SlideShare a Scribd company logo

IAPP PSR 2022: How do you engineer DSAR for Complexity?

Cillian Kieran
Cillian Kieran

This talk given by Cillian Kieran outlined how you engineer DSR for complex distributed systems as given at IAPP PSR, 2022 in Austin, TX -- A summary of privacy engineers, DSAR and data management for distributed data systems

Technology
1 of 30
Download to read offline
How Do You Engineer … DSAR For Multiple Profiles Complexity? Privacy Engineering @cillian
+ Open source privacy engineering platform ~ Free DSR orchestration platform ~ Standard for privacy metadata ~ Privacy labeling built for developers fid.es/join
# DSRs: the cause of complexity # DSRs: the impacts of complexity # Architecture for agile DSR at scale # Recommendations for Engineering DSR Contents
Why are DSRs so painful, slow and costly?
A new user’s data is created across systems in seconds
A new user’s data is created across systems in seconds DATA SOURCES INTERNAL STORAGE BUSINESS INTELLIGENCE 3RD PARTY SYSTEMS NEW USER
Deleting the same user’s data can take weeks. Why?
REQUEST INGESTION SUPPORT TEAMS INTERNAL WORKFLOW TEAM PROCESSES SUBJECT REQUEST A subject request is processed manually over weeks DATA PROCESSING PRIVACY WORKFLOW
DSRs cost time, money and create risk
Engineering teams have perfected the art of data creation Not the art of data deletion
The causes of DSRs Exponential Complexity # System design prioritizes creation, not deletion, or consolidated access # Data sprawl increases over time with new technology adoption # User data structures vary widely # There is no consistent data labeling convention # Request types vary (agent, controller, subject) # Business constraints on what data to process in a request vary widely
The impact of DSRs Exponential Complexity # No data model = no data automation # Avg. time per request 4 - 80 hours # Avg. cost per request $1,400 # Creating a resource tax on all business units # Valuable resources diverted from core business activities # Certainty of completeness is low
Engineering DSR Orchestration for Complexity
Our criteria for DSR orchestration # Deleting a user should be as seamless as creating a user # DSRs should be easy and free (for users and businesses) # DSRs should be scalable and a core feature of systems # Product and technology innovation should not break DSRs
The solutions to DSRs Exponential Complexity # System design prioritizes creation, not deletion, or consolidated access # Systems designed for DSR by default # Data sprawl increases over time with new technology adoption # A standard interface and protocol for DSR # User data structures vary widely # An orchestration tool built for flexibility # There is no consistent data labeling convention # A consistent and interoperable labeling standard # Request types vary (agent, controller, subject) # A standard interface and protocol for DSR (see point 2) # Business constraints on what data to process in a request vary widely # Flexible rule and policy engine
GEOGRAPHIC POLICIES POLICY ENGINE AGENT VERIFICATION ID VERIFICATION WAREHOUSES THIRD PARTY SYSTEMS INTERNAL DATA SYSTEMS DATA MODEL ORCHESTRATION DE-IDENTIFY DATA UPDATE DATA RETRIEVE DATA EMAIL INGESTION SUPPORT TICKET PHONE CALL CONSUMER / USER API SUBJECT ID MFA CONTROLLER VERIFICATION BUSINESS POLICIES TECHNICAL POLICIES AUTOMATED RESPONSE TO SUBJECT / REQUESTING PARTY Systems & Processes DSR View AGENT CONTROLLER SUBJECT
