Application Security , Governance & Risk Management , Next-Generation Technologies & Secure Development
'Privacy by Design': Building Better Apps
Why Privacy Considerations Should Be Part of DevelopmentTechnology companies often don't build in controls to protect privacy during the application development process, says Jason Cronk, a lawyer and privacy engineer. But using "privacy by design" principles during software development can help avoid trouble, he says.
"At this point, most developers, most software engineers don't understand privacy, don't understand the risk of what they doing," Cronk says.
He's a proponent of "privacy by design," a concept that's been around since the 1990s that's now gaining traction in the age of rampant data breaches and privacy gaffes. The approach calls for applying privacy principles while an application or service is developed rather than retroactively, he says (see: NIST to Finalize Privacy Framework Soon).
One of the first considerations for organizations is determining what they hope to achieve with an app or service, which can help ensure that it's designed to not pose tangential privacy risks, Cronk says in an interview with Information Security Media Group.
"Thinking about privacy up front can change the dynamics of what you're building. It can really suggest different avenues for achieving the same goal."
In this interview (see audio link below photo), Cronk discusses:
- Why today's developer tools often fall short on privacy;
- How to conduct more effective privacy impact assessments;
- How organizations can incorporate privacy by design into their development process
Cronk is a licensed attorney in Florida. He holds certifications from the International Association of Privacy Professionals, including Information Privacy Technologist, Information Privacy Manager and Fellow of Information Privacy. Cronk is the author of Strategic Privacy by Design, a book aimed at helping organizations build privacy into their software development cycle. Cronk is scheduled to hold training sessions throughout October and November in Washington, D.C., several locales in Australia, Belarus and Jamaica.