privacy-engineering-skills

Implement the Kantara Initiative consent receipt specification including machine-readable receipt structure, JWT-based verification mechanisms, receipt lifecycle management, and integration patterns for consent management platforms. Supports ISO/IEC 27560 consent record information structure.

Deploy differential privacy in production systems including epsilon selection strategies, noise calibration with Laplace and Gaussian mechanisms, privacy budget tracking, composition theorems, and Python implementation patterns. Covers both central and local differential privacy models.

Conduct LINDDUN privacy threat modeling across all seven categories: Linking, Identifying, Non-repudiation, Detecting, Data Disclosure, Unawareness, and Non-compliance. Includes DFD-based analysis, threat trees, privacy-specific mitigation strategies, and integration with STRIDE security threat modeling.

Implement the NIST Privacy Framework COMMUNICATE function covering CM.AW awareness raising and CM.PO communication policies. Provides transparency mechanisms, stakeholder engagement frameworks, privacy notice templates, and communication workflow guidance.

Implement the NIST Privacy Framework CONTROL function covering CT.DM data management, CT.DP data processing policies and procedures, and CT.PO disassociated processing. Provides technical control architectures, data management workflows, and de-identification implementation guidance.

Implement the NIST Privacy Framework GOVERN function covering GV.AT awareness and training, GV.MT monitoring and review, GV.PO policy development, and GV.RR roles and responsibilities. Provides governance structure templates, training programs, and accountability frameworks for privacy governance.

Implement the NIST Privacy Framework IDENTIFY function including ID.BE business environment, ID.DA data actions, ID.IM improvement, and ID.RA risk assessment subcategories. Provides control mapping, gap analysis templates, and implementation workflows for privacy risk identification.

Implement the NIST Privacy Framework PROTECT function covering PR.AC access control, PR.DS data security, and PR.PO protective policies. Provides technical control implementation guidance, encryption standards, access management architectures, and security-privacy integration patterns.

Build automated PII detection and redaction pipelines using spaCy NER, Microsoft Presidio, and AWS Macie integration. Includes confidence scoring, custom entity type definitions, batch processing workflows, and multi-format document scanning for structured and unstructured data sources.

Design privacy API patterns including data subject API for DSAR endpoints, consent API for preference management, deletion API with cascading delete orchestration, and audit API for compliance reporting. Provides OpenAPI specifications, error handling, rate limiting, and authentication patterns.

Build privacy-preserving data sharing platforms using synthetic data generation with the SDV library, data clean rooms, secure enclaves, and utility measurement. Covers end-to-end architecture for sharing analytical datasets while preserving individual privacy guarantees.

Build privacy KPI dashboards tracking DSAR volume and response time, breach count and severity, DPIA completion rate, training coverage, and consent rates. Includes metric definitions, data collection patterns, visualization designs, and executive reporting templates for privacy program measurement.

Implement privacy-preserving record linkage across datasets using Bloom filter encoding, secure hash matching, threshold tuning for precision and recall, and false positive management. Enables entity resolution without exposing raw personally identifiable information between parties.

Design and implement Purpose-Based Access Control (PBAC) architecture including purpose ontology definition, policy engine configuration, audit logging of purpose verification at query time, and integration with existing IAM systems. Enforces GDPR Article 5(1)(b) purpose limitation technically.