CONSUMER / USER AUTOMATED RESPONSE TO SUBJECT / REQUESTING PARTY Abstract Architecture AGENT CONTROLLER SUBJECT REQUEST INGESTION IDENTITY VERIFICATION AUDIT TRAIL CONFIGURABLE POLICIES CONSISTENT PRIVACY METADATA ORCHESTRATION ENGINE
CONSUMER / USER AUTOMATED RESPONSE TO SUBJECT / REQUESTING PARTY Abstract Architecture AGENT CONTROLLER SUBJECT REQUEST INGESTION IDENTITY VERIFICATION AUDIT TRAIL CONFIGURABLE POLICIES CONSISTENT PRIVACY METADATA ORCHESTRATION ENGINE
An open source privacy standard for data labeling and policies that supports GDPR, CCPA, LGPD and ISO 19944 Explorer fid.es/taxonomy
Using this standard privacy language you can describe… # What type of data your application processes (data_category) # How your system uses that data (data_use) # What policies or rules you want your systems to adhere to
# Light-weight declarative language # Dot notation (mostly) # YAML in your projects (inline declarations coming soon) Fides Declarations # System operations data # User provided email address system.operations user.provided.identifiable.contact.email
Fides Primitives Organizations 1. Represents all or any part of an organization. 2. Establishes the root of the resource hierarchy. 3. Organizations are unique, i.e. you cannot reference other organization scopes. # Organizations # Systems # Datasets # Policies
# Organizations # Systems # Datasets # Policies Fides Primitives Systems 1. Represents the privacy properties of a single project, services, codebase or application. 2. Describes the categories of data being processed and use of the data in the system.
# Organizations # Systems # Datasets # Policies Fides Primitives Datasets 1. Represent any location data is stored; databases, data warehouses or other stores. 2. You can declare individual fields of data and describe the types of data they are storing.
# Organizations # Systems # Datasets # Policies Fides Primitives Policies 1. Represents a set of rules that a system must adhere to — your privacy policy as code. 2. Fidesctl evaluates these policies against system/dataset declarations for compliance.
Intake API’s Product connectors Data Subject Interface Privacy request Intake Identity Graph Builder Request Fulfillment Services Policy execution of datastore Policy-generated Identity graph Stripe Billing Info Database & 3rd party adaptors Data package storage Response to subject Privacy request response S3Bucket SELECT * FROM CUSTOMERS WHERE email = ‘james@gmail.com’ Access Edit Erasure postgres.customers. stripe_id Programmatic DSR View CONSUMER / USER AGENT CONTROLLER SUBJECT
Strong criteria for DSR orchestration # Deleting a user should be as seamless as creating a user # DSRs should be easy and free (for users and businesses) # DSRs should be scalable and a core feature of systems # Product and technology innovation should not break DSRs
Takeaways: Engineering DSRs for Complexity # Data orchestration is easy… if you have a great data model # A consistent, interoperable labeling taxonomy is vital # Solve the problem upstream with CI enforced data labeling # Policy rules should be an abstraction of data orchestration
+ Open source privacy engineering platform ~ Free DSR orchestration platform ~ Standard for privacy metadata ~ Privacy labeling built for developers fid.es/join

