Building great online and mobile products is hard enough with a small team and limited resources, so why add to the difficulty by embracing “privacy by design” principles? With so many free, easy web tools available and an “everyone else is doing it” mentality, why take time to create extra user controls and transparency? The reality is your users are starting to understand the issues and will soon demand it. You should demand it, too. But most online tools compromise user privacy at some level, and almost none provide the new benefits that result when privacy is baked in from the start. So, what to do? You can build your own tools, requiring time, skill, patience, and functionality trade-offs; pay a third party for their tools; or adapt open source solutions. Or you can shrug your shoulders and roll the dice... In this presentation, learn how Tarik Kurspahic, the CTO of Personal.com, has built privacy into the company’s DNA.
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
How to Build Privacy By Design into Web and Mobile
1. How to Build “Privacy by Design” into Web and Mobile
#privacy360 | @tariktech
#privacy360 | @tariktech
2. Privacy by Design
To build privacy and data protection up front, into the design
specifications and architecture of information and communication
systems, technologies and business practices.
#privacy360 | @tariktech
4. Why Should You Care?
Want to do the right thing
Competitive differentiation
Anticipate regulation
Users will be users
#privacy360 | @tariktech
5. Big Data Platform + “Privacy by Design”
Small Data Is Better
#privacy360 | @tariktech
6. Key Privacy Principles
Transparency
Data portability
Right to be forgotten
Anonymity
Control
#privacy360 | @tariktech
7. It Starts with Company Culture
Everyone is a Chief Privacy/Security Officer
Train key staff
Think of your customers as Owners – not users
Background checks where appropriate
#privacy360 | @tariktech
8. Legal / Policy
User-centric legal model – not CYA
Owner Data Agreement
Always opt-in
Mind towards regulation to come
#privacy360 | @tariktech
9. Business Partners and Vendors
Do not give any 3rd parties access to customer
Require HTTPS for login, data exchange and APIs
Do not give any 3rd parties access to customer
Do not sell customer data
Do not co-mingle data between clients
Do not provide analytics except as a service to you
Do not have any privacy/security incidents
Do background checks on employees
#privacy360 | @tariktech
10. Marketing
Responsible performance tracking
Try Open Source
Avoid free stuff with strings attached
Minimize Owner exposure to 3rd
parties
#privacy360 | @tariktech
18. What About Mobile?
Secure API (HTTPS only)
Don’t take data without the Owner’s consent
Understand offline data storage/encryption options
Understand platform leakage potential
#privacy360 | @tariktech