SlideShare a Scribd company logo
1 of 29
Download to read offline
Privacy @ big tech
2/25/19
Polina Zvyagina
Privacy Counsel @Airbnb
European Entrepreneurship @ Stanford
Agenda
● Who I am
● Why Privacy matters - The law, the industry, consumer expectation
● Why now?
● “How to” Privacy
Privacy & Security Counsel
● Privacy Legal team based out of HQ
○ Data Protection Officer in Ireland
● We set policies for the whole company related to data use
● We support your product counsel in helping to draft notifications, help with UI flow, adjust policies,
resolve issues as they come up
● We work on scalable Privacy solutions such as:
○ GDPR Efforts
○ Training
○ Privacy by Design
○ Self-service playbooks
Introduction to Privacy
Law
● Privacy-Related mistakes can
cost 4% of global annual
turnover
● 60% of breaches are caused by
human error
● Equifax Breach Cost $400M
Complex Regulatory Framework
● US Law:
○ Section 5 of the FTC Act: Unfair and deceptive acts and practices
■ + FTC recommendations
○ SCA, FCRA, TCPA
○ State by state data breach notification, CCPA, wiretap laws
○ Industry-specific laws: financial (GLBA), children’s marketing (COPPA)
● Europe: GDPR, Directive 2002/58/EC
● APAC
○ Every country has its own set of privacy laws, but the strictest are:
■ Singapore, South Korea, Japan, Australia
Lots of regulators
GDPR Case Studies Lessons learned
Action Summary Damage Lesson
Google(UK
2019)
● Bundled consent made it unclear to the users of
android phones how their data will be used
across all of Google’s products. Didn’t make it
clear that account creation is not necessary for all
phone features.
$57 Million Minimize the data
used for each
purpose
Track consent
Do not use data
collected for one
purpose for another
purpose
Easy UI with fewer
clicks that explain
how data is used
GDPR Case Studies Lessons learned
Action Summary Damage Lesson
Facebook(UK
2018)
● Improper sharing of data £500,000
fine by the
UK's ICO, a
congressio
nal hearing,
and an
unpreceden
ted formal
apology
from
Zuckerberg
- for all data sharing
with third parties:
complete a security
assessment and
implement
recommendations
air/security-review
Future of Privacy Law
● Consumers and regulators are only becoming more savvy to how companies use their data and they
want more control
○ CCPA
○ Pending BIlls:
■ NJ, Conn, NY, Penn, SC, DC, RI
○ Biometric Data state laws: Illinois, Washington, Texas, New Hampshire
○ Federal Privacy Regulation?
This is just the beginning
Let’s define some terms
● Personal Data: Any information relating to an identified or identifiable natural person; an identifiable
natural person is one who can be identified, directly or indirectly by any kind of identifier (GDPR). This
is not what you know of as PII, it’s much broader
● De-Identified: information that cannot reasonably identify, relate to, describe, be capable of being
associated with, or be linked, directly or indirectly, to a particular consumer (CCPA and GDPR)
● Privacy Policy: public facing notice that advises the world and our users about how Airbnb collects,
shares, stores, and uses Personal Data
● JIT Notification: Just-In-Time Notifications that advise users about very specific data uses usually within
the UI, either through a pop-up, toast or in-app notifications
● Privacy by Design and Security by Default: being proactive, rather than reactive when it comes to the
treatment of user data
● Privacy Principles: Minimization, Purpose, Limitation, Accuracy, Storage Limitation, Integrity and
Confidentiality, Fairness and Transparency, Security
Data & Trust
TRUST
● Trust is hard to quantify but the loss of trust costs a lot of money
○ Fines under GDPR: 4% of the total worldwide annual turnover of the preceding year
○ Cost of the breaches vary, but most recently: Uber is paying $148M to settle, Anthem $115M,
Facebook TBD
○ These costs do not account for lost users and dips in signups and internal operational disruption
● Why do regulators care? Because people get hurt when their data is misused, not properly protected
● Regulators are not the only ones that care: consumer advocates, watchdogs, reporters & data subjects
themselves
Consumer trust requires: empathy, logic, authenticity
Consumers trust of government and big organizations is at an all-time low
Source of Truth
● Consumers read the Privacy Policy and JIT notifications to understand how we collect, use and store
their data
● In the US, regulators read the Privacy Policy, use the product and look for deception
● Across the world, regulators rely on the Privacy Policy to understand how we collect, use and store
consumer data and they send investigative questions
● We recommend everyone, especially leadership, read the privacy policy and consider whether it
accurately reflects all activities of your teams.
○ Our privacy policy is broad so in most cases, what you do should be within its realm
○ Certain products and features demand that we update the Privacy Policy
● The Privacy Policy is a catchall, internal policies are more strict!
Airbnb Privacy Policy : Practice what you preach
Other places we might make representations about privacy
and data
● User Interface (UI)- info toolkits, just in time
notifications
● How-to videos
● Help articles
● Conferences, Interviews with reporters &
regulators
● Blog posts
● Emails we send to users
● Survey language
● Emails we send to try to get user stories
● Here’s a summary of companies under FTC
consent decrees for 2017 (2018 report to
come out in January)
Privacy by Design
Privacy Principles to Follow
● Privacy by Design extends to a trilogy of encompassing applications:
○ IT systems;
○ accountable business practices; and
○ networked infrastructure.
● Risk-based approach to how data is treated based on sensitivity of the data & volume of data
● Personal Data:
○ Any information relating to an identified or identifiable natural person (‘data subject’); an
identifiable natural person is one who can be identified, directly or indirectly, in particular by
reference to an identifier such as a name, an identification number, location data, an online
identifier or to one or more factors specific to the physical, physiological, genetic, mental,
economic, cultural or social identity of that natural person
● Financial Data: Does not need to be Personal Data to be highly risky if mismanaged
In every product decision
Privacy By Design
● Proactive not reactive
● Privacy by default related to Personal Data
○ Tag data appropriately according to a data schema
● Privacy has to be embedded into the design process Full functionality: positive sum, not zero-sum
● End-to-end security
● Transparency
● Respect user privacy
An excellent standard for the last 10 years, and now the law, under GDPR
