Carnegie Mellon University

Privacy Engineering Certificate: Program Details

General Program Details

This program takes place over 4 weekends.  All courses are live via Zoom, Saturday and Sunday, 1:00pm to 4:00pm Eastern Time.

The program fee is $3,000.

Please note: Due to the non-credit bearing nature of this certificate program, students are not eligible to apply for program fee assistance, scholarships or VA benefits.

Certificate Program participants are eligible to earn Continuing Education Units (CEUs). A Continuing Education Unit is a measure used in continuing education programs, particularly those required in a licensed profession. A CEU is not an academic credit; however, it is a nationally recognized method of quantifying the time spent in the “classroom” during professional development and training activities. Units for the Program are calculated based on learning contact hours.  Attending all the Program modules will earn 2.4 CEUs.

To understand whether or not these CEUs may be applied toward professional certification, licensing requirements, or other required training or continuing education hours, please consult your training department or licensing authority directly.

Program Content and Structure

The certificate program is organized around 7 modules designed to give students a practical, hands-on understanding of the disciplines required for privacy engineers to succeed. Modules combine mini tutorials with class discussions and practical, hands-on exercises with instruction offered remotely over the weekend. Students are expected to devote a few weekday evening hours each week to review materials covered over the previous weekend and read material in preparation for the following weekend. The following describes each of the modules.

Module 1 - Introduction to Privacy

This module introduces students to the conceptual and philosophical underpinnings of privacy. The term “privacy” has an array of meanings depending on culture, context, and personal preference and there are a variety of viewpoints and frameworks which may help practitioners make sense of this complicated area. We will review the major schools of thought, history, and controversies in the field of privacy. Students will come away from this session with the mental models needed to reason through complex definitions of privacy in order to decide on sound courses of action.

Module 2 - Privacy Policy: Understanding the Regulatory Landscape

This module focuses on policy issues related to privacy from the perspectives of governments, organizations, and individuals. We will examine the privacy protections provided by laws and regulations, as well as the way technology can be used to protect privacy. We will emphasize technology-related privacy concerns and mitigation, for example: social networks, smartphones, behavioral advertising (and tools to prevent targeted advertising and tracking), anonymous communication systems, and other topics

Module 3 - Information Security

This module introduces students to the concepts, technologies, practices and challenges associated with Information Security. The module takes a broad view of Information Security, which includes looking at relevant business, organizational, human, legal and policy issues. In the process, students will learn what it takes to design, develop, deploy and maintain information systems, services and software products that are secure and comply with applicable regulations. They will develop an appreciation for the multifaceted challenges associated with this space and the complex trade-offs that are often entailed in addressing these challenges in practice. This module in particular will provide students with a foundation of security concepts, techniques and tools that include threat models, applied cryptography, network security, web security, mobile and IoT security. The module includes discussions and hands-on exercises intended to give students a practical appreciation of these topics.

Module 4 & 5 - Privacy Engineering: Principles, Methodologies, and Tools

With the advent of the EU’s General Data Protection Regulation, so-called “Privacy by Design” (PbD) approaches to software systems development have moved from theoretical best-practice to pressing legal requirement. However, despite new requirements to follow PbD, there is no one-size-fits-all approach to engineering privacy-respecting software systems. In this session we will explain how implementing privacy controls in software architecture differs from policy approaches, identify privacy threats emerging from software system design, use personas and goals to develop privacy requirements for high-risk groups, explore the challenges in designing Subject Access Request systems, and how to conduct Privacy Impact Assessments during the software development process.

Module 6 - Algorithms and Models for Privacy and Fairness

This module will discuss quantitative techniques for enforcing and measuring privacy and fairness in complex software systems and algorithms. The module will start by discussing different privacy metrics and definitions, including statistical definitions (e.g., differential privacy) and logical ones. We will discuss tradeoffs between these definitions and techniques for implementing privacy protections in algorithms. In the second portion of the unit, we will discuss algorithmic fairness and bias. We will discuss different approaches for measuring bias in algorithms, as well as techniques for mitigating it.

Module 7 - Usable Privacy Design

This course will motivate and introduce students to user-centered privacy design. We will discuss users’ privacy-related behaviors and concerns and how they make decisions related to privacy. We will talk about several types of privacy interfaces — including privacy notices, consent interfaces, privacy settings, and privacy dashboards — and common usability problems with those interfaces. We will provide a brief introduction to usability and privacy design principles and processes. Finally, we will introduce several common user study methods and show how they have been used in privacy studies. Students will work in groups on a privacy interface design exercise and discuss approaches to conducting user studies to evaluate their solutions.

Module 8 - Review

The module includes a review of program materials with a focus on preparation for the IAPP CIPT exam.

Certificate Program Prerequisites

Students who enroll in the certificate program are expected to have a basic understanding of computers and the Internet and some prior exposure to programming. Minimally, students should be able to read short code snippets in languages such as java, HTML and javascript. Students are also expected to have a basic understanding of statistics. Reading material will be made available to students who are not sure they fully satisfy these requirements or feel they might need a brief refresher. Students are responsible for making sure they meet the program's requirements. We will not be testing them. All instruction is in English. Accordingly a good command of the English language is necessary to take this program - this includes reading, writing as well as speaking.