TY - GEN
T1 - Compliance as Baseline, or Striving for More? How Privacy Engineers Work and Use Privacy Standards
AU - Kilhoffer, Zachary
AU - Wilder, Devyn
AU - Bashir, Masooda
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - The privacy field is becoming more rigorous and standardized with privacy engineers (PEs) playing key roles in the process. Yet, privacy engineering remains vaguely defined, and privacy standards remain far from the wide demand and acceptance of security standards like ISO 27001 or FedRAMP. To better understand the work PEs do, and how privacy standards fit in, we conducted an interview study with (n=14) privacy engineers. The findings revealed two new roles PEs fulfill: (1) Liaison between Legal and Engineering teams, and (2) Educator. We found that PEs are often too caught up in baseline legal compliance issues to think about implementing more ambitious privacy goals. The more senior PEs were more likely to have the need, flexibility, and resources to effect organizational change using privacy standards. This study provides timely information to ensure privacy standards remain current, relevant, and effective by detailing the challenges and opportunities PEs experience on the job generally, and with privacy standards specifically.
AB - The privacy field is becoming more rigorous and standardized with privacy engineers (PEs) playing key roles in the process. Yet, privacy engineering remains vaguely defined, and privacy standards remain far from the wide demand and acceptance of security standards like ISO 27001 or FedRAMP. To better understand the work PEs do, and how privacy standards fit in, we conducted an interview study with (n=14) privacy engineers. The findings revealed two new roles PEs fulfill: (1) Liaison between Legal and Engineering teams, and (2) Educator. We found that PEs are often too caught up in baseline legal compliance issues to think about implementing more ambitious privacy goals. The more senior PEs were more likely to have the need, flexibility, and resources to effect organizational change using privacy standards. This study provides timely information to ensure privacy standards remain current, relevant, and effective by detailing the challenges and opportunities PEs experience on the job generally, and with privacy standards specifically.
KW - privacy engineering
KW - privacy standards
UR - http://www.scopus.com/inward/record.url?scp=85202997513&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85202997513&partnerID=8YFLogxK
U2 - 10.1109/EuroSPW61312.2024.00008
DO - 10.1109/EuroSPW61312.2024.00008
M3 - Conference contribution
AN - SCOPUS:85202997513
T3 - Proceedings - 9th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2024
SP - 9
EP - 18
BT - Proceedings - 9th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2024
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 9th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2024
Y2 - 8 July 2024 through 12 July 2024
ER -