Privacy Principles
● Adherence to the following privacy principles:
○ Data minimization- this is the most common pitfall and the begin of privacy decay
○ Identify purpose of the collection
○ Limit the use of the data to only that purpose for which it was collected
○ Accuracy
○ Storage limitation
○ Integrity and confidentiality
○ Fairness and transparency
○ Security
● Consumer rights
Privacy By Design in Practice
● When developing a new “product” requires going through a privacy analysis and doing a PIA
○ “Product” is: business process/project/activity that proposes to use customer data in a new way.
■ Incorporating a data questionnaire into the product review process, will help your counsel
identify whether a new PIA is required.
○ While designing, Privacy counsel made suggestions on how to minimize and mitigate privacy
concerns
● The plan and the mitigations are documented in the PIA
Privacy Impact Assessments
Data Mapping
Page 21
Personally Identifiable Information vs Personal Data
Whereas the European Union uses the term “Personal Data” in its laws and regulations, the
United States’ laws and regulations use the term Personally Identifiable Information (PII).
While PII may refer to information such as name, address, or birthdate, Personal Data is broader
and may include things as broad as social media posts, transaction histories, and IP addresses.
Definition: As defined by Airbnb, Personally Identifiable Information (PII) is any data that personally identifies or may
be used to personally identify an individual.
The U.S. Department of Commerce defines PII as “any information about an individual maintained by an agency,
including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, social
security number, date and and place of birth, mother’s maiden name, or biometric records; and (2) any other information
that is linked or linkable to an individual, such as medical, educational, financial, and employment information.
PII differs from Personal Data in that
Personal Data captures a wider range of
information.
Data Mapping and Data Tagging
● As companies grow, the amount of data they collect and the data architecture changes very quickly
● Data Inventory is a multi-team effort
○ Product Managers
○ Engineering
○ Data Science
○ Security
○ Legal
● Data must be tagged and mapped appropriately, so that we can know what data we have, where it’s
stored and how it might be used.
Behemoth Task
Data Subject Rights
Data Subjects Rights
● The right to access their personal data and obtain various other information, such as the purposes of
the processing and who the personal data has been disclosed to
● The right to rectify inaccurate personal data
● The right to erasure
● The right to data portability, i.e. to receive their personal data in an easily transferable, machine-
readable format
● A right ‘not to be subject to’ a decision based solely on automated processing, including profiling,
which produces legal effects concerning him or her or similarly significantly affects the data subjects
● A right to object to personal data processing.
QUESTIONS?
Case Studies:
Appendix
Data Breaches Case Studies Lessons learned
Action Summary Damage Lesson
UpnProxy
vulnerability
● exposed more than 45,000 routers to exploits linked to the
EternalBlue malware created by the NSA, potentially
exposing millions to hacker attacks
● Targets routers with vulnerable implementations of Universal
Plug and Play to force connected devices to open ports 139
and 445. This allows the obfuscation and routing of malicious
traffic to launch denial of service attacks and spread malware
to other devices. This exploit in routers has led to around two
million networked devices, such as laptops and smartphones,
being open to attack.
● The attack relies on two exploits, EternalBlue, a backdoor
developed by the NSA to target Windows computers; and its
“sibling” exploit EternalRed, used to backdoor Linux devices.
TBD - Scanning for
vulnerability
- Testing for
vulnerabilities
Cathay
Airlines
● personal data, from credit card details and passport numbers
to physical addresses stolen by cyber criminals
British Airways ● had its website breached and data belonging to 380,000
customers stolen.
Data Breaches Case Studies Lessons learned
Action Summary Damage Lesson
Marriott (2018) exposed the personal information of some 500 million customers TBD - these significant
breaches is
indicative of how
important it is to
have robust
security and data
handling policies
within an
organization.
- they also highlights
how it can be difficult to
get ahead of motivated
hackers and cyber
criminals on a mission to
steal data and sell or
exploit it in nefarious
ways.
US Federal Trade Commission (FTC) Case StudiesLessons learned
Action Summary Damage Lesson
Uber Technologies,
Inc.(Oct 2018)
- Inadequate Internal Access to User Personal Data.
Despite Respondent’s representation that its practices would
continue on an ongoing basis, Respondent has not always
closely monitored and audited its employees’ access to Rider
and Driver accounts since November 2014. Respondent
developed an automated system for monitoring employee
access to consumer personal information in December 2014
but the system was not designed or staffed to effectively
handle ongoing review of access to data by Respondent’s
thousands of employees and contingent workers.
- Security Statements in privacy Policy Inaccurate. “Your
information will be stored safely and used only for purposes
you’ve authorized. We use the most up to date technology
and services to ensure that none of these are compromised.”
“I understand that you do not feel comfortable sending your
personal information via online. However, we’re extra vigilant
in protecting all private and personal information.” “All of your
personal information, including payment methods, is kept
secure and encrypted to the highest security standards
available.”
- 2014 Data Breach
- 2016 Data Breach
Consent
Agreement w/
FTC
-Prohibition
Against
Misrepresent
ations
-Mandatory
Privacy
Program
-Privacy
Assessments
by a Third
Party
(reporting
period for the
Assessments
must cover:
(1) the first
180 days
after the
issuance date
of the Order
for the initial
Assessment,
and (2) each
2-year period
- implement reasonable
access controls to
safeguard data stored in
the Amazon S3
Datastore. For example,
Respondent: i. require
programs and engineers
that access AWS to use
distinct access keys,
instead permitting all
programs and engineers
to use a single AWS
access key that
provided full
administrative privileges
over all data in the
Amazon S3 Datastore;
ii. restrict access to
systems based on
employees’ job
functions; and iii. require
multi-factor
authentication for