Recommended

Usg ceilings-systems-catalog-es-mex-grplf
Usg ceilings-systems-catalog-es-mex-grplfUsg ceilings-systems-catalog-es-mex-grplf
Usg ceilings-systems-catalog-es-mex-grplfKanaroca
 
Handrails & Balustrades
Handrails & BalustradesHandrails & Balustrades
Handrails & BalustradesPrashant Rao
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access controlElimity
 
False ceiling
False ceiling False ceiling
False ceiling Educational Learner
 
Information Asset Classification .pptx
Information Asset Classification .pptxInformation Asset Classification .pptx
Information Asset Classification .pptxDrRajapraveen
 
Security Audit View
Security Audit ViewSecurity Audit View
Security Audit ViewPLN9 Security Services Pvt. Ltd.
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityKarthikeyan Dhayalan
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4MLG College of Learning, Inc
 

Recommended

Usg ceilings-systems-catalog-es-mex-grplf
Usg ceilings-systems-catalog-es-mex-grplfUsg ceilings-systems-catalog-es-mex-grplf
Usg ceilings-systems-catalog-es-mex-grplfKanaroca
 
Handrails & Balustrades
Handrails & BalustradesHandrails & Balustrades
Handrails & BalustradesPrashant Rao
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access controlElimity
 
False ceiling
False ceiling False ceiling
False ceiling Educational Learner
 
Information Asset Classification .pptx
Information Asset Classification .pptxInformation Asset Classification .pptx
Information Asset Classification .pptxDrRajapraveen
 
Security Audit View
Security Audit ViewSecurity Audit View
Security Audit ViewPLN9 Security Services Pvt. Ltd.
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityKarthikeyan Dhayalan
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4MLG College of Learning, Inc
 
영업비밀침해로 인한 재산적 이득액과 손해배상 액수산정 김국현 발표자료
영업비밀침해로 인한 재산적 이득액과 손해배상 액수산정 김국현 발표자료영업비밀침해로 인한 재산적 이득액과 손해배상 액수산정 김국현 발표자료
영업비밀침해로 인한 재산적 이득액과 손해배상 액수산정 김국현 발표자료국현 김
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
 
Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Information Security Lesson 2 - Attackers and Attacks - Eric VanderburgInformation Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Information Security Lesson 2 - Attackers and Attacks - Eric VanderburgEric Vanderburg
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsRoberto Ellis
 
Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3MLG College of Learning, Inc
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Cism course ppt
Cism course pptCism course ppt
Cism course pptsophiarock123
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets ManagementAkeyless
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Stainless steel cladding
Stainless steel claddingStainless steel cladding
Stainless steel claddingARS Ltd
 
Lecture #31 : Windows Forensics
Lecture #31 : Windows ForensicsLecture #31 : Windows Forensics
Lecture #31 : Windows ForensicsDr. Ramchandra Mangrulkar
 
Dna fingerprinting
Dna fingerprinting Dna fingerprinting
Dna fingerprinting wendyhilburn
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
Pillar and Bib taps
Pillar and Bib tapsPillar and Bib taps
Pillar and Bib tapsMithilesh Mandal
 
Digital forensics ahmed emam
Digital forensics ahmed emamDigital forensics ahmed emam
Digital forensics ahmed emamahmad abdelhafeez
 
07 Opening - Doors & Windows.pdf
07 Opening - Doors & Windows.pdf07 Opening - Doors & Windows.pdf
07 Opening - Doors & Windows.pdfIgnacio J. Palma, Arch PhD.
 
How I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWHow I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWSounil Yu
 
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with ITBigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with ITBigID Inc
 
Certificazione privacy: ISO 27001
Certificazione privacy: ISO 27001 Certificazione privacy: ISO 27001
Certificazione privacy: ISO 27001 Fabrizio Di Crosta
 
Security Framework for Multitenant Architecture
Security Framework for Multitenant ArchitectureSecurity Framework for Multitenant Architecture
Security Framework for Multitenant ArchitectureDataWorks Summit
 
Open Source, Python based Privacy Engineering Tools
Open Source, Python based Privacy Engineering ToolsOpen Source, Python based Privacy Engineering Tools
Open Source, Python based Privacy Engineering ToolsCillian Kieran
 

More Related Content

What's hot

영업비밀침해로 인한 재산적 이득액과 손해배상 액수산정 김국현 발표자료
영업비밀침해로 인한 재산적 이득액과 손해배상 액수산정 김국현 발표자료영업비밀침해로 인한 재산적 이득액과 손해배상 액수산정 김국현 발표자료
영업비밀침해로 인한 재산적 이득액과 손해배상 액수산정 김국현 발표자료국현 김
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
 
Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Information Security Lesson 2 - Attackers and Attacks - Eric VanderburgInformation Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Information Security Lesson 2 - Attackers and Attacks - Eric VanderburgEric Vanderburg
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3MLG College of Learning, Inc
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets ManagementAkeyless
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Stainless steel cladding
Stainless steel claddingStainless steel cladding
Stainless steel claddingARS Ltd
 
