Vous voulez voir cette page en français ? Cliquez ici.


or
Sign in to turn on 1-Click ordering.
More Buying Choices
Have one to sell? Sell yours here
Tell the Publisher!
I'd like to read this book on Kindle

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Privacy: What Developers and IT Professionals Should Know [Paperback]

J.C. Cannon
4.0 out of 5 stars  See all reviews (1 customer review)
List Price: CDN$ 54.99
Price: CDN$ 34.64 & FREE Shipping. Details
You Save: CDN$ 20.35 (37%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Temporarily out of stock.
Order now and we'll deliver when available. We'll e-mail you with an estimated delivery date as soon as we have more information. Your account will only be charged when we ship the item.
Ships from and sold by Amazon.ca. Gift-wrap available.

Formats

Amazon Price New from Used from
Paperback CDN $32.75  
Paperback, Oct. 1 2004 CDN $34.64  

Book Description

Oct. 1 2004 0321224094 978-0321224095 1
When you are on a Web site you don't know well, and you are asked tocomplete an online form, if you are like most people you immediately weigh inyour mind issues of how private the information you provide will be kept.Studies have shown that 64% of consumers have left a Web site because ofconcerns about privacy, and that online retailers lose $6.2 billion a year in salesbecause of privacy issues. Lack of privacy conditions in building an applicationor a web site is a liability; conversely, a web site where the consumer feels thattheir privacy will be guarded is a competitive advantage. In our securityconsciousworld privacy is a topic of concern right up there with identity theftand spam. Yet until now there has not been one source of information fordevelopers on how to develop applications and web sites that will take intoconsideration privacy concerns. JC Cannon draws upon the experience he haslearned from his role in the corporate privacy group at Microsoft to givedevelopers a complete guide to including privacy in their development process.It covers topics such as spam, digital rights management, the Platform forPrivacy Preferences (P3P) project, and protecting database data.

Product Details


Product Description

From the Inside Flap

Preface

"Is it secret? Is it safe?"

Gandalf to Frodo Lord of the Rings, The Fellowship of the Ring

The movie Marathon Man contains a scene in which the protagonist is tied to a chair and being asked over and over again "Is it safe?" He doesn't know how to answer the question and starts to squirm when the interrogator takes out a set of dental tools and walks toward him. This is the discomfort that many consumers feel when considering whether to complete an online form or download software from the Internet. Not knowing whether it is safe to share your information or use technology can be frustrating. There should be no ambiguity when it comes to a person's safety. It should be clear what will happen to a person's data when clicking the Submit button on a form or dialog. You should be able to trust that the new software you installed on your computer won't take data from your computer and send it across the Internet.

When a dentist is looking in your mouth or a mechanic is looking under the hood of your car, do you wonder whether they are looking for their next Porsche payment or trip to Hawaii? Do you wish there were an easy way to trust their intentions? In the same manner, you probably wish there were an easy way to trust the privacy statement that is obtained from a Web site or the end-user license agreement from an application before you used them. You should not have to feel obliged to perform a Google search before trusting a company.

The term solutions, as used throughout this book, refers to applications, tools, software services, interactive Web pages, and any other products created with a programming or script language. I don't want anyone to think that I am focusing on only a specific type of technology or platform to provide answers to today's privacy issues.

This book will help you learn to use technologies that will help you protect your privacy and to build solutions that can help protect the privacy of others. More than that, you will learn to build your own privacy infrastructure to permit the creation of trustworthy software and services and help you respond effectively to privacy incidents.

Disclaimer

I currently work at Microsoft in their Corporate Privacy Group. Most of what I know about privacy and much of the technology discussed in this book I learned while working there and with other groups at Microsoft during my six-year tenure. However, the opinions expressed in this book are entirely mine and the other contributors to this book, not those of Microsoft. Although many of the practices described in this book come from Microsoft practices, there are subtle differences between some of the practices described here and the ones followed at Microsoft. I even included descriptions of technology from companies other than Microsoft to give you a broader view of the privacy technologies that exist today.

My focus on Microsoft technologies in this book is not a statement that they are the only means or best means for developing privacy solutions; it is only indicative of the fact that I spent more than 15 years working on those technologies.

The information provided in this book should not be considered legal advice. Any practices that might affect the image of your company or that could expose you to litigation should not be implemented without consultation from your company's executive and legal departments.

