Data Privacy: A Runbook for Engineers

Engineer privacy into your systems with these hands-on techniques for data governance, legal compliance, and surviving security audits.

"I wish I had had this text in 2015 or 2016 at Netflix, and it would have been very helpful in 2008–2012 in a time of significant architectural evolution of our technology." 
Neil Hunt, Former CPO, Netflix

 
In Data Privacy you will learn how to:

    Classify data based on privacy risk
    Build technical tools to catalog and discover data in your systems
    Share data with technical privacy controls to measure reidentification risk
    Implement technical privacy architectures to delete data
    Set up technical capabilities for data export to meet legal requirements like Data Subject Asset Requests (DSAR)
    Establish a technical privacy review process to help accelerate the legal Privacy Impact Assessment (PIA)
    Design a Consent Management Platform (CMP) to capture user consent
    Implement security tooling to help optimize privacy
    Build a holistic program that will get support and funding from the C-Level and board

Data Privacy teaches you to design, develop, and measure the effectiveness of privacy programs. You’ll learn from author Nishant Bhajaria, an industry-renowned expert who has overseen privacy at Google, Netflix, and Uber. The terminology and legal requirements of privacy are all explained in clear, jargon-free language. The book’s constant awareness of business requirements will help you balance trade-offs, and ensure your user’s privacy can be improved without spiraling time and resource costs.

Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.

About the technology
Data privacy is essential for any business. Data breaches, vague policies, and poor communication all erode a user’s trust in your applications. You may also face substantial legal consequences for failing to protect user data. Fortunately, there are clear practices and guidelines to keep your data secure and your users happy.

About the book
Data Privacy: A runbook for engineers teaches you how to navigate the trade-off s between strict data security and real world business needs. In this practical book, you’ll learn how to design and implement privacy programs that are easy to scale and automate. There’s no bureaucratic process—just workable solutions and smart repurposing of existing security tools to help set and achieve your privacy goals.
What's inside

    Classify data based on privacy risk
    Set up capabilities for data export that meet legal requirements
    Establish a review process to accelerate privacy impact assessment
    Design a consent management platform to capture user consent

About the reader
For engineers and business leaders looking to deliver better privacy.

Editorial Reviews

Review

"I wish I had had this text in 2015 or 2016 at Netflix, and it would have been very helpful in 2008-2012 in a time of significant architectural evolution of our technology."
—From the Foreword by Neil Hunt, Former Chief Product Officer, Netflix 
 

"Nishant's timely and powerful book is a must read, must share and must commit to action gem in the hands of every leader in the digital economy of today and forevermore.  We can't uninvent fire & won't stop observing and sharing data."
—Michelle Finneran Dennedy, former Chief Privacy Officer at Cisco and author of The Privacy Engineer's Manifesto
 

"An indispensable guide for practitioners -- engineers, data scientists, and attorneys -- on how to build a world-class privacy program."
—Matthew G Olsen, former Uber Chief Trust and Security Officer.
 

"Bhajaria's succinct and practical frameworks are required reading for anyone who needs to quickly understand how privacy is operationalized to reduce business and engineering friction."
-—Melanie Ensign, Founder and CEO, Discernible Inc and advisor to "The Rise of Privacy Tech"
 

"The best parts are the personal elements you add to the narrative. I also enjoyed the case studies that help to illustrate the examples you provide throughout."
—Ayana Miller, Privacy & Data Protection Advisor, former Privacy specialist at the Federal Trade Commission (FTC) 


"Your guide to building privacy into the fabric of your  organization." 
—John Tyler, Vice President at JPMorgan Chase
 

"The most comprehensive resource you can find about privacy."
—Diego Casella, Sr. Software Engineer at InvestSuite
 

"Offers some valuable insights and direction for enterprises looking  to improve the privacy of their data." 
—Dr. Peter White, Lecturer at Charles Sturt University