More Related Content

What's hot

Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017CloudWATCH Consortium
 
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...Harrison Clark Rickerbys
 
GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?MediaPost
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
GDPR will be the new regulation on may 2018
GDPR will be the new regulation on may 2018GDPR will be the new regulation on may 2018
GDPR will be the new regulation on may 2018Marjane Moghimi, ERP
 
Charity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of ChangeCharity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of ChangeIBB Law
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slidesNaomi Holmes
 
Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationcaniceconsulting
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Werksmans Attorneys
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for DummiesAtif Ghauri
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law Priyanka Aash
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONSaurabh Pandey
 

What's hot (17)

Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
 
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
 
GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
GDPR will be the new regulation on may 2018
GDPR will be the new regulation on may 2018GDPR will be the new regulation on may 2018
GDPR will be the new regulation on may 2018
 
Charity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of ChangeCharity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of Change
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
 
Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislation
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in India
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...
 
GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATION
 
Data Protection GDPR Basics
Data Protection GDPR BasicsData Protection GDPR Basics
Data Protection GDPR Basics
 

Similar to Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering - 25 Feb 2019

CCPA for CISOs: What You Need to Know
CCPA for CISOs: What You Need to KnowCCPA for CISOs: What You Need to Know
CCPA for CISOs: What You Need to KnowTrustArc
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesTrustArc
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare IndustryEMMAIntl
 
UX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUser Vision
 
UX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesStephen Denning
 
Data Decoded: Understanding India's Draft Data Protection Bill
Data Decoded: Understanding India's Draft Data Protection BillData Decoded: Understanding India's Draft Data Protection Bill
Data Decoded: Understanding India's Draft Data Protection BillAntaraa Vasudev
 
WB-2022-01-25-India's Data Protection Bill
WB-2022-01-25-India's Data Protection BillWB-2022-01-25-India's Data Protection Bill
WB-2022-01-25-India's Data Protection BillTrustArc
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Financial Poise
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
 
Human resources: protecting confidentiality
Human resources: protecting confidentiality Human resources: protecting confidentiality
Human resources: protecting confidentiality KelbySchwender
 

Similar to Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering - 25 Feb 2019 (20)

CCPA for CISOs: What You Need to Know
CCPA for CISOs: What You Need to KnowCCPA for CISOs: What You Need to Know
CCPA for CISOs: What You Need to Know
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 States
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
UX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital Experiences
 
UX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital Experiences
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
GDPR - Sink or Swim
GDPR - Sink or SwimGDPR - Sink or Swim
GDPR - Sink or Swim
 
GDPR - Applift firstscreen june 2016
GDPR - Applift firstscreen june 2016GDPR - Applift firstscreen june 2016
GDPR - Applift firstscreen june 2016
 
Things to know about GDPR in 2018
Things to know about GDPR in 2018Things to know about GDPR in 2018
Things to know about GDPR in 2018
 
Data Decoded: Understanding India's Draft Data Protection Bill
Data Decoded: Understanding India's Draft Data Protection BillData Decoded: Understanding India's Draft Data Protection Bill
Data Decoded: Understanding India's Draft Data Protection Bill
 
WB-2022-01-25-India's Data Protection Bill
WB-2022-01-25-India's Data Protection BillWB-2022-01-25-India's Data Protection Bill
WB-2022-01-25-India's Data Protection Bill
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
What does GDPR mean for your business?
What does GDPR mean for your business?What does GDPR mean for your business?
What does GDPR mean for your business?
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) Changes
 
Human resources: protecting confidentiality
Human resources: protecting confidentiality Human resources: protecting confidentiality
Human resources: protecting confidentiality
 

More from Burton Lee

Santiago Bassett - Wazuh - Growing Cybersecurity Startups in Granada & Silico...
Santiago Bassett - Wazuh - Growing Cybersecurity Startups in Granada & Silico...Santiago Bassett - Wazuh - Growing Cybersecurity Startups in Granada & Silico...
Santiago Bassett - Wazuh - Growing Cybersecurity Startups in Granada & Silico...Burton Lee
 
Julio Casal - 4iQ & AlienVault - Viaje de un Cybersecurity Startup a Silicon ...
Julio Casal - 4iQ & AlienVault - Viaje de un Cybersecurity Startup a Silicon ...Julio Casal - 4iQ & AlienVault - Viaje de un Cybersecurity Startup a Silicon ...
Julio Casal - 4iQ & AlienVault - Viaje de un Cybersecurity Startup a Silicon ...Burton Lee
 
