SlideShare a Scribd company logo

IAPP PSR 2022: How do you engineer DSAR for Complexity?

Cillian Kieran
Cillian Kieran

This talk given by Cillian Kieran outlined how you engineer DSR for complex distributed systems as given at IAPP PSR, 2022 in Austin, TX -- A summary of privacy engineers, DSAR and data management for distributed data systems

Technology
1 of 30
Download to read offline
How Do You Engineer … DSAR For Multiple Profiles Complexity? Privacy Engineering @cillian
+ Open source privacy engineering platform ~ Free DSR orchestration platform ~ Standard for privacy metadata ~ Privacy labeling built for developers fid.es/join
# DSRs: the cause of complexity # DSRs: the impacts of complexity # Architecture for agile DSR at scale # Recommendations for Engineering DSR Contents
Why are DSRs so painful, slow and costly?
A new user’s data is created across systems in seconds
A new user’s data is created across systems in seconds DATA SOURCES INTERNAL STORAGE BUSINESS INTELLIGENCE 3RD PARTY SYSTEMS NEW USER
Deleting the same user’s data can take weeks. Why?
REQUEST INGESTION SUPPORT TEAMS INTERNAL WORKFLOW TEAM PROCESSES SUBJECT REQUEST A subject request is processed manually over weeks DATA PROCESSING PRIVACY WORKFLOW
DSRs cost time, money and create risk
Engineering teams have perfected the art of data creation Not the art of data deletion
The causes of DSRs Exponential Complexity # System design prioritizes creation, not deletion, or consolidated access # Data sprawl increases over time with new technology adoption # User data structures vary widely # There is no consistent data labeling convention # Request types vary (agent, controller, subject) # Business constraints on what data to process in a request vary widely
The impact of DSRs Exponential Complexity # No data model = no data automation # Avg. time per request 4 - 80 hours # Avg. cost per request $1,400 # Creating a resource tax on all business units # Valuable resources diverted from core business activities # Certainty of completeness is low
Engineering DSR Orchestration for Complexity
Our criteria for DSR orchestration # Deleting a user should be as seamless as creating a user # DSRs should be easy and free (for users and businesses) # DSRs should be scalable and a core feature of systems # Product and technology innovation should not break DSRs
The solutions to DSRs Exponential Complexity # System design prioritizes creation, not deletion, or consolidated access # Systems designed for DSR by default # Data sprawl increases over time with new technology adoption # A standard interface and protocol for DSR # User data structures vary widely # An orchestration tool built for flexibility # There is no consistent data labeling convention # A consistent and interoperable labeling standard # Request types vary (agent, controller, subject) # A standard interface and protocol for DSR (see point 2) # Business constraints on what data to process in a request vary widely # Flexible rule and policy engine
GEOGRAPHIC POLICIES POLICY ENGINE AGENT VERIFICATION ID VERIFICATION WAREHOUSES THIRD PARTY SYSTEMS INTERNAL DATA SYSTEMS DATA MODEL ORCHESTRATION DE-IDENTIFY DATA UPDATE DATA RETRIEVE DATA EMAIL INGESTION SUPPORT TICKET PHONE CALL CONSUMER / USER API SUBJECT ID MFA CONTROLLER VERIFICATION BUSINESS POLICIES TECHNICAL POLICIES AUTOMATED RESPONSE TO SUBJECT / REQUESTING PARTY Systems & Processes DSR View AGENT CONTROLLER SUBJECT
CONSUMER / USER AUTOMATED RESPONSE TO SUBJECT / REQUESTING PARTY Abstract Architecture AGENT CONTROLLER SUBJECT REQUEST INGESTION IDENTITY VERIFICATION AUDIT TRAIL CONFIGURABLE POLICIES CONSISTENT PRIVACY METADATA ORCHESTRATION ENGINE
CONSUMER / USER AUTOMATED RESPONSE TO SUBJECT / REQUESTING PARTY Abstract Architecture AGENT CONTROLLER SUBJECT REQUEST INGESTION IDENTITY VERIFICATION AUDIT TRAIL CONFIGURABLE POLICIES CONSISTENT PRIVACY METADATA ORCHESTRATION ENGINE
An open source privacy standard for data labeling and policies that supports GDPR, CCPA, LGPD and ISO 19944 Explorer fid.es/taxonomy
Using this standard privacy language you can describe… # What type of data your application processes (data_category) # How your system uses that data (data_use) # What policies or rules you want your systems to adhere to
# Light-weight declarative language # Dot notation (mostly) # YAML in your projects (inline declarations coming soon) Fides Declarations # System operations data # User provided email address system.operations user.provided.identifiable.contact.email
Fides Primitives Organizations 1. Represents all or any part of an organization. 2. Establishes the root of the resource hierarchy. 3. Organizations are unique, i.e. you cannot reference other organization scopes. # Organizations # Systems # Datasets # Policies
# Organizations # Systems # Datasets # Policies Fides Primitives Systems 1. Represents the privacy properties of a single project, services, codebase or application. 2. Describes the categories of data being processed and use of the data in the system.
# Organizations # Systems # Datasets # Policies Fides Primitives Datasets 1. Represent any location data is stored; databases, data warehouses or other stores. 2. You can declare individual fields of data and describe the types of data they are storing.
# Organizations # Systems # Datasets # Policies Fides Primitives Policies 1. Represents a set of rules that a system must adhere to — your privacy policy as code. 2. Fidesctl evaluates these policies against system/dataset declarations for compliance.
Intake API’s Product connectors Data Subject Interface Privacy request Intake Identity Graph Builder Request Fulfillment Services Policy execution of datastore Policy-generated Identity graph Stripe Billing Info Database & 3rd party adaptors Data package storage Response to subject Privacy request response S3Bucket SELECT * FROM CUSTOMERS WHERE email = ‘james@gmail.com’ Access Edit Erasure postgres.customers. stripe_id Programmatic DSR View CONSUMER / USER AGENT CONTROLLER SUBJECT
Strong criteria for DSR orchestration # Deleting a user should be as seamless as creating a user # DSRs should be easy and free (for users and businesses) # DSRs should be scalable and a core feature of systems # Product and technology innovation should not break DSRs
Takeaways: Engineering DSRs for Complexity # Data orchestration is easy… if you have a great data model # A consistent, interoperable labeling taxonomy is vital # Solve the problem upstream with CI enforced data labeling # Policy rules should be an abstraction of data orchestration
+ Open source privacy engineering platform ~ Free DSR orchestration platform ~ Standard for privacy metadata ~ Privacy labeling built for developers fid.es/join