Dna fingerprinting
Dna fingerprinting Dna fingerprinting
Dna fingerprinting wendyhilburn
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
Digital forensics ahmed emam
Digital forensics ahmed emamDigital forensics ahmed emam
Digital forensics ahmed emamahmad abdelhafeez
 
How I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWHow I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWSounil Yu
 
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with ITBigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with ITBigID Inc
 
Certificazione privacy: ISO 27001
Certificazione privacy: ISO 27001 Certificazione privacy: ISO 27001
Certificazione privacy: ISO 27001 Fabrizio Di Crosta
 

What's hot (20)

영업비밀침해로 인한 재산적 이득액과 손해배상 액수산정 김국현 발표자료
영업비밀침해로 인한 재산적 이득액과 손해배상 액수산정 김국현 발표자료영업비밀침해로 인한 재산적 이득액과 손해배상 액수산정 김국현 발표자료
영업비밀침해로 인한 재산적 이득액과 손해배상 액수산정 김국현 발표자료
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)
 
Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Information Security Lesson 2 - Attackers and Attacks - Eric VanderburgInformation Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
 
Cism course ppt
Cism course pptCism course ppt
Cism course ppt
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets Management
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
 
Stainless steel cladding
Stainless steel claddingStainless steel cladding
Stainless steel cladding
 
Lecture #31 : Windows Forensics
Lecture #31 : Windows ForensicsLecture #31 : Windows Forensics
Lecture #31 : Windows Forensics
 
Dna fingerprinting
Dna fingerprinting Dna fingerprinting
Dna fingerprinting
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
 
Pillar and Bib taps
Pillar and Bib tapsPillar and Bib taps
Pillar and Bib taps
 
Digital forensics ahmed emam
Digital forensics ahmed emamDigital forensics ahmed emam
Digital forensics ahmed emam
 
07 Opening - Doors & Windows.pdf
07 Opening - Doors & Windows.pdf07 Opening - Doors & Windows.pdf
07 Opening - Doors & Windows.pdf
 
How I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWHow I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKW
 
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with ITBigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
 
Certificazione privacy: ISO 27001
Certificazione privacy: ISO 27001 Certificazione privacy: ISO 27001
Certificazione privacy: ISO 27001
 

Similar to IAPP PSR 2022: How do you engineer DSAR for Complexity?

Security Framework for Multitenant Architecture
Security Framework for Multitenant ArchitectureSecurity Framework for Multitenant Architecture
Security Framework for Multitenant ArchitectureDataWorks Summit
 
Open Source, Python based Privacy Engineering Tools
Open Source, Python based Privacy Engineering ToolsOpen Source, Python based Privacy Engineering Tools
Open Source, Python based Privacy Engineering ToolsCillian Kieran
 
Applying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsApplying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsPriyanka Aash
 
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsEthyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsCillian Kieran
 
Logical Data Fabric: An Introduction
Logical Data Fabric: An IntroductionLogical Data Fabric: An Introduction
Logical Data Fabric: An IntroductionDenodo
 
Technical Documentation 101 for Data Engineers.pdf
Technical Documentation 101 for Data Engineers.pdfTechnical Documentation 101 for Data Engineers.pdf
Technical Documentation 101 for Data Engineers.pdfShristi Shrestha
 
Prompt Detection of Transformed Data Brench
Prompt Detection of Transformed Data BrenchPrompt Detection of Transformed Data Brench
Prompt Detection of Transformed Data BrenchIRJET Journal
 
Embedding Privacy by Design Into Data Infrastructure
Embedding Privacy by Design Into Data InfrastructureEmbedding Privacy by Design Into Data Infrastructure
Embedding Privacy by Design Into Data InfrastructureCillian Kieran
 
Product Keynote: Advancing Denodo’s Logical Data Fabric with AI and Advanced ...
Product Keynote: Advancing Denodo’s Logical Data Fabric with AI and Advanced ...Product Keynote: Advancing Denodo’s Logical Data Fabric with AI and Advanced ...
Product Keynote: Advancing Denodo’s Logical Data Fabric with AI and Advanced ...Denodo
 
