How to Build Privacy By Design into Web and Mobile
Upcoming SlideShare
Loading in...5
×
 

How to Build Privacy By Design into Web and Mobile

on

  • 1,688 views

Building great online and mobile products is hard enough with a small team and limited resources, so why add to the difficulty by embracing “privacy by design” principles? With so many free, easy ...

Building great online and mobile products is hard enough with a small team and limited resources, so why add to the difficulty by embracing “privacy by design” principles? With so many free, easy web tools available and an “everyone else is doing it” mentality, why take time to create extra user controls and transparency? The reality is your users are starting to understand the issues and will soon demand it. You should demand it, too. But most online tools compromise user privacy at some level, and almost none provide the new benefits that result when privacy is baked in from the start. So, what to do? You can build your own tools, requiring time, skill, patience, and functionality trade-offs; pay a third party for their tools; or adapt open source solutions. Or you can shrug your shoulders and roll the dice... In this presentation, learn how Tarik Kurspahic, the CTO of Personal.com, has built privacy into the company’s DNA.

Statistics

Views

Total Views
1,688
Views on SlideShare
1,686
Embed Views
2

Actions

Likes
3
Downloads
42
Comments
0

1 Embed 2

https://blackboard.strayer.edu 2

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    How to Build Privacy By Design into Web and Mobile How to Build Privacy By Design into Web and Mobile Presentation Transcript

    • How to Build “Privacy by Design” into Web and Mobile #privacy360 | @tariktech#privacy360 | @tariktech
    • Privacy by Design To build privacy and data protection up front, into the design specifications and architecture of information and communication systems, technologies and business practices.#privacy360 | @tariktech
    • NOT (Privacy by Design)#privacy360 | @tariktech
    • Why Should You Care?  Want to do the right thing  Competitive differentiation  Anticipate regulation  Users will be users#privacy360 | @tariktech
    • Big Data Platform + “Privacy by Design” Small Data Is Better#privacy360 | @tariktech
    • Key Privacy Principles  Transparency  Data portability  Right to be forgotten  Anonymity  Control#privacy360 | @tariktech
    • It Starts with Company Culture  Everyone is a Chief Privacy/Security Officer  Train key staff  Think of your customers as Owners – not users  Background checks where appropriate#privacy360 | @tariktech
    • Legal / Policy  User-centric legal model – not CYA  Owner Data Agreement  Always opt-in  Mind towards regulation to come#privacy360 | @tariktech
    • Business Partners and Vendors  Do not give any 3rd parties access to customer  Require HTTPS for login, data exchange and APIs  Do not give any 3rd parties access to customer  Do not sell customer data  Do not co-mingle data between clients  Do not provide analytics except as a service to you  Do not have any privacy/security incidents  Do background checks on employees#privacy360 | @tariktech
    • Marketing  Responsible performance tracking  Try Open Source  Avoid free stuff with strings attached  Minimize Owner exposure to 3rd parties#privacy360 | @tariktech
    • Platform Architecture Considerations ‣ Hosting Provider ‣ Mobile Applications ‣ Hardware / Cloud ‣ APIs ‣ Networking ‣ Message Queues ‣ Security ‣ Notifications / Alerts ‣ CDNs ‣ Search Servers ‣ Web Servers ‣ Logs ‣ Reverse Proxies ‣ Analytics / Reports ‣ Caching ‣ Exports (Download my data) ‣ Database(s) ‣ Admin accounts (superpowers?) ‣ Backups ‣ Password Management ‣ Languages / Framework(s) ‣ Session Management#privacy360 | @tariktech
    • Simplified Platform Architecture Browser Mobile App HTTPS Encryption Alerts Firewalls Search Load Balancers / Proxies Queue Web Servers Cache Servers App Servers Backups Database Servers#privacy360 | @tariktech
    • Potential Data Traps! Cache + History + Bookmarks Offline Browser Mobile App Data 3rd Party Social Plugins Widgets / Analytics HTTPS Encryption Email Log SMS Alerts Firewalls Index Search Load Balancers / Proxies Log Messages Queue Web Servers Log Server Cache Servers App Servers Log Cache Backups Database Servers#privacy360 | @tariktech
    • Don’t Take Candy From Strangers https://www.youtube.com/watch?v=Ouof1OzhL8k#privacy360 | @tariktech
    • …Or At Least Cut The Strings <iframe src="//www.facebook.com/plugins/like.php?href=http%3A%2F%2Fblog. personal.com&amp;send=false&amp;layout=standard&amp;width=450 Phones Home on Load &amp;show_faces=false&amp;action=like&amp;colorscheme=light&am p;font&amp;height=35" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:450px; height:35px;" allowTransparency="true"> </iframe> <a href="https://www.facebook.com/sharer.php?u=http%3A%2F%2F No Strings Attached blog.personal.com"> <img src="/pathtoimage/facebook.gif"> </a>#privacy360 | @tariktech
    • Data-driven Platform Browser Mobile App HTTPS Encryption Firewalls Load Balancers / Proxies Email SMS Web Servers Alerts App Servers Log#privacy360 | @tariktech
    • Supporting True Portability and Deletion A InstanceNameAlreadyExistsException occurred in info#create: * URL : https://www.personal.com/owner/info * IP address: 127.0.0.1 * Parameters: {"authenticity_token"=>"43w3oYPUAOU4eFhUdCHV1obgIaeSIO1Yk68ajcR1TOE=", "template_id"=>"0040", "card_nickname”"[FILTERED]", "card_type”"[FILTERED]", "card_type_otherP3”"[FILTERED]", "card_network”"[FILTERED]", "credit_name_on_card”, "credit_card_number”"[FILTERED]", "expiration_date”"[FILTERED]", "security_code”, "credit_website_address”"[FILTERED]", "card_contact_number”"[FILTERED]", "credit_card_auto_pay”"[FILTERED]", "credit_card_account_debited_during_auto_pay”"[FILTERED]", "credit_notes”"[FILTERED]", "password”"[FILTERED]", "owner_id"=>"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"} • data: {:session_id=>"c3c5c361c1e89…[omitted]", :_csrf_token=>"43w3oYPUAOU4…[omitted]", :expires_at=>Mon Jan 02 14:46:56 -0500 2012}#privacy360 | @tariktech
    • What About Mobile?  Secure API (HTTPS only)  Don’t take data without the Owner’s consent  Understand offline data storage/encryption options  Understand platform leakage potential#privacy360 | @tariktech
    • Mobile Pitfalls#privacy360 | @tariktech
    • Mobile Pitfalls#privacy360 | @tariktech
    • Mobile Pitfalls#privacy360 | @tariktech
    • Mobile Pitfalls Image Cache#privacy360 | @tariktech
    • Mobile Pitfalls#privacy360 | @tariktech
    • Mobile Pitfalls#privacy360 | @tariktech
    • Mobile Pitfalls Image Cache#privacy360 | @tariktech
    • Thank You. Please send questions or comments to @TarikTech#privacy360 | @tariktech