Home > Store

Privacy: What Developers and IT Professionals Should Know

Register your product to gain access to bonus material or receive a coupon.

Privacy: What Developers and IT Professionals Should Know


  • Sorry, this book is no longer in print.
Not for Sale



From a leader in the field, the first book on how to build privacy safeguards into web sites and applications, a topic of growing importance

° Shows how to identify privacy problem areas and implement privacy features

° Describes how to build applications that are privacy aware

° Author is one of the top experts on privacy, managing the corporate privacy group at Microsoft

° The cost to businesses of not taking privacy into account when building applications is too great to ignore


  • Copyright 2005
  • Edition: 1st
  • Book
  • ISBN-10: 0-321-22409-4
  • ISBN-13: 978-0-321-22409-5

Praise for J.C. Cannon's Privacy

"A wonderful exploration of the multifaceted work being done to protect the privacy of users, clients, companies, customers, and everyone in between."

—Peter Wayner, author of Translucent Databases

"Cannon provides an invaluable map to guide developers through the dark forest created by the collision of cutting-edge software development and personal privacy."

—Eric Fredericksen, Sr. Software Engineer, PhD., Foundstone, Inc.

"Cannon's book is the most comprehensive work today on privacy for managers and developers. I cannot name any technical areas not covered. No practitioners should miss it."

—Ray Lai, Principal Engineer, Sun Microsystems, Inc., co-author of Core Security Patterns and author of J2EE Platform Web Services

"Every developer should care deeply about privacy and this is the best book I've read on the subject. Get it, read it, and live it."

—Keith Ballinger, Program Manager, Advanced Web Services, Microsoft

"J.C. Cannon's book demonstrates that information and communication technology can contribute in a significant way to restoring individual privacy and raises more awareness of the complexity and importance of this societal problem."

—Dr. John J. Borking, Former Commissioner and Vice-President of the Dutch Data Protection Authority

"If you are planning, implementing, coding, or managing a Privacy campaign in your company or your personal computing, there is no more relevant reference. J.C. Cannon nails the issues."

—Rick Kingslan, CISSP, Microsoft MVP-Windows Server: Directory Services and Right Management, West Corporation

"It's often been said that security is a process, not a product. Privacy is no different! Unlike other privacy books, J.C. Cannon's book has something valuable to convey to everyone involved in the privacy process, from executives to designers and developers, many of whom aren't thinking about privacy but should be."

—Keith Brown, Co-founder of Pluralsight and author of The .NET Developer's Guide to Windows Security and Programming Windows Security

"J.C. Cannon's new book on electronic privacy is an important addition to the available works in this emerging field of study and practice. Through many humorous (and occasionally frightening) examples of privacy gone wrong, J.C. helps you better understand how to protect your privacy and how to build privacy awareness into your organization and its development process. Keenly illustrating both the pros and cons of various privacy-enhancing and potentially privacy-invading technologies, J.C.'s analysis is thorough and well-balanced. J.C. also explains many of the legal implications of electronic privacy policies and technologies, providing an invaluable domestic and international view."

—Steve Riley, Product Manager, Security Business and Technology Unit, Windows Division, Microsoft

"Privacy concerns are pervasive in today's high-tech existence. The issues covered by this book should be among the foremost concerns of developers and technology management alike."

—Len Sassaman, Security Architect, Anonymizer, Inc.

You're responsible for your customers' private information. If you betray their trust, it can destroy your business. Privacy policies are no longer enough. You must make sure your systems truly protect privacy—and it isn't easy. That's where this book comes in.