Recommended

Information Leakage & DLP
Information Leakage & DLPInformation Leakage & DLP
Information Leakage & DLP
Yun Lu
 
Data protection and privacy
Data protection and privacyData protection and privacy
Data protection and privacy
himanshu jain
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
Ulf Mattsson
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 Days
Resilient Systems
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigation
Mehedi Hasan
 
The Dark Side of Certificate Transparency
The Dark Side of Certificate TransparencyThe Dark Side of Certificate Transparency
The Dark Side of Certificate Transparency
Aan
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill
Komal Gadia
 
Privacidade By Design
Privacidade By DesignPrivacidade By Design
Privacidade By Design
Douglas Siviotti
 

Recommended

Information Leakage & DLP
Information Leakage & DLPInformation Leakage & DLP
Information Leakage & DLP
Yun Lu
 
Data protection and privacy
Data protection and privacyData protection and privacy
Data protection and privacy
himanshu jain
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
Ulf Mattsson
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 Days
Resilient Systems
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigation
Mehedi Hasan
 
The Dark Side of Certificate Transparency
The Dark Side of Certificate TransparencyThe Dark Side of Certificate Transparency
The Dark Side of Certificate Transparency
Aan
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill
Komal Gadia
 
Privacidade By Design
Privacidade By DesignPrivacidade By Design
Privacidade By Design
Douglas Siviotti
 
Observability, what, why and how
Observability, what, why and howObservability, what, why and how
Observability, what, why and how
Neeraj Bagga
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Sanjana Agarwal
 
Art Ville : Salvador-BA
Art Ville : Salvador-BAArt Ville : Salvador-BA
Art Ville : Salvador-BA
OAS Imóveis
 
