What do you think?
Rate this book
Data Privacy: A runbook for engineers
Engineer privacy into your systems with these hands-on techniques for data governance, legal compliance, and surviving security audits.
In Data Privacy you will learn how
Classify data based on privacy risk
Build technical tools to catalog and discover data in your systems
Share data with technical privacy controls to measure reidentification risk
Implement technical privacy architectures to delete data
Set up technical capabilities for data export to meet legal requirements like Data Subject Asset Requests (DSAR)
Establish a technical privacy review process to help accelerate the legal Privacy Impact Assessment (PIA)
Design a Consent Management Platform (CMP) to capture user consent
Implement security tooling to help optimize privacy
Build a holistic program that will get support and funding from the C-Level and board
Data Privacy teaches you to design, develop, and measure the effectiveness of privacy programs. You’ll learn from author Nishant Bhajaria, an industry-renowned expert who has overseen privacy at Google, Netflix, and Uber. The terminology and legal requirements of privacy are all explained in clear, jargon-free language. The book’s constant awareness of business requirements will help you balance trade-offs, and ensure your user’s privacy can be improved without spiraling time and resource costs.
About the technology
Data privacy is essential for any business. Data breaches, vague policies, and poor communication all erode a user’s trust in your applications. You may also face substantial legal consequences for failing to protect user data. Fortunately, there are clear practices and guidelines to keep your data secure and your users happy.
About the book
Data A runbook for engineers teaches you how to navigate the trade-off s between strict data security and real world business needs. In this practical book, you’ll learn how to design and implement privacy programs that are easy to scale and automate. There’s no bureaucratic process—just workable solutions and smart repurposing of existing security tools to help set and achieve your privacy goals.
What's inside
Classify data based on privacy risk
Set up capabilities for data export that meet legal requirements
Establish a review process to accelerate privacy impact assessment
Design a consent management platform to capture user consent
About the reader
For engineers and business leaders looking to deliver better privacy.
About the author
Nishant Bhajaria leads the Technical Privacy and Strategy teams for Uber. His previous roles include head of privacy engineering at Netflix, and data security and privacy at Google.
Table of Contents
PART 1 PRIVACY, DATA, AND YOUR BUSINESS
1 Privacy Why it’s needed, how to scale it
2 Understanding data and privacy
PART 2 A PROACTIVE PRIVACY DATA GOVERNANCE
3 Data classification
4 Data inventory
5 Data sharing
PART 3 BUILDING TOOLS AND PROCESSES
6 The technical privacy review
7 Data deletion
8 Exporting user Data Subject Access Requests
PART 4 SECURITY, S
In Data Privacy you will learn how
Classify data based on privacy risk
Build technical tools to catalog and discover data in your systems
Share data with technical privacy controls to measure reidentification risk
Implement technical privacy architectures to delete data
Set up technical capabilities for data export to meet legal requirements like Data Subject Asset Requests (DSAR)
Establish a technical privacy review process to help accelerate the legal Privacy Impact Assessment (PIA)
Design a Consent Management Platform (CMP) to capture user consent
Implement security tooling to help optimize privacy
Build a holistic program that will get support and funding from the C-Level and board
Data Privacy teaches you to design, develop, and measure the effectiveness of privacy programs. You’ll learn from author Nishant Bhajaria, an industry-renowned expert who has overseen privacy at Google, Netflix, and Uber. The terminology and legal requirements of privacy are all explained in clear, jargon-free language. The book’s constant awareness of business requirements will help you balance trade-offs, and ensure your user’s privacy can be improved without spiraling time and resource costs.
About the technology
Data privacy is essential for any business. Data breaches, vague policies, and poor communication all erode a user’s trust in your applications. You may also face substantial legal consequences for failing to protect user data. Fortunately, there are clear practices and guidelines to keep your data secure and your users happy.
About the book
Data A runbook for engineers teaches you how to navigate the trade-off s between strict data security and real world business needs. In this practical book, you’ll learn how to design and implement privacy programs that are easy to scale and automate. There’s no bureaucratic process—just workable solutions and smart repurposing of existing security tools to help set and achieve your privacy goals.
What's inside
Classify data based on privacy risk
Set up capabilities for data export that meet legal requirements
Establish a review process to accelerate privacy impact assessment
Design a consent management platform to capture user consent
About the reader
For engineers and business leaders looking to deliver better privacy.
About the author
Nishant Bhajaria leads the Technical Privacy and Strategy teams for Uber. His previous roles include head of privacy engineering at Netflix, and data security and privacy at Google.