Burton Lee - Session #7 - Madrid + Granada - Cybersecurity Startups - Spanish...
Burton Lee - Session #7 - Madrid + Granada - Cybersecurity Startups - Spanish...Burton Lee - Session #7 - Madrid + Granada - Cybersecurity Startups - Spanish...
Burton Lee - Session #7 - Madrid + Granada - Cybersecurity Startups - Spanish...Burton Lee
 
Peter Fatelnig - EU Delegation to USA - Content Matters & EU Leadership - Sta...
Peter Fatelnig - EU Delegation to USA - Content Matters & EU Leadership - Sta...Peter Fatelnig - EU Delegation to USA - Content Matters & EU Leadership - Sta...
Peter Fatelnig - EU Delegation to USA - Content Matters & EU Leadership - Sta...Burton Lee
 
Dejan Roljic - Eligma - Growing Bitcoin Cities from Slovenia - Stanford Engin...
Dejan Roljic - Eligma - Growing Bitcoin Cities from Slovenia - Stanford Engin...Dejan Roljic - Eligma - Growing Bitcoin Cities from Slovenia - Stanford Engin...
Dejan Roljic - Eligma - Growing Bitcoin Cities from Slovenia - Stanford Engin...Burton Lee
 
Burton Lee - Session #6 Intro - Bitcoin Cities | GDPR & Stasi Files - Stanfor...
Burton Lee - Session #6 Intro - Bitcoin Cities | GDPR & Stasi Files - Stanfor...Burton Lee - Session #6 Intro - Bitcoin Cities | GDPR & Stasi Files - Stanfor...
Burton Lee - Session #6 Intro - Bitcoin Cities | GDPR & Stasi Files - Stanfor...Burton Lee
 
Burton Lee - Session #5 Intro - European Corporate Venture Capital - Stanford...
Burton Lee - Session #5 Intro - European Corporate Venture Capital - Stanford...Burton Lee - Session #5 Intro - European Corporate Venture Capital - Stanford...
Burton Lee - Session #5 Intro - European Corporate Venture Capital - Stanford...Burton Lee
 
Elif Ceylan - ITU ARI Teknokent & Innogate - University Accelerators in Turke...
Elif Ceylan - ITU ARI Teknokent & Innogate - University Accelerators in Turke...Elif Ceylan - ITU ARI Teknokent & Innogate - University Accelerators in Turke...
Elif Ceylan - ITU ARI Teknokent & Innogate - University Accelerators in Turke...Burton Lee
 
Ege Ertem - Zorlu Ventures - Family Enterprises in Turkey - Stanford Engineer...
Ege Ertem - Zorlu Ventures - Family Enterprises in Turkey - Stanford Engineer...Ege Ertem - Zorlu Ventures - Family Enterprises in Turkey - Stanford Engineer...
Ege Ertem - Zorlu Ventures - Family Enterprises in Turkey - Stanford Engineer...Burton Lee
 
Miray Tayfun - Vivoo - Wellness Startups in Turkey & Silicon Valley - Stanfor...
Miray Tayfun - Vivoo - Wellness Startups in Turkey & Silicon Valley - Stanfor...Miray Tayfun - Vivoo - Wellness Startups in Turkey & Silicon Valley - Stanfor...
Miray Tayfun - Vivoo - Wellness Startups in Turkey & Silicon Valley - Stanfor...Burton Lee
 
Burton Lee - Session #4 - Turkey Innovation Ecosystem - Stanford Engineering ...
Burton Lee - Session #4 - Turkey Innovation Ecosystem - Stanford Engineering ...Burton Lee - Session #4 - Turkey Innovation Ecosystem - Stanford Engineering ...
Burton Lee - Session #4 - Turkey Innovation Ecosystem - Stanford Engineering ...Burton Lee
 
Nathalie Delrue-McGuire - Belgium, Flanders & Belcham USA - Stanford Engineer...
Nathalie Delrue-McGuire - Belgium, Flanders & Belcham USA - Stanford Engineer...Nathalie Delrue-McGuire - Belgium, Flanders & Belcham USA - Stanford Engineer...
Nathalie Delrue-McGuire - Belgium, Flanders & Belcham USA - Stanford Engineer...Burton Lee
 
Dirk Wauters - Flanders & Leuven Tech Ecosystem - Stanford Engineering - 28 J...
Dirk Wauters - Flanders & Leuven Tech Ecosystem - Stanford Engineering - 28 J...Dirk Wauters - Flanders & Leuven Tech Ecosystem - Stanford Engineering - 28 J...
Dirk Wauters - Flanders & Leuven Tech Ecosystem - Stanford Engineering - 28 J...Burton Lee
 
Hendrik Isebaert - Showpad & Ghent - Enterprise Software in Flanders - Stanfo...
Hendrik Isebaert - Showpad & Ghent - Enterprise Software in Flanders - Stanfo...Hendrik Isebaert - Showpad & Ghent - Enterprise Software in Flanders - Stanfo...
Hendrik Isebaert - Showpad & Ghent - Enterprise Software in Flanders - Stanfo...Burton Lee
 
Burton Lee - Session #3 - Flanders :: From WW1 to Global Leadership in Enterp...
Burton Lee - Session #3 - Flanders :: From WW1 to Global Leadership in Enterp...Burton Lee - Session #3 - Flanders :: From WW1 to Global Leadership in Enterp...
Burton Lee - Session #3 - Flanders :: From WW1 to Global Leadership in Enterp...Burton Lee
 