這本書將教導您如何在系統中加入隱私保護，包括數據治理、法律合規和通過安全審計。這些實踐技巧將幫助您分類數據的隱私風險、建立技術工具來目錄和發現系統中的數據、使用技術隱私控制來共享數據以測量重新識別風險、實施技術隱私架構來刪除數據、建立技術能力以滿足法律要求，如數據主體資產請求（DSAR）、建立技術隱私審查流程以加速法律隱私影響評估（PIA）、設計同意管理平台（CMP）以捕獲用戶同意、實施安全工具以優化隱私、建立一個全面的計劃，以獲得高層和董事會的支持和資金。

《Data Privacy》教導您如何設計、開發和衡量隱私計劃的有效性。作者Nishant Bhajaria是一位業界知名專家，曾在Google、Netflix和Uber擔任隱私負責人。本書以清晰、不帶行話的語言解釋了隱私的術語和法律要求。書中不斷關注業務需求，幫助您平衡取捨，確保用戶的隱私得到改善，同時不會帶來過高的時間和資源成本。

購買印刷版書籍還包括Manning Publications提供的PDF、Kindle和ePub格式的免費電子書。

關於技術：
對於任何企業來說，數據隱私都是至關重要的。數據洩露、模糊的政策和差劣的溝通都會損害用戶對您應用程序的信任。如果未能保護用戶數據，您還可能面臨嚴重的法律後果。幸運的是，有明確的實踐方法和指南，可以保護您的數據安全，讓用戶滿意。

關於本書：
《Data Privacy：工程師的操作手冊》教導您如何在嚴格的數據安全和現實的業務需求之間取得平衡。在這本實用的書中，您將學習如何設計和實施易於擴展和自動化的隱私計劃。這裡沒有繁文縟節，只有可行的解決方案和對現有安全工具的巧妙應用，以幫助您設定和實現隱私目標。

讀者對象：
適合工程師和業務領導者，希望提供更好隱私保護的人士。

Nishant Bhajaria leads the Technical Privacy and Strategy teams for Uber. He heads a large team that includes data scientists, engineers, privacy experts and others as they seek to improve data privacy for the customers and the company. His role has significant levels of cross-functional visibility and impact. Previously he worked in compliance, data protection, security, and privacy at Google. He was also the head of privacy engineering at Netflix. He is a well-known expert in the field of data privacy, has developed numerous courses on the topic, and has spoken extensively at conferences and podcasts.

Nishant Bhajaria在Uber負責領導技術隱私和策略團隊。他帶領一個大型團隊，包括數據科學家、工程師、隱私專家等，致力於改善客戶和公司的數據隱私。他的角色具有重要的跨功能可見性和影響力。之前他在Google負責合規、數據保護、安全和隱私工作。他還曾擔任Netflix的隱私工程主管。他是數據隱私領域的知名專家，開發了許多相關課程，並在會議和播客中廣泛演講。

PART 1 PRIVACY, DATA, AND YOUR BUSINESS
1 Privacy engineering: Why it’s needed, how to scale it
2 Understanding data and privacy
PART 2 A PROACTIVE PRIVACY PROGRAM: DATA GOVERNANCE
3 Data classification
4 Data inventory
5 Data sharing
PART 3 BUILDING TOOLS AND PROCESSES
6 The technical privacy review
7 Data deletion
8 Exporting user data: Data Subject Access Requests
PART 4 SECURITY, SCALING, AND STAFFING
9 Building a consent management platform
10 Closing security vulnerabilities
11 Scaling, hiring, and considering regulations

第一部分 隱私、數據和您的業務
1 隱私工程：為什麼需要它，如何擴展它
2 了解數據和隱私
第二部分 積極的隱私計劃：數據治理
3 數據分類
4 數據清單
5 數據共享
第三部分 建立工具和流程
6 技術隱私審查
7 數據刪除
8 導出用戶數據：數據主體訪問請求
第四部分 安全、擴展和人員配置
9 建立同意管理平台
10 關閉安全漏洞
11 擴展、招聘和考慮法規