6 The Privacy Review Process: Privacy with a Technical Lens
This chapter covers:
- What is meant by “privacy reviews”
- How companies can split the privacy reviews between the legal and technical teams
- How technical privacy reviews can be integrated into a company’s workstream and processes
- How the technical privacy review can become more automated and efficient
- Examples of both kinds of reviews
In earlier chapters of this book, we have seen how the modern development process empowers engineers to build products without the constraints of process. Adding to this innovative spirit is the flow of data and the possibilities and risks inherent therein. Add in impatient business leaders, complicated regulators and a skeptical customer base, and you have a realistic possibility of products shipping that have privacy issues.
The privacy review process is aimed at ensuring that privacy risks are addressed before a company releases products or features. Since the engineers who build the products do not always appreciate and/or have the time to understand the privacy implications of their work, it is vital that there be a process to ensure scrutiny for these products from a privacy lens.
Having a privacy review process is a continuation of the work we have discussed so far, whereby a company has to manage how it classifies data, catalogs the data, protects it using access controls, and processes and shares it over the course of conducting business.