorim M(2024)Personal Data-Less Personalized Software ApplicationsCompanion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering10.1145/3663529.3663781(477-481)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.1145/3663529.3663781
Show More Cited By

Index Terms

Engineering Privacy

Recommendations

Analyzing Regulatory Rules for Privacy and Security Requirements

Information practices that use personal, financial and health-related information are governed by U.S. laws and regulations to prevent unauthorized use and disclosure. To ensure compliance under the law, the security and privacy requirements of relevant ...
Privacy vulnerability of published anonymous mobility traces

Mobility traces of people and vehicles have been collected and published to assist the design and evaluation of mobile networks, such as large-scale urban sensing networks. Although the published traces are often made anonymous in that the true ...
Freedom of Privacy: Anonymous Data Collection with Respondent-Defined Privacy Protection

The massive amount of sensitive survey data about individuals that agencies collect and share through the Internet is causing a great deal of privacy concerns. These concerns may discourage individuals from revealing their sensitive information. ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image IEEE Transactions on Software Engineering

IEEE Transactions on Software Engineering Volume 35, Issue 1

January 2009

141 pages

ISSN:0098-5589

Issue’s Table of Contents

Publisher

IEEE Press

Publication History

Published: 01 January 2009

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

106
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 11 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Aljeraisy ARana OPerera C(2024)Empowering IoT Developers with Privacy-Preserving End-User Development ToolsProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36785888:3(1-47)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1145/3678588
Millard DPacker HJordan JHewitt SMalinov YRogers N(2024)The Ethics of Mixed Reality GamesGames: Research and Practice10.1145/36758062:3(1-26)Online publication date: 30-Aug-2024
https://dl.acm.org/doi/10.1145/3675806
Belguith SOmoronyia IChitchyan Rd'Amorim M(2024)Personal Data-Less Personalized Software ApplicationsCompanion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering10.1145/3663529.3663781(477-481)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.1145/3663529.3663781
Gumusel EXiao YQin YQin JLiao XLuo BLiao XXu JKirda ELie D(2024)Understanding Legal Professionals' Practices and Expectations in Data Breach Incident ReportingProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690357(2711-2725)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690357
Krieter PZerrer PPuschmann CGeise SBoratto LGena CMarras MGermanakos PPopescus E(2024)Following Topics Across All Apps and Media Formats: Mobile Keyword Tracking as a Privacy-Friendly Data Source in Mobile Media ResearchAdjunct Proceedings of the 32nd ACM Conference on User Modeling, Adaptation and Personalization10.1145/3631700.3664879(126-131)Online publication date: 27-Jun-2024
https://dl.acm.org/doi/10.1145/3631700.3664879
Prudjinski MHadar ILuria G(2024)Exploring the Role of Team Security Climate in the Implementation of Security by Design: A Case Study in the Defense SectorIEEE Transactions on Software Engineering10.1109/TSE.2024.337411450:5(1065-1079)Online publication date: 6-Mar-2024
https://dl.acm.org/doi/10.1109/TSE.2024.3374114
Abomhara MNweke LYayilgan SComparin DTeyras Kde Labriolle S(2024)Enhancing privacy protections in national identification systems: an examination of stakeholders’ knowledge, attitudes, and practices of privacy by designInternational Journal of Information Security10.1007/s10207-024-00905-023:6(3665-3689)Online publication date: 3-Sep-2024
https://dl.acm.org/doi/10.1007/s10207-024-00905-0
Herwanto GQuirchmayr GTjoa A(2024)Learning to Rank Privacy Design Patterns: A Semantic Approach to Meeting Privacy RequirementsRequirements Engineering: Foundation for Software Quality10.1007/978-3-031-57327-9_4(57-73)Online publication date: 8-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-57327-9_4
Lange FKunz I(2024)Evolution of secure development lifecycles and maturity models in the context of hosted solutionsJournal of Software: Evolution and Process10.1002/smr.271136:12Online publication date: 10-Dec-2024
https://dl.acm.org/doi/10.1002/smr.2711
Windl MWinterhalter VSchmidt AMayer S(2023)Understanding and Mitigating Technology-Facilitated Privacy Violations in the Physical WorldProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3580909(1-16)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3580909
Show More Cited By

Abstract

Cited By

Index Terms

Recommendations

Analyzing Regulatory Rules for Privacy and Security Requirements

Privacy vulnerability of published anonymous mobility traces

Freedom of Privacy: Anonymous Data Collection with Respondent-Defined Privacy Protection

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations