Hey folks,
PSG is happy to announce we have decided to open-source our list of “Big 5” software privacy requirements that folks can use to drive the discussion around inclusion of privacy into your products.
What are the “Big 5”?
As the complexity of applications and the sophistication of the privacy discipline have increased dramatically in the past decade, the number of potential product privacy requirements needed to meet these issues has grown beyond the capabilities of all but the most resourced engineering teams. As a result, engineering & product teams need to focus on implementing those requirements that balance risk reduction and resource utilization. PSG has curated a list of privacy requirements (Big 5) that we feel organizations can leverage in order to achieve this balance. While the list is “mostly” current with “most” of the privacy regimes, it is by no means complete and really represents what we feel are the requirements teams should be considering to implement in their products based on our collective team’s experience.
Shout outs
Special shout-outs to not only the internal PSG team but the following two folks who assisted in reviewing our list.
Kim Wuyts - Kim and I worked together on the Threat Modeling Manifesto and her work on LINDDUN inspired the list. If you haven’t looked at this, you should check it out at www.linddun.org
Demetrios Eleftheriou- Demetrios introduced me to privacy while we worked together at EMC. There isn’t a better privacy lawyer out there so if you need help, catch him at www.eleftherioulawfirm.com
The List
Here is the list.
If you have any updates or additions, please feel free to contribute back to the community.
The Future
This post will be the first in a 3 part series covering these requirements.
(Coming Soon) - Part 2 - Mapping the Privacy Big 5 to LINDDUN
(Coming Soon) - Part 3 - Mapping the Privacy Big 5 to the Major Privacy Regs
Enjoy
Marc & the team at PSG