IT2028

Laboratory Exercise
Privacy Concepts
Objective:
At the end of the exercise, the students should be able to:

▪ Distinguish the difference between privacy by design and privacy engineering.

Materials:
▪ Microsoft Word

Procedures:
1. Read the blog post entitled “Privacy Concepts” by Sharma, R. below.
The host of the morning show Good Day Philadelphia, Karen Hepp, is suing Facebook, Reddit,
and several other websites for salacious content after her image, taken by a surveillance
camera at a convenience store in New York, was misused in advertisements displayed on
these sites. In her plaint filed in early September 2019, she stated that her images had been
used for “prurient and illicit purposes” that have caused “serious, permanent and irreparable
harm.” In this case, yes, her right to privacy has been violated. This type of violation of the
sacred right to privacy is present everywhere. In this technology-driven life, how do we deal
with privacy going forward?

Now, we have legislation such as the General Data Protection Regulation, which aims to
protect the rights of EU citizens. Most nations are drafting laws that are very similar in scope
to the GDPR, such as the Data Privacy act of 2012 in the Philippines. But privacy covers a
gamut of domains from law to computer science to cybersecurity. How do we ensure privacy
when it is, at the most fundamental level, a matter of policy?

The answer is by adopting suitable techniques to develop tools that de-identify and anonymize
data. Privacy by Design, or PbD, is an approach whereby privacy is implemented into the
design of new systems. The implementation of these techniques via the design of software
systems is the task of privacy engineering. Privacy engineering is an emerging field of study,
and its exact meaning and scope are still evolving. Privacy engineering brings tools,
techniques, metrics, and taxonomy to implement ‘Privacy by Design’. By building privacy
protections at the core design, privacy engineering aims to reduce privacy risks and to protect
privacy at scale.

The most widely accepted definition is from the US-based National Institute of Standards and
Technology (NIST), which has defined privacy engineering as “a specialty discipline of
systems engineering focused on achieving freedom from conditions that can create problems
for individuals with unacceptable consequences that arise from the system as it processes
PII.”

02 Laboratory Exercise 1 *Property of STI

Page 1 of 2
 IT2028

2. Answer the following questions:

a. What is the article all about?
b. Explain how privacy by design and privacy engineering operate together.
c. Do you agree with the article? Why or why not?

3. Place your answer on MS Word. Once done, save your work with the filename <Last name_First
name_TP2> (ex. Magpili_Carlo_Lab1) and call the attention of your instructor. Have it saved on
his/her FTP account.

GRADING RUBRIC:

Criteria Performance Indicator Points

Correct ideas, concepts, descriptions, and

Content 40
feedback were included.

The student's explanations are relative to

Relevance 30
the correct concepts.

Ideas and concepts were presented in an

Organization 20
organized manner.

Total 100

Reference:
Sharma, R. (2019, September 30). Privacy concepts. Retrieved from https://www.onedpo.com/privacy-
engineering/#importance_privacy on February 9, 2021

02 Laboratory Exercise 1 *Property of STI

Page 2 of 2