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?Albert Hoitingh
 
Intro to big data and applications -day 3
Intro to big data and applications -day 3Intro to big data and applications -day 3
Intro to big data and applications -day 3Parviz Vakili
 
Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...
Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...
Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...IRJET Journal
 
Database Archiving - Managing Data for Long Retention Periods
Database Archiving - Managing Data for Long Retention PeriodsDatabase Archiving - Managing Data for Long Retention Periods
Database Archiving - Managing Data for Long Retention PeriodsCraig Mullins
 
Your Data is Waiting. What are the Top 5 Trends for Data in 2022? (ASEAN)
Your Data is Waiting. What are the Top 5 Trends for Data in 2022? (ASEAN)Your Data is Waiting. What are the Top 5 Trends for Data in 2022? (ASEAN)
Your Data is Waiting. What are the Top 5 Trends for Data in 2022? (ASEAN)Denodo
 
Denodo’s Data Catalog: Bridging the Gap between Data and Business
Denodo’s Data Catalog: Bridging the Gap between Data and BusinessDenodo’s Data Catalog: Bridging the Gap between Data and Business
Denodo’s Data Catalog: Bridging the Gap between Data and BusinessDenodo
 
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah HurleyCedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah HurleyCedar Consulting
 
Gdpr ccpa automated compliance - spark java application features and functi...
Gdpr ccpa automated compliance - spark java application features and functi...Gdpr ccpa automated compliance - spark java application features and functi...
Gdpr ccpa automated compliance - spark java application features and functi...Steven Meister
 
Qiagram
QiagramQiagram
Qiagramjwppz
 
System analysis and design
System analysis and designSystem analysis and design
System analysis and designRobinsonObura
 

Similar to IAPP PSR 2022: How do you engineer DSAR for Complexity? (20)

Security Framework for Multitenant Architecture
Security Framework for Multitenant ArchitectureSecurity Framework for Multitenant Architecture
Security Framework for Multitenant Architecture
 
Open Source, Python based Privacy Engineering Tools
Open Source, Python based Privacy Engineering ToolsOpen Source, Python based Privacy Engineering Tools
Open Source, Python based Privacy Engineering Tools
 
Applying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsApplying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data Sets
 
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsEthyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
 
Logical Data Fabric: An Introduction
Logical Data Fabric: An IntroductionLogical Data Fabric: An Introduction
Logical Data Fabric: An Introduction
 
Technical Documentation 101 for Data Engineers.pdf
Technical Documentation 101 for Data Engineers.pdfTechnical Documentation 101 for Data Engineers.pdf
Technical Documentation 101 for Data Engineers.pdf
 
Prompt Detection of Transformed Data Brench
Prompt Detection of Transformed Data BrenchPrompt Detection of Transformed Data Brench
Prompt Detection of Transformed Data Brench
 
Embedding Privacy by Design Into Data Infrastructure
Embedding Privacy by Design Into Data InfrastructureEmbedding Privacy by Design Into Data Infrastructure
Embedding Privacy by Design Into Data Infrastructure
 
Product Keynote: Advancing Denodo’s Logical Data Fabric with AI and Advanced ...
Product Keynote: Advancing Denodo’s Logical Data Fabric with AI and Advanced ...Product Keynote: Advancing Denodo’s Logical Data Fabric with AI and Advanced ...
Product Keynote: Advancing Denodo’s Logical Data Fabric with AI and Advanced ...
 
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?
 
Intro to big data and applications -day 3
Intro to big data and applications -day 3Intro to big data and applications -day 3
Intro to big data and applications -day 3
 
Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...
Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...
Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...
 