Organization of the Book

The book consists of three parts, each with its own specific focus. Although all readers will benefit from reading the entire book, some readers may want to concentrate on areas that are of greatest interest to them.

Part I is Privacy for Everyone. It provides an overview of privacy, which will assist readers with understanding privacy policy, privacy-invasive and privacy-enhancing technologies, and protecting oneself from privacy intrusions.

Part II is Privacy and the Organization. It gives instruction on how to build a privacy organization, which looks at selecting personnel, getting training, and evangelizing privacy throughout the company. This part also looks at building a privacy response center to respond to privacy issues that might arise in a company.

Chapters 4 through 9 discuss issues that are important to consumers in protecting their privacy online. Consumers will learn about ways to protect themselves from spam, how to use P3P, and about privacy-invasive technologies.

Part III is Privacy and the Developer. This part goes into more technical topics that will be of interest to developers building privacy-enhancing technologies and companies looking to include privacy awareness into the way products are built. The Platform for Privacy Preferences Project is discussed along with protecting database data. This part includes a couple of sample applications that provide instruction on how to use role-based access control to protect access to data based on the category of the data and the role of the user wanting to access the data.

© Copyright Pearson Education. All rights reserved.

From the Back Cover

Praise for J.C. Cannon's Privacy

"A wonderful exploration of the multifaceted work being done to protect the privacy of users, clients, companies, customers, and everyone in between."

—Peter Wayner, author of Translucent Databases

"Cannon provides an invaluable map to guide developers through the dark forest created by the collision of cutting-edge software development and personal privacy."

—Eric Fredericksen, Sr. Software Engineer, PhD., Foundstone, Inc.

"Cannon's book is the most comprehensive work today on privacy for managers and developers. I cannot name any technical areas not covered. No practitioners should miss it."

—Ray Lai, Principal Engineer, Sun Microsystems, Inc., co-author of Core Security Patterns and author of J2EE Platform Web Services

"Every developer should care deeply about privacy and this is the best book I've read on the subject. Get it, read it, and live it."

—Keith Ballinger, Program Manager, Advanced Web Services, Microsoft

"J.C. Cannon's book demonstrates that information and communication technology can contribute in a significant way to restoring individual privacy and raises more awareness of the complexity and importance of this societal problem."

—Dr. John J. Borking, Former Commissioner and Vice-President of the Dutch Data Protection Authority

"If you are planning, implementing, coding, or managing a Privacy campaign in your company or your personal computing, there is no more relevant reference. J.C. Cannon nails the issues."

—Rick Kingslan, CISSP, Microsoft MVP-Windows Server: Directory Services and Right Management, West Corporation

"It's often been said that security is a process, not a product. Privacy is no different! Unlike other privacy books, J.C. Cannon's book has something valuable to convey to everyone involved in the privacy process, from executives to designers and developers, many of whom aren't thinking about privacy but should be."

—Keith Brown, Co-founder of Pluralsight and author of The .NET Developer's Guide to Windows Security and Programming Windows Security

"J.C. Cannon's new book on electronic privacy is an important addition to the available works in this emerging field of study and practice. Through many humorous (and occasionally frightening) examples of privacy gone wrong, J.C. helps you better understand how to protect your privacy and how to build privacy awareness into your organization and its development process. Keenly illustrating both the pros and cons of various privacy-enhancing and potentially privacy-invading technologies, J.C.'s analysis is thorough and well-balanced. J.C. also explains many of the legal implications of electronic privacy policies and technologies, providing an invaluable domestic and international view."

—Steve Riley, Product Manager, Security Business and Technology Unit, Windows Division, Microsoft

"Privacy concerns are pervasive in today's high-tech existence. The issues covered by this book should be among the foremost concerns of developers and technology management alike."

—Len Sassaman, Security Architect, Anonymizer, Inc.

You're responsible for your customers' private information. If you betray their trust, it can destroy your business. Privacy policies are no longer enough. You must make sure your systems truly protect privacy—and it isn't easy. That's where this book comes in.

