BKPRVACY.RVW 20051023 "Privacy", J. C. Cannon, 2005, 0-321-22409-4, U$49.99/C$71.99 %A J. C. Cannon jc_msft@hotmail.com %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8 %D 2005 %G 0-321-22409-4 %I Addison-Wesley Publishing Co. %O U$49.99/C$71.99 416-447-5101 fax: 416-443-0948 bkexpress@aw.com %O http://www.amazon.com/exec/obidos/ASIN/0321224094/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0321224094/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0321224094/robsladesin03-20 %O Audience i- Tech 1 Writing 2 (see revfaq.htm for explanation) %P 347 p. + CD-ROM %T "Privacy: What Developers and IT Professionals Should Know" The preface states that this book should help people learn about privacy technologies. (The cover refines this: it contains what developers and information technology professionals should know.) Part one examines privacy for everyone. Chapter one is a vague review of privacy. A list of privacy related technologies is in chapter two. There is a brief look, in chapter three, at privacy lawsuits and legislation. Chapter four discusses privacy settings in Windows, including the metadata in Word files. Spam, and anti-spam technologies, are surveyed in chapter five. Privacy invasive technologies are examined in chapter six, concentrating on radio- frequency identity chips. Part two looks at privacy and the organization. Chapter seven suggests some corporate structures to do with security, such as having a chief privacy officer and a privacy council. A "Privacy Response Center" is recommended in chapter eight. (I thought they used to call this an "ombudsman" or something.) Part three concerns privacy factors for the developer. Chapter nine outlines the Platform for Privacy Preferences Project (P3P). Advice on developing "privacy aware" software programs is given in chapter ten, although most of it seems to be fairly standard system development methodology. A not-terribly-clear-or-helpful system of diagramming information flow to analyze privacy distribution is suggested in chapter eleven. (An effort to demonstrate a data flow diagrammatic approach to privacy chooses to put error data, administrative activities, and system settings inside the privacy boundary.) Chapter twelve attempts to give an example of how the foregoing three chapters would work in building an application. Some considerations for databases are discussed in chapter thirteen. Another attempt to present a privacy aware program is given in chapter fourteen. Rather oddly, chapter fifteen talks about technologies that protect intellectual property. It is very hard to say what this book is about. Some of part one is not bad, although hardly inspired. The corporate material, in part two, is turgid, and seemingly applicable only to the most massive of corporations. Part three's suggestions about privacy aware applications appear not only unhelpful but pointless, at least in terms of real privacy issues. copyright Robert M. Slade, 2005 BKPRVACY.RVW 20051023