Best Cyber Security Projects | The Knowledge Academy
Best Cyber Security Projects | The Knowledge Academy Best Cyber Security Projects | The Knowledge Academy
Best Cyber Security Projects | The Knowledge Academy
The Knowledge Academy
 
Observability
Observability Observability
Observability
Enes Altınok
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
Priyanka Aash
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for Businesses
Alex Rudie
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
Shankar Subramaniyan
 
Privacy in the Age of Big Data
Privacy in the Age of Big DataPrivacy in the Age of Big Data
Privacy in the Age of Big Data
Arab Federation for Digital Economy
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
ControlCase
 
TI Safe - Formação em Segurança de Automação Industrial
TI Safe - Formação em Segurança de Automação IndustrialTI Safe - Formação em Segurança de Automação Industrial
TI Safe - Formação em Segurança de Automação Industrial
TI Safe
 
computer forensics
computer forensicscomputer forensics
computer forensics
Vaibhav Tapse
 
Monitoring and observability
Monitoring and observabilityMonitoring and observability
Monitoring and observability
Theo Schlossnagle
 
La gouvernance IAM au service des stratégies métiers
La gouvernance IAM au service des stratégies métiersLa gouvernance IAM au service des stratégies métiers
La gouvernance IAM au service des stratégies métiers
Marc Rousselet
 
Cloud security
Cloud security Cloud security
Cloud security
n|u - The Open Security Community
 
Galaxy Hardware Catalog
Galaxy Hardware CatalogGalaxy Hardware Catalog
Galaxy Hardware Catalog
Galaxy Hardware
 
THE ESSENTIAL ELEMENT OF YOUR SECURITY
THE ESSENTIAL ELEMENT OF YOUR SECURITYTHE ESSENTIAL ELEMENT OF YOUR SECURITY
THE ESSENTIAL ELEMENT OF YOUR SECURITY
ETDAofficialRegist
 
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaCloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Edureka!
 
Blaze Information Security: The cost of fixing security vulnerabilities in ea...
Blaze Information Security: The cost of fixing security vulnerabilities in ea...Blaze Information Security: The cost of fixing security vulnerabilities in ea...
Blaze Information Security: The cost of fixing security vulnerabilities in ea...
Blaze Information Security
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Security Framework for Multitenant Architecture
Security Framework for Multitenant ArchitectureSecurity Framework for Multitenant Architecture
Security Framework for Multitenant Architecture
DataWorks Summit
 
Open Source, Python based Privacy Engineering Tools
Open Source, Python based Privacy Engineering ToolsOpen Source, Python based Privacy Engineering Tools
Open Source, Python based Privacy Engineering Tools
Cillian Kieran
 

More Related Content

What's hot

Observability, what, why and how
Observability, what, why and howObservability, what, why and how
Observability, what, why and how
Neeraj Bagga
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Sanjana Agarwal
 
Art Ville : Salvador-BA
Art Ville : Salvador-BAArt Ville : Salvador-BA
Art Ville : Salvador-BA
OAS Imóveis
 
Best Cyber Security Projects | The Knowledge Academy
Best Cyber Security Projects | The Knowledge Academy Best Cyber Security Projects | The Knowledge Academy
Best Cyber Security Projects | The Knowledge Academy
The Knowledge Academy
 
Observability
Observability Observability
Observability
Enes Altınok
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
Priyanka Aash
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for Businesses
Alex Rudie
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
Shankar Subramaniyan
 
Privacy in the Age of Big Data
Privacy in the Age of Big DataPrivacy in the Age of Big Data
Privacy in the Age of Big Data
Arab Federation for Digital Economy
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
ControlCase
 
TI Safe - Formação em Segurança de Automação Industrial
TI Safe - Formação em Segurança de Automação IndustrialTI Safe - Formação em Segurança de Automação Industrial
TI Safe - Formação em Segurança de Automação Industrial
TI Safe
 
computer forensics
computer forensicscomputer forensics
computer forensics
Vaibhav Tapse
 
Monitoring and observability
Monitoring and observabilityMonitoring and observability
Monitoring and observability
Theo Schlossnagle
 