J.C. Cannon, Microsoft's top privacy technology strategist, covers every facet of protecting customer privacy, both technical and organizational. You'll learn how to systematically build privacy safeguards into any application, Web site, or enterprise system, in any environment, on any platform. You'll discover the best practices for building business infrastructure and processes that protect customer privacy. You'll even learn how to help your customers work with you in protecting their own privacy. Coverage includes

  • How privacy and security relate—and why security isn't enough
  • Understanding your legal obligations to protect privacy
  • Contemporary privacy policies, privacy-invasive technologies, and privacy-enhancing solutions
  • Auditing existing systems to identify privacy problem areas
  • Protecting your organization against privacy intrusions
  • Integrating privacy throughout the development process
  • Developing privacy-aware applications: a complete sample application
  • Building a team to promote customer privacy: staffing, training, evangelization, and quick-response
  • Protecting data and databases via role-based access control
  • Using Digital Rights Management to restrict customer information
  • Privacy from the customer's standpoint: spam avoidance, P3P, and other tools and resources

Whether you're a manager, IT professional, developer, or security specialist, this book delivers all the information you need to protect your customers—and your organization.

The accompanying CD-ROM provides sample privacy-enabling source code and additional privacy resources for developers and managers.

J. C. CANNON, privacy strategist at Microsoft's Corporate Privacy Group, specializes in implementing application technologies that maximize consumer control over privacy and enable developers to create privacy-aware applications. He works closely with Microsoft product groups and external developers to help them build privacy into applications. He also contributed the chapter on privacy to Michael Howard's Writing Secure Code (Microsoft Press 2003). Cannon has spent nearly twenty-five years in software development.

© Copyright Pearson Education. All rights reserved.

Sample Content

Online Sample Chapter

Managing Spam

Downloadable Sample Chapter

Download the Sample Chapter related to this title.

Table of Contents


1. An Overview of Privacy.

    Who's Watching Our Data?

    Technologies That Communicate with the Internet.

    Investigating Applications.

    Defining Privacy.

    Answering the Call for Privacy.

    The Path to Trustworthiness.

    The Privacy Mantras.

    Valuing Privacy.



2. The Importance of Privacy-Enhancing and Privacy-Aware Technologies.

    The Goal of PATs and PETs: The Constant Pursuit of Anonymity.

    Privacy-Enhancing Technologies.

      Anonymizers and Pseudonymizers.

      History-Clearing Tools.

      Popup Blockers.



      Cookie Managers.

      Secure File Deletion.

      Online Privacy Protection Suites.

    Privacy-Aware Technologies.

      The Importance of Privacy-Aware Solutions.

      Finding Business Value in Privacy-Aware Solutions.

      Privacy Features.

      Privacy Statement.

      P3P Integration.

      Privacy Settings.

      Centralized Privacy Setting Management.

      Ability to View Data to Be Transmitted to the Internet.

      Clear Tracks and Personal Info.

      Documentation of Privacy-Related Data.

      Unsubscribe Feature.

       Access Control.



3. Privacy Legislation.

    Regulations Changing the Way Companies Do Business.



      Alexa Internet.

      Microsoft Office 2003.

    Major Privacy Legislation.

      Organisation for Economic Co-operation and Development (OECD).

      EU Directive on Data Protection.

      Personal Information Protection and Electronic Document Act (PIPEDA).

      The U.S. Safe Harbor Privacy Principles.

      Children's Online Privacy Protection Act (COPPA).

      Computer Fraud and Abuse Act (CFAA).

      Gramm-Leach-Bliley Act (GLBA).

      Health Insurance Portability and Accountability Act (HIPAA).

    Privacy-Certification Programs.


4. Managing Windows Privacy.

    Privacy Disclosure Documents for Microsoft Windows.

      Management Papers.

      First Privacy Statement.

    Using Group Policy for Centralized Setting Management.

    Online Help and Top Issues.

    Windows Error Reporting.

      Using the Windows Error Reporting Dialog.

      Using Group Policy to Manage Windows Error Reporting.

    Automatic Updates.

      Configure Automatic Updates.

      Specify Intranet Microsoft Update Service Location.

      Reschedule Automatic Updates Scheduled Installations.

      No Auto-Restart for Scheduled Automatic Updates Installations.

    My Recent Documents.

    Windows Media Player 9.

    Microsoft Office 2003.

      Microsoft Office 2003 Online Settings.

      Microsoft Word 2003 Metadata Settings.

      Microsoft Office Remove Hidden Data Tool.

    Creating a Custom ADM File.

    Creating a Custom GPO for Privacy.



