OWASP Authoritative Privacy Reference Project

This project will provide authoritative guidance and useful frameworks for everyone who is involved in building a system or product based on privacy by design. The Privacy Project will also serve as a central clearinghouse for all OWASP privacy-related information and materials.

This includes developers, architects, product designers, security teams, etc. This project is not focused on the legal or compliance aspects of Privacy except for those things developers and others mentioned here will need to know.

Road Map

Evolving set of artifacts, including more detailed guidelines for how to implement PbD efficiently. Identifying stakeholders, forming workstreams, producing additional content.

# ##

Goal #1: Consensus on “what” is Privacy from the engineering domain’s perspective

1. Understanding the privacy engineering state-of-practice:

2. questionnaire to capture definitions, challenges etc.
3. Describing the need for privacy engineering
4. listing existing privacy problems/issues/…
5. Defining privacy concepts
6. distilling privacy characteristics and concept definitions based on real-world examples

# ##

Goal #2: Identify main challenges from the technical/security side of privacy engineering

1. capturing and prioritizing key privacy engineering challenges

2. using this as input to further scope and roadmap the project

# ##

Goal #3: Provide technical guidance to implement privacy engineering practices

• integrated in the SDLC and aligned to security best practices
• technical privacy focus