This chapter covers
- What is meant by “privacy reviews”
- How companies can split privacy reviews between legal and technical teams
- How technical privacy reviews can be integrated into a company’s workstream
- How the technical privacy review can become more automated and efficient
- Examples of both kinds of reviews (by lawyers and by engineers)
In earlier chapters of this book, you have seen how the modern development process empowers engineers to build products without the constraints of process. Adding to this innovative spirit is the flow of data and the inherent possibilities and risks. Add in impatient business leaders, complicated regulators, and a skeptical customer base, and you have a realistic possibility of products shipping with privacy issues.
The privacy review process is aimed at ensuring that privacy risks are addressed before a company releases products or features. Since the engineers who build the products do not always appreciate or have the time to understand the privacy implications of their work, it is vital that there be a process to ensure scrutiny of these products through a privacy lens.