5. Managing Spam.

    Spam As a Privacy Issue.

    The Cost of Spam.

    Spam Litigation.

    What Can Be Done to Fight Spam.




    Antispam Approaches.

      Challenge-Response for Account Creation.

      Client-Side Antispam Solutions.

      Spam and Infected Attachments.

    Server-Side Antispam Solutions.

      Block List Companies.

      Antispam Server Software.

    Developing E-Mail-Friendly Solutions.

    Protecting Legitimate Bulk E-Mail.



6. Privacy-Invasive Devices.

    Radio Frequency Identification (RFID) Tags.

      Blocking RFID Tags.

      Subdermal RFID Devices.

      Other RFID Tag Uses.

      Market Acceptance of RFID Tags.

      Problems with RFID Tags.

      RFID Tags and Privacy Concerns.

      Obtaining RFID Tags.

    Radar-Based Through-the-Wall Surveillance System.

    Spotme Conferencing Device.

    nTAG Smart ID Badges.

    Smart Dust.

    Devices That Look Under Clothing.

      Passive Millimeter Wave Scanners.

      Backscatter X-Ray Devices.

    A Legal View of New Technology.



7. Building a Privacy Organizational Infrastructure.

    The Absence of a Privacy Infrastructure Can Be Costly.

    Understanding Your Company's Data Handling Practices.

    The Chief Privacy Officer.

    The Corporate Privacy Group.

      Creating a Corporate Privacy Policy.

      Providing Privacy Training.

      The Flow of Privacy Policy to Departments.

    Building a Privacy Hierarchy for Developing Solutions.

      Creating a Privacy Council.

      Privacy Leads.

      Developing a Privacy Standard.


8. The Privacy Response Center.

    Providing Customer Service for Privacy Issues.

    Handling Privacy Issues.

    The Importance of a Privacy Response Center.

    Organizing a Privacy Response Center.

      Integrating the PRC with Product Groups.

      Working with Foreign Subsidiaries.

    PRC Workflow.

    Technology Description.

      Recording Privacy Issues.

      Online Privacy Form.

    Improving the Privacy Response Process.

    Determining Resources.



9. Platform for Privacy Preferences Project (P3P).

    Surveillance: Good or Bad?

    Introducing P3P for Expressing Web Site Privacy.

    Deploying P3P at a Web Site.

      The P3P Reference File.

       P3P Policy File.

      P3P Compact Policy.

    Browsers and P3P Integration.

      Internet Explorer.



      Mozilla Firebird.



      AT&T Privacy Bird.

    P3P Creation Tools.

      P3P Policy Editor.

      P3P Validator.


      Joint Research Centre.

    A P3P Preference Exchange Language (APPEL).



10. Integrating Privacy into the Development Process.

    Getting Started.

      Start with a Solid Infrastructure.

      Get Privacy Training.

      Create a Plan.

      Privacy-Process Flowchart.

    Integrating Privacy into Development.

      The Documents.

      Design Phase.

      Feature Complete.

      Development Phase.

      Test Phase.

      Code Complete.

      Beta Release.

      Product Release.

      Privacy Response Team.

      Creating a Deployment Guide.

    The Privacy Specification.

      Data Analysis.

      Usage Analysis.

      Security Analysis.

      User Control Analysis.

      User Access Analysis.

      Disclosure Plan.

      Dependency Analysis.

      Phone Home Disclosure.

      Entity Description.

    The Privacy Review.

      Starting the Privacy Review.

      Management by Exception.

       Who Should be Involved?

      Running the Meeting.

      Privacy Review Scope.

      Privacy Review Template.


11. Performing a Privacy Analysis.

    Helpful Hints for Diagramming.

      Number Processes, Data Stores, and Dataflows.

      Use Underscores to Connect Words in a Title When Creating Documentation.

      Use a Prefix on Names or Identifiers to Avoid Confusion.


    Context-Level Application Decomposition.

    Level 0 Application Decomposition.

    Privacy Boundaries.

    Rolling Up an Application Decomposition.

      An Application Decomposition Rollup Example.

