This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
A Framework for Managing Privacy-Enhancing Technology
May-June 2012 (vol. 29 no. 3)
pp. 45-49
David Pelkola, KPMG Canada
The changing global business environment and continued introduction of new technologies are significantly affecting organizations' privacy practices. In this environment, privacy-enhancing technology (PET) often becomes a key to protecting personal information. A considerable amount of literature has discussed PET technologies and their benefits. However, the lack of clear organizational accountability can become a roadblock to effectively designing and implementing PET solutions. For organizations that don't employ these solutions, the result is increased regulatory and privacy risk and potential costs related to privacy breaches. Establishing a multidisciplinary privacy committee with clear roles and responsibilities assigned to various members is a possible approach to help address accountability.

1. “Five Key Considerations for Enabling Privacy in Health Information Exchanges,” white paper, EMC, 2010; www.emc.com/collateral/software/white-papers h7463-five-considerations-enabling-privacy-hies-rsa.pdf .
2. S. Kenny, “An Introduction to Privacy Enabling Technologies,” The Privacy Advisor,1 May 2008; www.privacyassociation.org/publications2008_05_introduction_to_privacy_enhancing_technologies .
3. W. Brown and F. Nasuti, “Sarbanes-Oxley and Enterprise Security: IT Governance and What It Takes to Get the Job Done,” EDP Audit, Control, and Security Newsletter, vol. 33, no. 2, 2005, pp. 1–20; www.infosectoday.com/SOXBrown.pdf.
4. “Privacy-Enhancing Technologies—White Paper for Decision Makers,” Netherlands Ministry of the Interior and Kingdom Relations, 2004; www.dutchdpa.nl/downloads_overigPET_whitebook.pdf .
5. P. Jeselon and A. Fineberg, A Foundational Framework for a PbD—PIA, Information and Privacy Commissioner of Ontario, 2011; http://privacybydesign.ca/content/uploads/ 2011/11PbD-PIA-Foundational-Framework.pdf .
1. W. Brown and F. Nasuti, “Sarbanes-Oxley and Enterprise Security: IT Governance and What It Takes to Get the Job Done,” EDP Audit, Control, and Security Newsletter, vol. 33, no. 2, 2005, pp. 1–20; www.infosectoday.com/SOXBrown.pdf.
2. P. Weill and J.W. Ross, IT Governance: How Top Performers Manage IT Decision Rights for Superior Results, Harvard Business Press, 2004.
3. Information Security Governance: A Call to Action, Nat'l Cyber Security Summit Task Force, 2005; www.criminal-justice-careers.com/sites/default/ files/resourcesInfoSecGov4_04.pdf .
4. A. Cavoukian, Privacy by Design: The 7 Foundational Principles, Information and Privacy Commissioner of Ontario, 2011; www.ipc.on.ca/images/resources7foundationalprinciples.pdf .
5. “Privacy by Design and ReDesign—Yesterday, Today and Tomorrow: It's Time for All Companies to Join the Journey,” interview, Nymity, 2011; www.nymity.com/Free_Resources/Privacy_Interviews/ 20112011_Ann_Cavoukian.aspx.

Index Terms:
privacy-enhancing technology, privacy committee, software engineering
Citation:
David Pelkola, "A Framework for Managing Privacy-Enhancing Technology," IEEE Software, vol. 29, no. 3, pp. 45-49, May-June 2012, doi:10.1109/MS.2012.47
Usage of this product signifies your acceptance of the Terms of Use.