Database Archiving - Managing Data for Long Retention Periods
Database Archiving - Managing Data for Long Retention PeriodsDatabase Archiving - Managing Data for Long Retention Periods
Database Archiving - Managing Data for Long Retention Periods
 
Your Data is Waiting. What are the Top 5 Trends for Data in 2022? (ASEAN)
Your Data is Waiting. What are the Top 5 Trends for Data in 2022? (ASEAN)Your Data is Waiting. What are the Top 5 Trends for Data in 2022? (ASEAN)
Your Data is Waiting. What are the Top 5 Trends for Data in 2022? (ASEAN)
 
Denodo’s Data Catalog: Bridging the Gap between Data and Business
Denodo’s Data Catalog: Bridging the Gap between Data and BusinessDenodo’s Data Catalog: Bridging the Gap between Data and Business
Denodo’s Data Catalog: Bridging the Gap between Data and Business
 
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah HurleyCedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
 
Gdpr ccpa automated compliance - spark java application features and functi...
Gdpr ccpa automated compliance - spark java application features and functi...Gdpr ccpa automated compliance - spark java application features and functi...
Gdpr ccpa automated compliance - spark java application features and functi...
 
Qiagram
QiagramQiagram
Qiagram
 
System analysis and design
System analysis and designSystem analysis and design
System analysis and design
 
Ingres database and compliance
Ingres database and complianceIngres database and compliance
Ingres database and compliance
 

Recently uploaded

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

IAPP PSR 2022: How do you engineer DSAR for Complexity?

