The full-time master's program is offered at Carnegie Mellon University's Pittsburgh campus. Students enrolling in the full-time program can opt between two tracks: 12-months (Privacy Engineering 162 units) and 16 months (Privacy Engineering Practice, 165 units). Students enrolled in the 12 month track will typically begin in the fall semester, complete the program at the end of the following summer and will graduate in August. Students enrolled in the 16 month track will typically begin in the fall semester and will complete the program at the end of the following fall to allow for a summer internship. Students in the 16 month track will graduate the following December. For details about program requirements, please see the Privacy Engineering Handbook (Full-time).

The online part-time master's program has been designed with the objective of being able to accommodate students who are currently employed and who do not want to leave their current job. The program gives students remote access to the exact same classes as full-time students. All lectures are video-taped, giving students the flexibility of watching lectures at their own convenience. Part-time students benefit from additional support in the form of evening recitations and office hours scheduled to simultaneously accommodate both West Coast and East Coast students. The part-time program can be completed in as little as 24 months if a student enrolls in 27 units per semester - the equivalent of two full-semester courses and a seminar. Students who find this tempo to be too demanding, have the option of taking a lighter load and take longer to graduate.

1. 66 units of core courses
   • (17-631) Information Security, Privacy, and Policy  - 12 units
   • (17-562) Law of Computer Technology  - 6 units
   • (17-731) Foundations of Privacy – 12 units
   • (17-733) Privacy Policy, Law, and Technology – 12 units
   • (17-734) Usable Privacy and Security – 12 units
   • (17-735) Engineering Privacy in Software – 12 units
2. Current Topics in Privacy Seminar (17-702)  - 3 units each in spring and fall semester
3. 12 units of approved technical electives
4. 30 units of approved general electives
5. 48 unit privacy-by-design project: Includes 6-unit Privacy-by-design Workshop course and 42 unit Privacy-by-design Practicum project
6. GPA requirement: Student must maintain a 3.0 GPA in courses used for the requirements above.

Students may take additional electives or substitute electives when they have previously taken equivalent courses, if approved by the program director.

Electives. All electives that count towards unit requirements must be approved by the program directors. The program directors will prepare a list of recommended electives each semester that includes a variety of courses that complement the required courses and expose students to material in other relevant disciplines (e.g. biometrics, decision sciences, economics, public policy, statistics, security). Students may propose additional courses for approval. Students may also work on research projects for independent study credits that can be counted towards the elective requirement with the approval of the student’s advisor. A subset of approved electives will be designated as “technical electives.” These electives provide in depth instruction related to a computer science area such as networking, machine learning, or databases.

Extra courses.  Some students may need to take extra non-qualifying classes to address weaknesses in their background, to fulfill prerequisites, or take extra classes simply because they are interested. Such courses will not count toward the unit requirement, except possibly the free elective.

Place-out Opportunities.  Courses taken while students are enrolled as a CMU undergraduate or in another CMU graduate program can be used to satisfy a requirement. Students may replace these courses with additional electives based on consultation with the Program Directors. Students who have taken equivalent courses at other universities may petition the program directors to use these courses in place of required courses and take additional electives instead.

Grade requirement.  Students must earn a "B-" or better in a course for it to satisfy any requirement.

Privacy Engineering 12 month track Sample schedule

Fall (57 or 63 units)
17-702 Current Topics in Privacy Seminar (3 units)
17-562 Law of Computer Technology (6 units, Mini 1) (*17-762 12 Units)
17-631 Information Security, Privacy and Policy (12 units)
17-733 Privacy Policy, Law and Technology (12 units)  
17-731 Foundations of Privacy (12 units)
General elective (12 units)

*Optionally, students taking the 12 unit version of this course insted of the 6 unit version can count the extra 6 units towards general elective credits.

Spring (57 units)
17-702 Current Topics in Privacy Seminar (3 units)
17-734 Usable Privacy and Security (12 units)
17-735 Engineering Privacy in Software (12 units)
General electives (18 units)
Technical elective (12 units)

Summer (48 units)
17-606 Privacy-by-design Workshop (6 units)
17-607 Privacy-by-design Practicum (42 units)
(Optional, one additional elective)

Privacy Engineering Practice 16 month track sample schedule

Courses taken in the fall and spring semesters will remain the same as listed above with the following exceptions:

Summer (3 units)
17-609 Internship for Privacy Engineering (3 units)

Fall (51 units)
17-606 Privacy-by-design Workshop (6 units)
17-607 Privacy By Design Practicum (42 units)
17-702 Current Topics in Privacy Seminar (3 units)
(Optional, one additional elective)

The following details the 2-year sequence of courses students enrolled in the part-time Master's Program in Privacy Engineering are required to take. Students in the part-time Program have to take a total 159 units. In particular, the part-time Program requires the exact same 66 units of core courses and an equivalent practicum experience as the full-time program. Part-time students who find this tempo to be too demanding have the option of dialing it down to one 12-unit course per semester + 3 units of privacy seminar during some semesters. All students are required to enroll in the privacy seminar for a minimum of 4 semesters.

Year 1 – Fall Semester (27 units)

• Information Security, Privacy and Policy (17-631) – 12 units
• Privacy Policy, Law and Technology (17-733) – 12 units
• Current Topics in Privacy Seminar – 3 units

Year 1 – Spring Semester (27 units)

• Engineering Privacy in Software (17-735) – 12 units
• Usable Privacy and Security (17-734) – 12 units
• Current Topics in Privacy Seminar – 3 units

Year 1 – Summer Semester (24 units)

• 2 Electives  (24 units) – towards total of 12 units of approved technical electives and 24 units of approved general electives

---

Year 2 – Fall Semester (27 units)

• Foundations of Privacy (17-731) – 12 units
• Law of Computer Technology (17-762)[1] – 12 units
• Current Topics in Privacy Seminar (17-702) – 3 units

Year 2 – Spring Semester (27 units)

• Privacy by Design Practicum project (“capstone”) – 12 units
• Privacy by Design workshop – 3 units
• Elective (12 units) - – towards total of 12 units of approved technical electives and 24 units of approved general electives

Year 2 – Summer Semester (27 units)

• Privacy by Design Practicum project (“capstone”) – 24 units
• Privacy by Design workshop – 3 units

---

Grade/GPA Requirements

Just like in the full-time Program, students are expected to have a B- or better in each course used to satisfy the Program requirements and to maintain a GPA of 3.0 or better.

In additon to the required courses for the Privacy Engineering Program, Co-Program Director Norman Sadeh is offering a  6 unit course on AI Governance in the Spring and Fall Semesters that can be taken as an elective.

AI Governance: Identifying & Mitigating Risks in Design & Dev of AI Solutions

With AI and ML finding their way into an increasingly broad range of products and
services, it is important to identify and mitigate the risks associated with the adoption of
these technologies. This course reviews the different types of risks associated
with AI and discusses methodologies and techniques available to identify and mitigate
these risks. The course introduces students to ethical frameworks available to identify
and analyze risks. It also examines best practices emerging from both government and
industry efforts in this area. This includes looking at new regulations such as the
EU AI Act as well as emerging frameworks such as the one developed by NIST. The
course also examines frameworks developed by leading companies and how these
frameworks combine both technical and non-technical approaches. It further discusses
changes that need to be enacted by organizations to adopt more systematic
approaches to AI governance.
This course combines a mix of technical, policy, and management discussions.