In the fall of 2013, Carnegie Mellon University will roll out a first-of-its kind program for students aiming to become privacy engineering professionals. The Master of Science in Information Technology—Privacy (MSIT-P) degree is a 12-month program geared toward future privacy engineers or technical privacy managers interested in ensuring that privacy is implemented into products and services.
Classes will be taught by privacy and security experts and will conclude with a summerlong “learning-by-doing, capstone project” in which students will work as privacy consultants with students in other professional master’s programs who are working on a project for a client company.
In developing the MSIT-P curriculum, co-directors Lorrie Faith Cranor and Norman Sadeh sought insight from government and industry—including large companies like Microsoft, Google, Facebook and Intel as well as small start-ups. Such companies are increasingly looking for privacy experts who are able to “understand technology and be able to integrate perspectives that span product design, software development, cyber security, human computer interaction as well as business and legal considerations,” says the program’s description.
“We wanted to be sure it was a program designed to meet industry needs, so we talked to a lot of people in industry,” Cranor said.
Cranor said the program will fill a gap in the necessary privacy training students need to become effective privacy leaders at companies that are increasingly collecting consumer data and developing new products and services.
The IAPP will partner with the MSIT-P program to offer on-campus Certified Information Privacy Professional certification exams to students in the program. The exams will be free for student members of the IAPP. Though history has seen companies hiring lawyers or policy experts to take on privacy roles, Cranor says there’s been an increase in advertisements for privacy engineers and technical privacy managers. Meanwhile, degree programs tend to offer few courses that focus exclusively on privacy.
“There was really nowhere a technical person could go to get that technical privacy training in an in-depth way,” Cranor said. “Most people who are doing privacy engineering work right now have mostly had on-the-job training. So what’s really exciting about this is that we’re going to be turning out graduates who are going to able to hit the ground running in these privacy engineering jobs.”
The feedback from industry has been positive, Cranor said, adding that people across the board “were very excited about the idea of having this pool of people trained in privacy engineering that they can hopefully hire from in a couple of years.”
The program must be completed on campus rather than remotely, Cranor noted.