Mirena Taskova - EU GDPR Intro & Update - Stanford Engineering - 14 Jan 2019
Mirena Taskova - EU GDPR Intro & Update - Stanford Engineering - 14 Jan 2019Mirena Taskova - EU GDPR Intro & Update - Stanford Engineering - 14 Jan 2019
Mirena Taskova - EU GDPR Intro & Update - Stanford Engineering - 14 Jan 2019Burton Lee
 
Burton Lee - Session #2 - Berlin Mobile Banking Unicorns & GDPR Update - Stan...
Burton Lee - Session #2 - Berlin Mobile Banking Unicorns & GDPR Update - Stan...Burton Lee - Session #2 - Berlin Mobile Banking Unicorns & GDPR Update - Stan...
Burton Lee - Session #2 - Berlin Mobile Banking Unicorns & GDPR Update - Stan...Burton Lee
 
Burton Lee - Course Intro & Session #1 - Czechia & CEE Ecosystem - Stanford M...
Burton Lee - Course Intro & Session #1 - Czechia & CEE Ecosystem - Stanford M...Burton Lee - Course Intro & Session #1 - Czechia & CEE Ecosystem - Stanford M...
Burton Lee - Course Intro & Session #1 - Czechia & CEE Ecosystem - Stanford M...Burton Lee
 
Burton Lee - AI and Remote Diagnostics of Factory Equipment - IHK München 175...
Burton Lee - AI and Remote Diagnostics of Factory Equipment - IHK München 175...Burton Lee - AI and Remote Diagnostics of Factory Equipment - IHK München 175...
Burton Lee - AI and Remote Diagnostics of Factory Equipment - IHK München 175...Burton Lee
 
Burton Lee - Session #8 Intro - Stanford ME421 - Mar 12 2018 - Part 1
Burton Lee - Session #8 Intro - Stanford ME421 - Mar 12 2018 - Part 1Burton Lee - Session #8 Intro - Stanford ME421 - Mar 12 2018 - Part 1
Burton Lee - Session #8 Intro - Stanford ME421 - Mar 12 2018 - Part 1Burton Lee
 

More from Burton Lee (20)

Santiago Bassett - Wazuh - Growing Cybersecurity Startups in Granada & Silico...
Santiago Bassett - Wazuh - Growing Cybersecurity Startups in Granada & Silico...Santiago Bassett - Wazuh - Growing Cybersecurity Startups in Granada & Silico...
Santiago Bassett - Wazuh - Growing Cybersecurity Startups in Granada & Silico...
 
Julio Casal - 4iQ & AlienVault - Viaje de un Cybersecurity Startup a Silicon ...
Julio Casal - 4iQ & AlienVault - Viaje de un Cybersecurity Startup a Silicon ...Julio Casal - 4iQ & AlienVault - Viaje de un Cybersecurity Startup a Silicon ...
Julio Casal - 4iQ & AlienVault - Viaje de un Cybersecurity Startup a Silicon ...
 
Burton Lee - Session #7 - Madrid + Granada - Cybersecurity Startups - Spanish...
Burton Lee - Session #7 - Madrid + Granada - Cybersecurity Startups - Spanish...Burton Lee - Session #7 - Madrid + Granada - Cybersecurity Startups - Spanish...
Burton Lee - Session #7 - Madrid + Granada - Cybersecurity Startups - Spanish...
 
Peter Fatelnig - EU Delegation to USA - Content Matters & EU Leadership - Sta...
Peter Fatelnig - EU Delegation to USA - Content Matters & EU Leadership - Sta...Peter Fatelnig - EU Delegation to USA - Content Matters & EU Leadership - Sta...
Peter Fatelnig - EU Delegation to USA - Content Matters & EU Leadership - Sta...
 
Dejan Roljic - Eligma - Growing Bitcoin Cities from Slovenia - Stanford Engin...
Dejan Roljic - Eligma - Growing Bitcoin Cities from Slovenia - Stanford Engin...Dejan Roljic - Eligma - Growing Bitcoin Cities from Slovenia - Stanford Engin...
Dejan Roljic - Eligma - Growing Bitcoin Cities from Slovenia - Stanford Engin...
 
Burton Lee - Session #6 Intro - Bitcoin Cities | GDPR & Stasi Files - Stanfor...
Burton Lee - Session #6 Intro - Bitcoin Cities | GDPR & Stasi Files - Stanfor...Burton Lee - Session #6 Intro - Bitcoin Cities | GDPR & Stasi Files - Stanfor...
Burton Lee - Session #6 Intro - Bitcoin Cities | GDPR & Stasi Files - Stanfor...
 
Burton Lee - Session #5 Intro - European Corporate Venture Capital - Stanford...
Burton Lee - Session #5 Intro - European Corporate Venture Capital - Stanford...Burton Lee - Session #5 Intro - European Corporate Venture Capital - Stanford...
Burton Lee - Session #5 Intro - European Corporate Venture Capital - Stanford...
 
Elif Ceylan - ITU ARI Teknokent & Innogate - University Accelerators in Turke...
Elif Ceylan - ITU ARI Teknokent & Innogate - University Accelerators in Turke...Elif Ceylan - ITU ARI Teknokent & Innogate - University Accelerators in Turke...
Elif Ceylan - ITU ARI Teknokent & Innogate - University Accelerators in Turke...
 
