The quote is about 'privacy' and your user story is about 'speed' - these are different criteria and 'privacy' is much harder to specify in a user story.
I focused on performance because that's one example I've had brought up several times. And it's probably the easiest one.
I've seen privacy stories too. The style I like is to create a malicious user and deny them.
As a Malicious User
I want to steal credit card numbers
So that I can sell them on the black market
Given I have access to the web app
When I supply malformed URLs
I am ignored
A/C
Pentest tool with decent corpus
Another approach, also used, is exploratory testing. Security and privacy are tricky because you're dealing with humans who can react creatively; so the best test is humans who react creatively.