J.C. Cannon, Microsoft's top privacy technology strategist, covers every facet of protecting customer privacy, both technical and organizational. You'll learn how to systematically build privacy safeguards into any application, Web site, or enterprise system, in any environment, on any platform. You'll discover the best practices for building business infrastructure and processes that protect customer privacy. You'll even learn how to help your customers work with you in protecting their own privacy. Coverage includes

  • How privacy and security relate—and why security isn't enough
  • Understanding your legal obligations to protect privacy
  • Contemporary privacy policies, privacy-invasive technologies, and privacy-enhancing solutions
  • Auditing existing systems to identify privacy problem areas
  • Protecting your organization against privacy intrusions
  • Integrating privacy throughout the development process
  • Developing privacy-aware applications: a complete sample application
  • Building a team to promote customer privacy: staffing, training, evangelization, and quick-response
  • Protecting data and databases via role-based access control
  • Using Digital Rights Management to restrict customer information
  • Privacy from the customer's standpoint: spam avoidance, P3P, and other tools and resources

Whether you're a manager, IT professional, developer, or security specialist, this book delivers all the information you need to protect your customers—and your organization.

The accompanying CD-ROM provides sample privacy-enabling source code and additional privacy resources for developers and managers.

J. C. CANNON, privacy strategist at Microsoft's Corporate Privacy Group, specializes in implementing application technologies that maximize consumer control over privacy and enable developers to create privacy-aware applications. He works closely with Microsoft product groups and external developers to help them build privacy into applications. He also contributed the chapter on privacy to Michael Howard's Writing Secure Code (Microsoft Press 2003). Cannon has spent nearly twenty-five years in software development.


© Copyright Pearson Education. All rights reserved.


Sell a Digital Version of This Book in the Kindle Store

If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store. Learn more

Customer Reviews

5 star
0
3 star
0
2 star
0
1 star
0
4.0 out of 5 stars
4.0 out of 5 stars
Most helpful customer reviews
By MayerCC
Format:Paperback|Verified Purchase
Privacy: What Developers and IT Professionals Should Know (paperback)

FYI: CD is referred to as "accompanying CD-ROM" but it does not inform you as to how / where to obtain it, that I could find. PLS see the following URL to download it via the Downloads tab;
[...]
or directly;
[...]

To the author, PLS provide ebook or some digital book version option for sale, instead of paper only copy.

This is a supplemental read item for the CIPP/IT, so it could use an update. However note, references are still mostly relevant with current versions...unfortunately. An overall updated of the book (to current events, since publication of 2004...approximately 10 years since written) would be very appreciated.
Was this review helpful to you?
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com: 4.6 out of 5 stars  7 reviews
3 of 4 people found the following review helpful
5.0 out of 5 stars Excellent information on privacy issues... Oct. 6 2004
By Thomas Duff - Published on Amazon.com
Format:Paperback
I recently received a copy of Privacy: What Developers and IT Professionals Should Know by J. C. Cannon (Addison-Wesley). This is a good book that does an excellent job in delivering to the target audience.

Chapter list: An Overview Of Privacy; The Importance of Privacy-Enhancing and Privacy-Aware Technologies; Privacy Legislation; Managing Windows Privacy; Managing Spam; Privacy-Invasive Devices; Building a Privacy Organizational Infrastructure; The Privacy Response Center; Platform for Privacy Preferences Project (P3P); Integrating Privacy in the Development Process; Performing a Privacy Analysis; A Sample Privacy-Aware Application; Protecting Database Data; Managing Access to Data: A Coding Example; Digital Rights Management; Privacy Section for a Feature Specification; Privacy Review Template; Data Analysis Template; List of Privacy Content; Privacy Checklist; Privacy Standard; References; Index

In today's environment, nearly every aspect of your daily existence touches data processing systems in some way. And if you surf the web, you know you are constantly being asked for personal and demographic information. But all too often, privacy issues related to all this information are not addressed in a secure, consistent methodology. Because of that, you stand a good chance of having far more personal information released to 3rd parties than you may be comfortable with. This book will help you become aware of the issues and build solid systems and processes that protect that privacy.

The first part of the book shows you how to secure your own privacy when you're working with computers. With the use of features such as pop-up blockers, cookie blockers, anonymous email services, and other related tools, you can effectively control the amount of information about your person and your activities while online. This information is really useful to anyone reading the book regardless of whether they are in IT or not. The second part of the book concentrates more on building software and processes that recognizes this right to privacy and gives the consumer choices on how to disclose and manage their personal information. The information is very practical and readable, and organizations would do well to consider the information presented here.

If you happen to be working in an industry affected by legislation such as HIPAA, this book becomes critical. If you're dealing with personal health information, you have no choices when it comes to privacy. The laws are spelled out, and the legal consequences for violating these laws are severe. Companies such as these should definitely get a copy.

