Chapter 3: Introduction to Technological Aspects of Privacy

Privacy by Design and Limits of Technical Measures

Privacy by design embeds privacy from the onset and is legally required in California and the EU. Privacy-enhancing technologies altering or shielding data are powerful, but weak organizational measures undermine them - most encryption is cracked through implementation mistakes, not algorithm flaws.

Privacy by design embeds privacy from the start and is now legally required in California and the EU, among others. Privacy engineering has emerged as a role using mathematically sophisticated tools to preserve privacy while maintaining data utility.

Organizational measures matter most

Weak organizational measures can undermine strong technical measures: in practice, most encryption is cracked due to a mistake in implementation rather than a flaw in the algorithm. Reducing privacy risk requires combining technical measures (encryption, hashing) with organizational measures (limiting which employees can access data).

Key terms - quick answers

What is “Privacy by design”?

Embedding privacy principles in architectures, products, and services from the onset; legally required in California and the EU among others.

What is “Privacy engineering”?

An emerging role focused on engineering privacy requirements into systems using increasingly sophisticated mathematical tools.

← The Adversarial Mindset: STRIDE, Zero Trust and Least Privilege The Business Case for Privacy and the Cost of Mishandling Data →