Ege Ertem - Zorlu Ventures - Family Enterprises in Turkey - Stanford Engineer...
Ege Ertem - Zorlu Ventures - Family Enterprises in Turkey - Stanford Engineer...Ege Ertem - Zorlu Ventures - Family Enterprises in Turkey - Stanford Engineer...
Ege Ertem - Zorlu Ventures - Family Enterprises in Turkey - Stanford Engineer...
 
Miray Tayfun - Vivoo - Wellness Startups in Turkey & Silicon Valley - Stanfor...
Miray Tayfun - Vivoo - Wellness Startups in Turkey & Silicon Valley - Stanfor...Miray Tayfun - Vivoo - Wellness Startups in Turkey & Silicon Valley - Stanfor...
Miray Tayfun - Vivoo - Wellness Startups in Turkey & Silicon Valley - Stanfor...
 
Burton Lee - Session #4 - Turkey Innovation Ecosystem - Stanford Engineering ...
Burton Lee - Session #4 - Turkey Innovation Ecosystem - Stanford Engineering ...Burton Lee - Session #4 - Turkey Innovation Ecosystem - Stanford Engineering ...
Burton Lee - Session #4 - Turkey Innovation Ecosystem - Stanford Engineering ...
 
Nathalie Delrue-McGuire - Belgium, Flanders & Belcham USA - Stanford Engineer...
Nathalie Delrue-McGuire - Belgium, Flanders & Belcham USA - Stanford Engineer...Nathalie Delrue-McGuire - Belgium, Flanders & Belcham USA - Stanford Engineer...
Nathalie Delrue-McGuire - Belgium, Flanders & Belcham USA - Stanford Engineer...
 
Dirk Wauters - Flanders & Leuven Tech Ecosystem - Stanford Engineering - 28 J...
Dirk Wauters - Flanders & Leuven Tech Ecosystem - Stanford Engineering - 28 J...Dirk Wauters - Flanders & Leuven Tech Ecosystem - Stanford Engineering - 28 J...
Dirk Wauters - Flanders & Leuven Tech Ecosystem - Stanford Engineering - 28 J...
 
Hendrik Isebaert - Showpad & Ghent - Enterprise Software in Flanders - Stanfo...
Hendrik Isebaert - Showpad & Ghent - Enterprise Software in Flanders - Stanfo...Hendrik Isebaert - Showpad & Ghent - Enterprise Software in Flanders - Stanfo...
Hendrik Isebaert - Showpad & Ghent - Enterprise Software in Flanders - Stanfo...
 
Burton Lee - Session #3 - Flanders :: From WW1 to Global Leadership in Enterp...
Burton Lee - Session #3 - Flanders :: From WW1 to Global Leadership in Enterp...Burton Lee - Session #3 - Flanders :: From WW1 to Global Leadership in Enterp...
Burton Lee - Session #3 - Flanders :: From WW1 to Global Leadership in Enterp...
 
Mirena Taskova - EU GDPR Intro & Update - Stanford Engineering - 14 Jan 2019
Mirena Taskova - EU GDPR Intro & Update - Stanford Engineering - 14 Jan 2019Mirena Taskova - EU GDPR Intro & Update - Stanford Engineering - 14 Jan 2019
Mirena Taskova - EU GDPR Intro & Update - Stanford Engineering - 14 Jan 2019
 
Burton Lee - Session #2 - Berlin Mobile Banking Unicorns & GDPR Update - Stan...
Burton Lee - Session #2 - Berlin Mobile Banking Unicorns & GDPR Update - Stan...Burton Lee - Session #2 - Berlin Mobile Banking Unicorns & GDPR Update - Stan...
Burton Lee - Session #2 - Berlin Mobile Banking Unicorns & GDPR Update - Stan...
 
Burton Lee - Course Intro & Session #1 - Czechia & CEE Ecosystem - Stanford M...
Burton Lee - Course Intro & Session #1 - Czechia & CEE Ecosystem - Stanford M...Burton Lee - Course Intro & Session #1 - Czechia & CEE Ecosystem - Stanford M...
Burton Lee - Course Intro & Session #1 - Czechia & CEE Ecosystem - Stanford M...
 
Burton Lee - AI and Remote Diagnostics of Factory Equipment - IHK München 175...
Burton Lee - AI and Remote Diagnostics of Factory Equipment - IHK München 175...Burton Lee - AI and Remote Diagnostics of Factory Equipment - IHK München 175...
Burton Lee - AI and Remote Diagnostics of Factory Equipment - IHK München 175...
 
Burton Lee - Session #8 Intro - Stanford ME421 - Mar 12 2018 - Part 1
Burton Lee - Session #8 Intro - Stanford ME421 - Mar 12 2018 - Part 1Burton Lee - Session #8 Intro - Stanford ME421 - Mar 12 2018 - Part 1
Burton Lee - Session #8 Intro - Stanford ME421 - Mar 12 2018 - Part 1
 

Recently uploaded

Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingScyllaDB
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringWSO2
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization -  The evolution of API governanceAPI Governance and Monetization -  The evolution of API governance
API Governance and Monetization - The evolution of API governanceWSO2
 
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...SOFTTECHHUB
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch TuesdayIvanti
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxFIDO Alliance
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....rightmanforbloodline
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers:  A Deep Dive into Serverless Spatial Data and FMECloud Frontiers:  A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform EngineeringMarcus Vechiato
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data SciencePaolo Missier
 

