Carnegie Mellon University
October 15, 2012

Press Release: Carnegie Mellon Integrates Policy and Technology In New Master’s Degree for Privacy Engineers

First-of-its-kind Program Covers “Privacy by Design” Principles

Contact: Byron Spice / 412-268-9068 /

PITTSBURGH—People tasked with safeguarding privacy in this age of Big Data and easy Internet access need an unusual combination of technological know-how and policy savvy — expertise that will be honed in a new master’s degree program for privacy engineers offered by Carnegie Mellon University’s School of Computer Science.

The Master of Science in Information Technology-Privacy (MSIT-Privacy) is a 12-month program that begins in the 2013 fall semester.

“Privacy breaches, whether through poor design or as the result of attacks, have become a staple of the daily news,” said Norman Sadeh, professor of computer science, who will co-direct the MSIT-Privacy program with Lorrie Faith Cranor, associate professor of computer science and engineering and public policy.

“Leaders in social media, tech and Internet companies, financial service firms and government agencies all tell us that they see an increasing need for privacy engineers who can help them design and maintain systems that protect people’s identities and personal information,” Sadeh added.

Until now, however, this critical expertise has been acquired only through on-the-job experience, said Cranor, director of the CyLab Usable Privacy and Security Lab. “Carnegie Mellon has a number of faculty with deep expertise in privacy and offers a variety of privacy-related courses,” she added. “This new program goes a step further by integrating privacy engineering with product design, software development, cyber security and human-computer interaction, as well as legal and business considerations.”

The program includes two semesters of courses taught by leading academic privacy and security experts. In the Carnegie Mellon tradition of learning by doing, the program also includes a summer-long capstone project in which MSIT-Privacy students will serve as privacy consultants on projects for commercial clients.

The program will emphasize the concept of “privacy by design,” in which safeguards are incorporated into the design of systems and products from the very beginning of the development process. Students will be trained to identify points where privacy may be at risk, propose and evaluate solutions to mitigate risks, understand the capabilities and limitations of privacy-enhancing technologies, assess the usability of privacy-related features and understand current privacy regulatory and self-regulatory frameworks, among other skills.

“To embed privacy by design into all things involving information technology, we will need to have privacy engineers, of which there are currently very few,” said Ann Cavoukian, Information and Privacy Commissioner in Ontario, Canada. “Professors Cranor and Sadeh have provided an excellent remedy to this problem by developing their new MSIT-Privacy program at Carnegie Mellon.”

Students who complete the master’s degree program will be prepared for the International Association of Privacy Professionals (IAPP) Certified Information Privacy Professional certification exam.

“As the field of privacy grows around the globe, we are seeing a clear need for highly trained engineers who can translate the complexity of privacy into technology,” said J. Trevor Hughes, president and CEO of the IAPP. “There are too few of these professionals today, and we look forward to welcoming Carnegie Mellon graduates into this burgeoning profession.”

The MSIT-Privacy program is primarily intended for students who already have a technical degree, such as computer science, computer engineering or software engineering, or have comparable work experience. Students should apply for the program by Feb. 1, 2013. For more information, see the program website at

Follow the School of Computer Science on Twitter @SCSatCMU.