Table of Contents
PART 1 PRIVACY, DATA, AND YOUR BUSINESS
1 Privacy Why it’s needed, how to scale it
2 Understanding data and privacy
PART 2 A PROACTIVE PRIVACY DATA GOVERNANCE
3 Data classification
4 Data inventory
5 Data sharing
PART 3 BUILDING TOOLS AND PROCESSES
6 The technical privacy review
7 Data deletion
8 Exporting user Data Subject Access Requests
PART 4 SECURITY, S
- GenresSoftware
709 pages, Kindle Edition
Published March 22, 2022
18 people are currently reading
53 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 4 of 4 reviews
April 18, 2023
Just as a reference, every book gets a 3 star by default. Starting from those 3 stars, the good and the bad:
The good:
(1) The author at least tries to design example guidelines and frameworks where people might be struggling; (+1)
(2) I liked chapter 3 (data classification) and chapter 6 (writing (D)PIAs), because there is some good and solid advice in there that everyone should understand. (+1)
The bad:
(1) It took me a long time to work through the text because it is far too wordy. There are a lot of opinions, not always useful examples, exhaustive descriptions of situations and the author’s resume splattered across the pages. I seriously think this book could be limited to about 66% at least; (-1)
(2) Much of the advice is mostly “opinion based on personal experience”. Which is fine, but the reader must be aware of this, because it severely limits the applicability of the aforementioned frameworks etc. Taking into account this is a very US centric, and therefor: limited, book, I would take a lot of care in applying the advice; (-.5)
(3) I would argue that you are actually better of reading the CISSP CBK, and then browse this book’s ToC and chapter summaries. Much of the content is not new at all, but more than that: it is very limited in background; (-.5)
(4) I disagree with some of the content, and that is fine. But some of the content is just plain wrong. Things like attributing “Plan Do Check Act” to Microsoft make my toes cringe (this was coined by Deming in the 1950’s). Another example: in a book on privacy, the author suggests at a certain point to use the name of the person in a tag. PII in a tag - first time for me. (-1)
(5) Runbook for engineers - manage your expectation. You’re better off reading a book on DevSecOps, and then refer to point (3) above. (won’t deduct anything, cf (3))
The author positions himself as Privacy Architect, but this book does not show that, I feel. It reads more as a resource for a privacy analyst. That would be my advice: read this with that expectation, and you’ll be pleased. For all other intents and purposes, I’d just skim through the ToC and summaries. I agree with Peter White (Charles Stuart University), quoted on the back: “Offers some valuable insights and direction for enterprises looking to improve the privacy of their data” - but make sure you understand that you need more background than this book.
The good:
(1) The author at least tries to design example guidelines and frameworks where people might be struggling; (+1)
(2) I liked chapter 3 (data classification) and chapter 6 (writing (D)PIAs), because there is some good and solid advice in there that everyone should understand. (+1)
The bad:
(1) It took me a long time to work through the text because it is far too wordy. There are a lot of opinions, not always useful examples, exhaustive descriptions of situations and the author’s resume splattered across the pages. I seriously think this book could be limited to about 66% at least; (-1)
(2) Much of the advice is mostly “opinion based on personal experience”. Which is fine, but the reader must be aware of this, because it severely limits the applicability of the aforementioned frameworks etc. Taking into account this is a very US centric, and therefor: limited, book, I would take a lot of care in applying the advice; (-.5)
(3) I would argue that you are actually better of reading the CISSP CBK, and then browse this book’s ToC and chapter summaries. Much of the content is not new at all, but more than that: it is very limited in background; (-.5)
(4) I disagree with some of the content, and that is fine. But some of the content is just plain wrong. Things like attributing “Plan Do Check Act” to Microsoft make my toes cringe (this was coined by Deming in the 1950’s). Another example: in a book on privacy, the author suggests at a certain point to use the name of the person in a tag. PII in a tag - first time for me. (-1)
(5) Runbook for engineers - manage your expectation. You’re better off reading a book on DevSecOps, and then refer to point (3) above. (won’t deduct anything, cf (3))
The author positions himself as Privacy Architect, but this book does not show that, I feel. It reads more as a resource for a privacy analyst. That would be my advice: read this with that expectation, and you’ll be pleased. For all other intents and purposes, I’d just skim through the ToC and summaries. I agree with Peter White (Charles Stuart University), quoted on the back: “Offers some valuable insights and direction for enterprises looking to improve the privacy of their data” - but make sure you understand that you need more background than this book.
December 22, 2022
Very superficial.
May 30, 2024
This was a great read, for anyone curious about Privacy, regulations, how it impacts tech companies and how it relates to privacy. I liked it especially because of the technical aspect to it since it was geared towards engineers. Little repetitive here and there, but all in good faith to drive the point home.
August 12, 2022
Outstanding book! Should be required reading for IT Leaders and Policy Makers
Great book! Covered a wide range of topics well and made excellent points. Recommended reading for IT Engineers, IT Leaders, Legislators and anyone making policy decisions.
Great book! Covered a wide range of topics well and made excellent points. Recommended reading for IT Engineers, IT Leaders, Legislators and anyone making policy decisions.
Displaying 1 - 4 of 4 reviews