Recently uploaded (20)

Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization -  The evolution of API governanceAPI Governance and Monetization -  The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers:  A Deep Dive into Serverless Spatial Data and FMECloud Frontiers:  A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 

Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering - 25 Feb 2019

  • 1. Privacy @ big tech 2/25/19 Polina Zvyagina Privacy Counsel @Airbnb European Entrepreneurship @ Stanford
  • 2. Agenda ● Who I am ● Why Privacy matters - The law, the industry, consumer expectation ● Why now? ● “How to” Privacy
  • 3. Privacy & Security Counsel ● Privacy Legal team based out of HQ ○ Data Protection Officer in Ireland ● We set policies for the whole company related to data use ● We support your product counsel in helping to draft notifications, help with UI flow, adjust policies, resolve issues as they come up ● We work on scalable Privacy solutions such as: ○ GDPR Efforts ○ Training ○ Privacy by Design ○ Self-service playbooks
  • 5. ● Privacy-Related mistakes can cost 4% of global annual turnover ● 60% of breaches are caused by human error ● Equifax Breach Cost $400M
  • 6. Complex Regulatory Framework ● US Law: ○ Section 5 of the FTC Act: Unfair and deceptive acts and practices ■ + FTC recommendations ○ SCA, FCRA, TCPA ○ State by state data breach notification, CCPA, wiretap laws ○ Industry-specific laws: financial (GLBA), children’s marketing (COPPA) ● Europe: GDPR, Directive 2002/58/EC ● APAC ○ Every country has its own set of privacy laws, but the strictest are: ■ Singapore, South Korea, Japan, Australia Lots of regulators
  • 7. GDPR Case Studies Lessons learned Action Summary Damage Lesson Google(UK 2019) ● Bundled consent made it unclear to the users of android phones how their data will be used across all of Google’s products. Didn’t make it clear that account creation is not necessary for all phone features. $57 Million Minimize the data used for each purpose Track consent Do not use data collected for one purpose for another purpose Easy UI with fewer clicks that explain how data is used
  • 8. GDPR Case Studies Lessons learned Action Summary Damage Lesson Facebook(UK 2018) ● Improper sharing of data £500,000 fine by the UK's ICO, a congressio nal hearing, and an unpreceden ted formal apology from Zuckerberg - for all data sharing with third parties: complete a security assessment and implement recommendations air/security-review
  • 9. Future of Privacy Law ● Consumers and regulators are only becoming more savvy to how companies use their data and they want more control ○ CCPA ○ Pending BIlls: ■ NJ, Conn, NY, Penn, SC, DC, RI ○ Biometric Data state laws: Illinois, Washington, Texas, New Hampshire ○ Federal Privacy Regulation? This is just the beginning
  • 10. Let’s define some terms ● Personal Data: Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly by any kind of identifier (GDPR). This is not what you know of as PII, it’s much broader ● De-Identified: information that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer (CCPA and GDPR) ● Privacy Policy: public facing notice that advises the world and our users about how Airbnb collects, shares, stores, and uses Personal Data ● JIT Notification: Just-In-Time Notifications that advise users about very specific data uses usually within the UI, either through a pop-up, toast or in-app notifications ● Privacy by Design and Security by Default: being proactive, rather than reactive when it comes to the treatment of user data ● Privacy Principles: Minimization, Purpose, Limitation, Accuracy, Storage Limitation, Integrity and Confidentiality, Fairness and Transparency, Security
  • 12. TRUST ● Trust is hard to quantify but the loss of trust costs a lot of money ○ Fines under GDPR: 4% of the total worldwide annual turnover of the preceding year ○ Cost of the breaches vary, but most recently: Uber is paying $148M to settle, Anthem $115M, Facebook TBD ○ These costs do not account for lost users and dips in signups and internal operational disruption ● Why do regulators care? Because people get hurt when their data is misused, not properly protected ● Regulators are not the only ones that care: consumer advocates, watchdogs, reporters & data subjects themselves Consumer trust requires: empathy, logic, authenticity Consumers trust of government and big organizations is at an all-time low
  • 13. Source of Truth ● Consumers read the Privacy Policy and JIT notifications to understand how we collect, use and store their data ● In the US, regulators read the Privacy Policy, use the product and look for deception ● Across the world, regulators rely on the Privacy Policy to understand how we collect, use and store consumer data and they send investigative questions ● We recommend everyone, especially leadership, read the privacy policy and consider whether it accurately reflects all activities of your teams. ○ Our privacy policy is broad so in most cases, what you do should be within its realm ○ Certain products and features demand that we update the Privacy Policy ● The Privacy Policy is a catchall, internal policies are more strict! Airbnb Privacy Policy : Practice what you preach
  • 14. Other places we might make representations about privacy and data ● User Interface (UI)- info toolkits, just in time notifications ● How-to videos ● Help articles ● Conferences, Interviews with reporters & regulators ● Blog posts ● Emails we send to users ● Survey language ● Emails we send to try to get user stories ● Here’s a summary of companies under FTC consent decrees for 2017 (2018 report to come out in January)
  • 16. Privacy Principles to Follow ● Privacy by Design extends to a trilogy of encompassing applications: ○ IT systems; ○ accountable business practices; and ○ networked infrastructure. ● Risk-based approach to how data is treated based on sensitivity of the data & volume of data ● Personal Data: ○ Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person ● Financial Data: Does not need to be Personal Data to be highly risky if mismanaged In every product decision
  • 17. Privacy By Design ● Proactive not reactive ● Privacy by default related to Personal Data ○ Tag data appropriately according to a data schema ● Privacy has to be embedded into the design process Full functionality: positive sum, not zero-sum ● End-to-end security ● Transparency ● Respect user privacy An excellent standard for the last 10 years, and now the law, under GDPR
