Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Kris Constable: IDVPN: a VPN for complying with justistional regulations.


Published on

You have a lot of data! How can you keep your member and client information secure? What legal rules does you nonprofit need to follow when it comes to data hosting? What tools and apps won't get your in trouble?

We have four experts who will answer all your questions.

* Alejandra Brown: Introduction to privacy and overview of privacy and data residency rules that apply to BC nonprofits.

* Mack Hardy: Five practical things you can do to secure your online self. Policies, 2FA, password managers, and more.

* Damien Norris: A suite of curated tools that organizations can use to locally/securely replace the US owned cloud services in their lives.

* Kris Constable: IDVPN: a VPN for complying with justistional regulations.

Published in: Data & Analytics
  • Be the first to comment

  • Be the first to like this

Kris Constable: IDVPN: a VPN for complying with justistional regulations.

  1. 1. • Owner / Operator and PrivaSecTech • Global security expert for Canada’s biggest company in the first phase of my career (security). • Advisor and investigator for the privacy commissioner of BC (since 2005), one of the first international trainers for the IAPP in the second phase of my career (privacy). • Now focused on solutions for orgs that don’t have the resources yet to access top privacy & security talent (startups and non-profits).
  2. 2. A VPN for your identity. No longer worry about data breaches.
  3. 3. How does it work? • If you have a developer on staff and your org can handle OpenID Connect (OIDC) = integrate within 10 minutes. • You let us know which claims (ID attributes) you want from users, to meet legal requirements. Age? Email confirmation? FOIPPA compliance? • We handle the rest.
  4. 4. Which claims can we handle? • Age gates (user is 18 or 19 years old) • FOIPPA compliance (BC privacy law) • Sanction list checking (anti-money laundering, counter terrorist financing) • Location (Must be in Vancouver, or Manitoba) • Anything on a government issued ID • Any combination thereof
  5. 5. How we differ • Once we verify a user, and the claim you’ve requested, we just confirm with a yes or no if that user meets your requirements, and then we send you a virtual ID for them, not their real name. You will never have their real name in your database. • This means if/when you are hacked, as you will only have the virtual IDs.
  6. 6. Alex logging in to enabled Wordpress site to vote What knows and had verified
  7. 7. Guarantor • We can also meet any level of guarantor of an ID you require, such as: – Email verification (self attestation) – Friend (web of trust) – Government agent – Lawyer/Notary public
  8. 8. Are we a good fit? • What does it cost you to manage your users securely? Include systems, databases, and the people required to manage it, as well the people required to secure it. • Do you have security and privacy expertise in house? • How much would a data breach impact your org? • How much would a regulator non-compliance (GDPR, FOIPPA) finding cost you in terms of financial penalties, but also reputation management?
  9. 9. Breathe
  10. 10. • Award winning boutique privacy & security firm since 2005 based in B.C. focused on non-profits and startups. • We usually start with a 4 step security audit: • Building of an asset catalog, threat model, vulnerability assessment, and penetration test. • You can also keep us on retainer for privacy and/or security issues and use as needed.
  11. 11. Today’s #1 tip: Backup and Restore (tarsnap)
  12. 12. Member of “We fix sh!t” agency  Boutique agency offering audit and consulting for: design, privacy, security, finance, marketing/SEO  Best in the business -- want to help startups & non-profits  Former design director of Metalab  CPA who’se done DD for +40 VC funded orgs  My team for privacy, security & marketing  Built website traffic to +10mm requests
  13. 13. Questions? I love to help, shoot me an email any time @cqwww on Twitter PrivaSecTech on Facebook No question is too silly