  • 1. How Do You Engineer … DSAR For Multiple Profiles Complexity? Privacy Engineering @cillian
  • 2. + Open source privacy engineering platform ~ Free DSR orchestration platform ~ Standard for privacy metadata ~ Privacy labeling built for developers fid.es/join
  • 3. # DSRs: the cause of complexity # DSRs: the impacts of complexity # Architecture for agile DSR at scale # Recommendations for Engineering DSR Contents
  • 4. Why are DSRs so painful, slow and costly?
  • 5. A new user’s data is created across systems in seconds
  • 6. A new user’s data is created across systems in seconds DATA SOURCES INTERNAL STORAGE BUSINESS INTELLIGENCE 3RD PARTY SYSTEMS NEW USER
  • 7. Deleting the same user’s data can take weeks. Why?
  • 8. REQUEST INGESTION SUPPORT TEAMS INTERNAL WORKFLOW TEAM PROCESSES SUBJECT REQUEST A subject request is processed manually over weeks DATA PROCESSING PRIVACY WORKFLOW
  • 9. DSRs cost time, money and create risk
  • 10. Engineering teams have perfected the art of data creation Not the art of data deletion
  • 11. The causes of DSRs Exponential Complexity # System design prioritizes creation, not deletion, or consolidated access # Data sprawl increases over time with new technology adoption # User data structures vary widely # There is no consistent data labeling convention # Request types vary (agent, controller, subject) # Business constraints on what data to process in a request vary widely
  • 12. The impact of DSRs Exponential Complexity # No data model = no data automation # Avg. time per request 4 - 80 hours # Avg. cost per request $1,400 # Creating a resource tax on all business units # Valuable resources diverted from core business activities # Certainty of completeness is low
  • 14. Our criteria for DSR orchestration # Deleting a user should be as seamless as creating a user # DSRs should be easy and free (for users and businesses) # DSRs should be scalable and a core feature of systems # Product and technology innovation should not break DSRs
  • 15. The solutions to DSRs Exponential Complexity # System design prioritizes creation, not deletion, or consolidated access # Systems designed for DSR by default # Data sprawl increases over time with new technology adoption # A standard interface and protocol for DSR # User data structures vary widely # An orchestration tool built for flexibility # There is no consistent data labeling convention # A consistent and interoperable labeling standard # Request types vary (agent, controller, subject) # A standard interface and protocol for DSR (see point 2) # Business constraints on what data to process in a request vary widely # Flexible rule and policy engine
  • 16. GEOGRAPHIC POLICIES POLICY ENGINE AGENT VERIFICATION ID VERIFICATION WAREHOUSES THIRD PARTY SYSTEMS INTERNAL DATA SYSTEMS DATA MODEL ORCHESTRATION DE-IDENTIFY DATA UPDATE DATA RETRIEVE DATA EMAIL INGESTION SUPPORT TICKET PHONE CALL CONSUMER / USER API SUBJECT ID MFA CONTROLLER VERIFICATION BUSINESS POLICIES TECHNICAL POLICIES AUTOMATED RESPONSE TO SUBJECT / REQUESTING PARTY Systems & Processes DSR View AGENT CONTROLLER SUBJECT
  • 17. CONSUMER / USER AUTOMATED RESPONSE TO SUBJECT / REQUESTING PARTY Abstract Architecture AGENT CONTROLLER SUBJECT REQUEST INGESTION IDENTITY VERIFICATION AUDIT TRAIL CONFIGURABLE POLICIES CONSISTENT PRIVACY METADATA ORCHESTRATION ENGINE
  • 18. CONSUMER / USER AUTOMATED RESPONSE TO SUBJECT / REQUESTING PARTY Abstract Architecture AGENT CONTROLLER SUBJECT REQUEST INGESTION IDENTITY VERIFICATION AUDIT TRAIL CONFIGURABLE POLICIES CONSISTENT PRIVACY METADATA ORCHESTRATION ENGINE
  • 19. An open source privacy standard for data labeling and policies that supports GDPR, CCPA, LGPD and ISO 19944 Explorer fid.es/taxonomy
  • 20. Using this standard privacy language you can describe… # What type of data your application processes (data_category) # How your system uses that data (data_use) # What policies or rules you want your systems to adhere to
  • 21. # Light-weight declarative language # Dot notation (mostly) # YAML in your projects (inline declarations coming soon) Fides Declarations # System operations data # User provided email address system.operations user.provided.identifiable.contact.email
  • 22. Fides Primitives Organizations 1. Represents all or any part of an organization. 2. Establishes the root of the resource hierarchy. 3. Organizations are unique, i.e. you cannot reference other organization scopes. # Organizations # Systems # Datasets # Policies
  • 23. # Organizations # Systems # Datasets # Policies Fides Primitives Systems 1. Represents the privacy properties of a single project, services, codebase or application. 2. Describes the categories of data being processed and use of the data in the system.
  • 24. # Organizations # Systems # Datasets # Policies Fides Primitives Datasets 1. Represent any location data is stored; databases, data warehouses or other stores. 2. You can declare individual fields of data and describe the types of data they are storing.
  • 25. # Organizations # Systems # Datasets # Policies Fides Primitives Policies 1. Represents a set of rules that a system must adhere to — your privacy policy as code. 2. Fidesctl evaluates these policies against system/dataset declarations for compliance.
  • 26. Intake API’s Product connectors Data Subject Interface Privacy request Intake Identity Graph Builder Request Fulfillment Services Policy execution of datastore Policy-generated Identity graph Stripe Billing Info Database & 3rd party adaptors Data package storage Response to subject Privacy request response S3Bucket SELECT * FROM CUSTOMERS WHERE email = ‘james@gmail.com’ Access Edit Erasure postgres.customers. stripe_id Programmatic DSR View CONSUMER / USER AGENT CONTROLLER SUBJECT
  • 27. Strong criteria for DSR orchestration # Deleting a user should be as seamless as creating a user # DSRs should be easy and free (for users and businesses) # DSRs should be scalable and a core feature of systems # Product and technology innovation should not break DSRs
  • 28. Takeaways: Engineering DSRs for Complexity # Data orchestration is easy… if you have a great data model # A consistent, interoperable labeling taxonomy is vital # Solve the problem upstream with CI enforced data labeling # Policy rules should be an abstraction of data orchestration
  • 29.
  • 30. + Open source privacy engineering platform ~ Free DSR orchestration platform ~ Standard for privacy metadata ~ Privacy labeling built for developers fid.es/join