Engineering Privacy in Software
Course Number: 17735/19605/95878
With the advent of privacy legislation, such as the European Union's General Data Protection Regulation (GDPR) and California's Consumer Privacy Act (CCPA), as well as growing consumer privacy concern, there is expanded interest in privacy engineering tools that identify and mitigate privacy harms arising from digital technology use. In this course we will first explore existing frameworks for identifying and classifying privacy threats during software system development. We will then discuss implementations of existing privacy-enhancing technologies and how they can be used in real-world applications. This course is lecture-based and includes a semester-long project in which students will develop a solution to a privacy problem utilizing existing privacy-enhancing technologies. Software engineering experience is not required, though it is helpful if you know how to code. Prior coursework in information security or privacy (e.g. 17-631, 17-733, 14-741) is strongly recommended.
Semester(s): Spring
Units: 12
Location(s): Pittsburgh
Learning Objectives
- An understanding of where and how privacy engineering fits into the software development lifecycle
- Familiarity with the day-to-day work of privacy engineers, such as developing privacy requirements, performing Privacy Impact Assessments, partaking in privacy audits, and responding to privacy incidents.
- A working knowledge of privacy risk assessment frameworks, including LINDDUN and NIST
- Awareness of how common privacy challenges, such as data governance, data deletion, and consent management, have been addressed in practice
- Experience with commercial and research software libraries that implement privacy-enhancing technologies, including differential privacy and secure multiparty computation