This information has even affected one of the application changes I am currently working on. The user wanted to track the number of hits that a document got for reading. I started to build the change to track *who* read it, but then remembered that "less is more". There's no reason to track that information, so I shouldn't. As a result, I've got a more privacy-friendly application that delivers the desired results without violating the reader's privacy.

Good book, and worth the time for reading...
2 of 3 people found the following review helpful
5.0 out of 5 stars Instant Privacy Awareness Dec 1 2004
By Stephen Northcutt - Published on Amazon.com
Format:Paperback
I give the book 5 stars for making a complex subject both accessible and interesting, for communicating the urgency of addressing privacy issues, and for supplying the information IT professionals and developers need to build privacy functionalities into the solutions they create and deliver. This book will be most useful for US readers as expectations and laws vary across the world.

There are two questions an organization should ask about privacy: What is the cost of implementing a privacy program and what is the potential cost of not implementing a privacy program. Cannon's book will appeal as much to managers and executives responsible for knowing the answers to those questions.

The first third of the book provides an overview of privacy legislation and of technologies that are either privacy-enhancing or privacy-invasive, with suggestions for how to protect oneself from privacy intrusion. Chapter 4 is devoted to the subject of managing privacy for Windows products which can be helpful to administrators and consumers. It covers the privacy settings for XP, Windows Server 2003, Windows Office 2003, and Windows Media Player 9. Consumers and privacy advocates alike will find a wealth of information here about what privacy technologies exist and how to use them.

In the next fifty pages, Cannon discusses how to build a privacy organizational infrastructure and a privacy response center; and the reminder of the 350-page book is devoted to walking developers through the steps necessary to actually build privacy functionalities into their solutions. It is here that Cannon delves into more technical topics of interest to developers building privacy-enhancing technologies and to companies looking to include privacy awareness into the way products are built.

P3P is something I have struggled with on the SANS Institute's own web page. At present, it seems like an organization is safer not implementing it and the book was very helpful for me to better grasp the issues surround electronic enforcement of privacy.
4.0 out of 5 stars Privacy: What Developers and IT Professionals Should Know Aug. 23 2013
By J. Dutcher - Published on Amazon.com
Format:Paperback|Verified Purchase
The book is good. I think because it was written a while ago, it is becoming a bit dated but always good to have a good base to build on. Easy to read as well.
4.0 out of 5 stars High level privacy overview Feb. 8 2005
By Dmitri Nevedrov - Published on Amazon.com
Format:Paperback
I enjoyed reading this book. Although not very detailed or technical, the book is a good management level overview of data protection, privacy ideas and techniques to enforce privacy policies within an organization. The book is useful for a software developer, IT person, database administrator, manager, or anyone involved in handling or managing computer data. The material is presented in a language suitable for virtually any IT expertise level. There are some examples presented from real life that help the reader to understand the concepts better. I think the book covers almost everything about digital data privacy and it does not focus solely on privacy related to Microsoft products.
5.0 out of 5 stars Required reading Dec 27 2004
By Harold McFarland - Published on Amazon.com
Format:Paperback
When it comes to the privacy issue, this is a lucid look at what the issues are, how they are often overlooked or violated in the normal course of business and things developers should consider when writing programs. The book covers everything from the mundane privacy problems people don't think about to high level privacy issues. For example, he discusses the privacy problems of sending a "private" email to someone else when it is subject to examination at your ISP level, may be on their backup tapes, may be on the log files of several computers between your ISP and the ending ISP, may be subject to examination by anyone of them, etc. He also discusses the privacy considerations of such items as medical patient records accessed over the Internet, encryption issues, and authorization issues.

With all this background information in mind he then discusses how to integrate consideration of these privacy issues into your program and way of thinking in general. This is not an expose of particular privacy problems but a theoretical framework for privacy that uses real-world examples to illustrate the issues. One of the really good points the author makes is that there is a difference between privacy and security. There are a lot of good books on security available today but privacy is rarely discussed. The author provides a thoroughly convincing argument as to why security is not enough and privacy issues must be considered at all times and in all environments.

Privacy: What Developers and IT Professionals Should Know is highly recommended for everyone even remotely connected to the computer technology environment, no exceptions.
Search Customer Reviews
Only search this product's reviews
ARRAY(0xb5dced2c)

Look for similar items by category


Feedback