For all the talk of Privacy by Design, there is a gap separating the worlds of privacy law and systems design. Security and privacy are awkward bedfellows; they are distinct yet many confuse secrecy for privacy, and in turn, IT professionals are liable to hobble their privacy thinking. Privacy and IT practices in fact share a number of traits. If these were better appreciated, we should be able to more firmly locate technological accountability for privacy within the organisation, and we should see more effective interdisciplinary collaboration on
There appears to be a systematic shortfall in the understanding that technologists as a class have of data privacy. IT professionals may receive privacy training but as soon as they hear the oft repeated slogan “Privacy is not a Technology Issue” they tend to switch off.
In the aftermath of this experience, it seemed vital to research what other implications for IT lay unseen in the privacy regime. The starting point was a review of Australia’s privacy principles from the engineer’s perspective, leading to a paper that exposed how big a technology issue privacy really is (Wilson, 2003). Since then, we’ve seen Big Data and the Internet of Things emerge to challenge many of our informal notions about privacy and our regulatory privacy protections. And the terms “Privacy by Design” and “privacy engineering” have entered the mainstream. Privacy is becoming an ever more urgent concern, yet the gap between privacy law and IT practice remains wide and under-appreciated.
This paper looks at the fundamental privacy misconceptions carried by many engineers, and explores some common ground between security and privacy practices, to help bring these fields closer together.