CMU introduces new masters program for technological privacy certification
October 16, 2012 4:00 AM
By Deborah M. Todd Pittsburgh Post-Gazette
In a world where Internet browsers track users' every move, the concept of privacy is more of a hard-earned privilege than a given right. Even those with the savvy to avoid public wireless networks and to remove tracking cookies from computers can find they're being watched by sources they never saw coming.
Both government and corporate entities have started seeking computer scientists and engineers well-versed in all things privacy, even as the organizations seek a balance between using data to improve performance and electronically stalking users.
"Over the past several years, both industry and government organizations have created positions for people responsible for ensuring that privacy is an integral part of the design process," reads the program's Web page.
The one-year program, spearheaded by CMU professors Norman Sadeh and Lorrie Cranor, will educate students on technological and design factors that can affect privacy, as well as the social, legal and ethical considerations.
Students in the program will have the option to become Certified Information Privacy Professionals through free on-campus tests provided through a collaboration with the International Association of Privacy Professionals. Based in Portsmouth, N.H., IAPP is the nation's premiere professional organization for individuals working in the privacy sector.
Once students complete two semesters of classroom instruction, they will take part in a summer-long project working as privacy consultants.
Ms. Cranor said the program is designed to match the student privacy consultants with students in e-commerce or other professional programs who are working on projects for corporate clients. Student consultants will examine electronic tools or programs being created for clients, looking for potential flaws that could jeopardize user privacy or the law.
"We have lots of companies saying they want students working on certain projects for them and many times the project proposed have a privacy component to it," said Ms. Cranor.
Besides protecting the rights of consumers, she said students also will have to work to find ways for corporations to access and analyze important user data without crossing any lines.
"What we need to find is a way to mine data and make the data available to researchers without invading privacy," she said.
She noted that an examination of Google searches related to the flu in 2008 discovered flu outbreaks in certain portions of the country. Today, the company operates Google Flu Trends to track the spread of the illness across the globe.
A longtime member of the IAPP, Ms. Cranor helped the organization establish a course for its Certified Information Privacy Professional certification exam. She called the course a good starting point but said a one-day exam wasn't enough training for the growing privacy issues the next generation will face.
"I thought, wouldn't it be great to have an in-depth graduate program for someone who wants to go beyond the one-day class and really immerse themselves in the subject?" she said.
IAPP President and CEO Trevor Hughes said he has heard of several data management and program data courses in universities that include a privacy component, but CMU's program will be the first master's degree program that he knows of in the country.
Considering the organization's growth in the past year alone, Mr. Hughes said he believes the nation will see many more privacy programs at the graduate level in the next few years. After being established in 2000, IAPP membership grew to 9,500 at the start of this year. Today, the number of members has grown to 11,500 and Mr. Hughes expects to see about 12,000 members by the end of the year.
"If this level of growth continues, I expect many more privacy professionals will be needed in the marketplace in relatively short order," he said.
He noted that CMU's program specifically will train students to become privacy engineers who design program infrastructure with privacy in mind or technical privacy managers who oversee a range of matters related to privacy.
However, he said dozens of new positions, including privacy product managers, privacy lawyers, compliance managers, chief privacy officers and ones that have yet to be created will soon emerge. Calling CMU a "vanguard" institution, he said it would be hard to find a better place to begin training for the new paradigm.
"As technology and business practices continue to challenge the ways we use data, by extension you have to believe the information privacy sector will continue to explode," Mr. Hughes said.