Privacy Engineering — Blog

May 26, 2026 · Engineering

The Right-to-Explanation Handler: GDPR Article 22 as a Go HTTP Endpoint

How a 200-line Go handler turns an audit log and an eval store into a regulator-friendly answer to

GDPRPrivacy EngineeringAI GovernanceGo

May 24, 2026 · Privacy + compliance + engineering

"Enough to Reconstruct, Never Enough to Leak": The HIPAA Audit Log Design Problem

Enough to reconstruct, never enough to leak. The audit event schema problem under §164.312(b), and how to solve it without conflating the audit sink with the PHI sink.

HIPAAAudit LogPrivacy EngineeringCompliance

May 19, 2026 · Compliance + engineering

Building a HIPAA-Aware Medical AI Platform in Go: An Architecture & Compliance Deep Dive

What HIPAA looks like when you express it as Go interfaces — governance policies, append-only audit at DB GRANTs, PHI redaction at the logger seam, and HITL as the §3060 CDS carve-out criterion 4.

HIPAAComplianceGoPrivacy Engineering

#Privacy Engineering

The Right-to-Explanation Handler: GDPR Article 22 as a Go HTTP Endpoint

"Enough to Reconstruct, Never Enough to Leak": The HIPAA Audit Log Design Problem

Building a HIPAA-Aware Medical AI Platform in Go: An Architecture & Compliance Deep Dive