      Complex Rollups.


12. A Sample Privacy-Aware Application.

    Program Design.

      F_1.0 User requests.

      F_2.0 User responses.

      F_3.0 Displ priv stat req.

      F_ 4.0 Online data requests.

      F_ 5.0 Priv report data.

      F_6.0 Config data.

      D_ 1.0 Local registry.

      D_ 2.0 PrivacyReport.txt.

    Installing the Application.

    Sample Files.

      Privacy Folder.

      W3C Folder.

      PSample Folder.

      PSample/Release Folder.

      PSample/Res Folder.

    Privacy Disclosure.

      The Privacy Statement.

      P3P Integration.

    Privacy Settings.

      Tying Privacy Settings to Group Policy.

    Encrypting Local Data.


13. Protecting Database Data.

    Physical Security.

    Programmatic Security.

      Using Row-Level Security to Protect Data.

      Using Column-Level Security to Protect Data.

    Transaction Auditing.

    Data Minimization.

      Data Reduction.

      Data Retention Policy.

      Data Classification and Isolation.

    Translucent Databases.

    Data Obfuscation.

    Data Quantization.

    Query Limitation.

      Data Re-identification.

      Result-Set Limitation.

      Column-Count Limitation.

      Query-Type Limitation.



      Determining What to Encrypt.

      Selecting the Right Encryption Algorithm.

      Determining the Encryption Key Length to Use.

    Data Perturbation.

      Type A Bias.

      Type B Bias.

      Type C Bias.

      Type D Bias.

      Perturbation Techniques.

      Advanced Perturbation Techniques.

    Hippocratic Databases.

      Synomos Align.

      IBM Tivoli Privacy Manager.


14. Managing Access to Data: A Coding Example.

    Program Overview.

      Categorizing the Columns of a Table.

      Categorizing the Rows of a Table.

      Encrypting Data.

    Program Files.

      DrOffice Folder.

      Privacy Folder.

      SQL Folder.

    Setting Up the Application.

      Setting Up the Web Files.

      Setting Up the Database.

      Setting Up Authorization Manager.

      Setting Up CAPICOM.

    Testing the Database Version of the Application.

      Viewing Resumés.

      Viewing Patient Information.

    Testing the Authorization Manager Version of the Application.


15. Digital Rights Management.

    The Digital Millennium Copyright Act.

    The Use of DRM to Defend Privacy.

    DRM, Copy-Protection Redux.

    Rights Management Languages.

      Digital Property Rights Language (DPRL).

      eXtensible Media Commerce Language (XMCL).

      eXtensible Rights Markup Language (XrML).

      Open Digital Rights Language (ODRL).

      Making a Choice.




    Rights Management Applications.

      Electronic Media Management System.


      Windows Rights Management Services.

      Information Rights Management.

    Developing DRM Solutions.

      ContentGuard XrML SDK.

      Nokia Content Publishing Toolkit.

      Open Digital Rights Language.

      Windows Rights Management Client SDK.

      Windows Rights Management Services SDK.


A. Privacy Section for a Feature Specification.


      Privacy Impact.


      Impact Description.

      Client-Side Component.

      Web Service Component.

B. Privacy Review Template.

C. Data Analysis Template.

D. List of Privacy Content.

E. Privacy Checklist.



    Onward Transfer.



    Data Integrity.


F. Privacy Standard.



    Corporate Privacy Policy.

    Follow Fair Information Practices.

    Prominent Disclosure.


    Collection of Data.

    Retention Policy.

G. References.


      Antispam Software and Information.

      Anti-Spyware Software and Information.

      Kids' Privacy.

      Privacy Advocacy and Consulting Groups.

      Privacy Certification Programs.

      Privacy Gatherings.

      Privacy Journals.

      Privacy Surveys.

      Privacy Tools and Technology Companies.

      Privacy Training.


      The Fight Against the Invasion of Privacy.

      Privacy Policy.

      Privacy Technology.

       Protecting Online and Personal Privacy.

      Security and Privacy.



Download the Index file related to this title.


Submit Errata

More Information

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020