  • 18. Privacy Principles ● Adherence to the following privacy principles: ○ Data minimization- this is the most common pitfall and the begin of privacy decay ○ Identify purpose of the collection ○ Limit the use of the data to only that purpose for which it was collected ○ Accuracy ○ Storage limitation ○ Integrity and confidentiality ○ Fairness and transparency ○ Security ● Consumer rights
  • 19. Privacy By Design in Practice ● When developing a new “product” requires going through a privacy analysis and doing a PIA ○ “Product” is: business process/project/activity that proposes to use customer data in a new way. ■ Incorporating a data questionnaire into the product review process, will help your counsel identify whether a new PIA is required. ○ While designing, Privacy counsel made suggestions on how to minimize and mitigate privacy concerns ● The plan and the mitigations are documented in the PIA Privacy Impact Assessments
  • 21. Page 21 Personally Identifiable Information vs Personal Data Whereas the European Union uses the term “Personal Data” in its laws and regulations, the United States’ laws and regulations use the term Personally Identifiable Information (PII). While PII may refer to information such as name, address, or birthdate, Personal Data is broader and may include things as broad as social media posts, transaction histories, and IP addresses. Definition: As defined by Airbnb, Personally Identifiable Information (PII) is any data that personally identifies or may be used to personally identify an individual. The U.S. Department of Commerce defines PII as “any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and and place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information. PII differs from Personal Data in that Personal Data captures a wider range of information.
  • 22. Data Mapping and Data Tagging ● As companies grow, the amount of data they collect and the data architecture changes very quickly ● Data Inventory is a multi-team effort ○ Product Managers ○ Engineering ○ Data Science ○ Security ○ Legal ● Data must be tagged and mapped appropriately, so that we can know what data we have, where it’s stored and how it might be used. Behemoth Task
  • 24. Data Subjects Rights ● The right to access their personal data and obtain various other information, such as the purposes of the processing and who the personal data has been disclosed to ● The right to rectify inaccurate personal data ● The right to erasure ● The right to data portability, i.e. to receive their personal data in an easily transferable, machine- readable format ● A right ‘not to be subject to’ a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects the data subjects ● A right to object to personal data processing.
  • 27. Data Breaches Case Studies Lessons learned Action Summary Damage Lesson UpnProxy vulnerability ● exposed more than 45,000 routers to exploits linked to the EternalBlue malware created by the NSA, potentially exposing millions to hacker attacks ● Targets routers with vulnerable implementations of Universal Plug and Play to force connected devices to open ports 139 and 445. This allows the obfuscation and routing of malicious traffic to launch denial of service attacks and spread malware to other devices. This exploit in routers has led to around two million networked devices, such as laptops and smartphones, being open to attack. ● The attack relies on two exploits, EternalBlue, a backdoor developed by the NSA to target Windows computers; and its “sibling” exploit EternalRed, used to backdoor Linux devices. TBD - Scanning for vulnerability - Testing for vulnerabilities Cathay Airlines ● personal data, from credit card details and passport numbers to physical addresses stolen by cyber criminals British Airways ● had its website breached and data belonging to 380,000 customers stolen.
  • 28. Data Breaches Case Studies Lessons learned Action Summary Damage Lesson Marriott (2018) exposed the personal information of some 500 million customers TBD - these significant breaches is indicative of how important it is to have robust security and data handling policies within an organization. - they also highlights how it can be difficult to get ahead of motivated hackers and cyber criminals on a mission to steal data and sell or exploit it in nefarious ways.
  • 29. US Federal Trade Commission (FTC) Case StudiesLessons learned Action Summary Damage Lesson Uber Technologies, Inc.(Oct 2018) - Inadequate Internal Access to User Personal Data. Despite Respondent’s representation that its practices would continue on an ongoing basis, Respondent has not always closely monitored and audited its employees’ access to Rider and Driver accounts since November 2014. Respondent developed an automated system for monitoring employee access to consumer personal information in December 2014 but the system was not designed or staffed to effectively handle ongoing review of access to data by Respondent’s thousands of employees and contingent workers. - Security Statements in privacy Policy Inaccurate. “Your information will be stored safely and used only for purposes you’ve authorized. We use the most up to date technology and services to ensure that none of these are compromised.” “I understand that you do not feel comfortable sending your personal information via online. However, we’re extra vigilant in protecting all private and personal information.” “All of your personal information, including payment methods, is kept secure and encrypted to the highest security standards available.” - 2014 Data Breach - 2016 Data Breach Consent Agreement w/ FTC -Prohibition Against Misrepresent ations -Mandatory Privacy Program -Privacy Assessments by a Third Party (reporting period for the Assessments must cover: (1) the first 180 days after the issuance date of the Order for the initial Assessment, and (2) each 2-year period - implement reasonable access controls to safeguard data stored in the Amazon S3 Datastore. For example, Respondent: i. require programs and engineers that access AWS to use distinct access keys, instead permitting all programs and engineers to use a single AWS access key that provided full administrative privileges over all data in the Amazon S3 Datastore; ii. restrict access to systems based on employees’ job functions; and iii. require multi-factor authentication for