La gouvernance IAM au service des stratégies métiers
La gouvernance IAM au service des stratégies métiersLa gouvernance IAM au service des stratégies métiers
La gouvernance IAM au service des stratégies métiers
Marc Rousselet
 
Cloud security
Cloud security Cloud security
Cloud security
n|u - The Open Security Community
 
Galaxy Hardware Catalog
Galaxy Hardware CatalogGalaxy Hardware Catalog
Galaxy Hardware Catalog
Galaxy Hardware
 
THE ESSENTIAL ELEMENT OF YOUR SECURITY
THE ESSENTIAL ELEMENT OF YOUR SECURITYTHE ESSENTIAL ELEMENT OF YOUR SECURITY
THE ESSENTIAL ELEMENT OF YOUR SECURITY
ETDAofficialRegist
 
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaCloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Edureka!
 
Blaze Information Security: The cost of fixing security vulnerabilities in ea...
Blaze Information Security: The cost of fixing security vulnerabilities in ea...Blaze Information Security: The cost of fixing security vulnerabilities in ea...
Blaze Information Security: The cost of fixing security vulnerabilities in ea...
Blaze Information Security
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 

What's hot (20)

Observability, what, why and how
Observability, what, why and howObservability, what, why and how
Observability, what, why and how
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Art Ville : Salvador-BA
Art Ville : Salvador-BAArt Ville : Salvador-BA
Art Ville : Salvador-BA
 
Best Cyber Security Projects | The Knowledge Academy
Best Cyber Security Projects | The Knowledge Academy Best Cyber Security Projects | The Knowledge Academy
Best Cyber Security Projects | The Knowledge Academy
 
Observability
Observability Observability
Observability
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for Businesses
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
 
Privacy in the Age of Big Data
Privacy in the Age of Big DataPrivacy in the Age of Big Data
Privacy in the Age of Big Data
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
 
TI Safe - Formação em Segurança de Automação Industrial
TI Safe - Formação em Segurança de Automação IndustrialTI Safe - Formação em Segurança de Automação Industrial
TI Safe - Formação em Segurança de Automação Industrial
 
computer forensics
computer forensicscomputer forensics
computer forensics
 
Monitoring and observability
Monitoring and observabilityMonitoring and observability
Monitoring and observability
 
La gouvernance IAM au service des stratégies métiers
La gouvernance IAM au service des stratégies métiersLa gouvernance IAM au service des stratégies métiers
La gouvernance IAM au service des stratégies métiers
 
Cloud security
Cloud security Cloud security
Cloud security
 
Galaxy Hardware Catalog
Galaxy Hardware CatalogGalaxy Hardware Catalog
Galaxy Hardware Catalog
 
THE ESSENTIAL ELEMENT OF YOUR SECURITY
THE ESSENTIAL ELEMENT OF YOUR SECURITYTHE ESSENTIAL ELEMENT OF YOUR SECURITY
THE ESSENTIAL ELEMENT OF YOUR SECURITY
 
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaCloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
 
Blaze Information Security: The cost of fixing security vulnerabilities in ea...
Blaze Information Security: The cost of fixing security vulnerabilities in ea...Blaze Information Security: The cost of fixing security vulnerabilities in ea...
Blaze Information Security: The cost of fixing security vulnerabilities in ea...
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 

Similar to IAPP PSR 2022: How do you engineer DSAR for Complexity?

Security Framework for Multitenant Architecture
Security Framework for Multitenant ArchitectureSecurity Framework for Multitenant Architecture
Security Framework for Multitenant Architecture
DataWorks Summit
 
Open Source, Python based Privacy Engineering Tools
Open Source, Python based Privacy Engineering ToolsOpen Source, Python based Privacy Engineering Tools
Open Source, Python based Privacy Engineering Tools
Cillian Kieran
 
Applying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsApplying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data Sets
Priyanka Aash
 
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsEthyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Cillian Kieran
 
Logical Data Fabric: An Introduction
Logical Data Fabric: An IntroductionLogical Data Fabric: An Introduction
Logical Data Fabric: An Introduction
Denodo
 
Technical Documentation 101 for Data Engineers.pdf
Technical Documentation 101 for Data Engineers.pdfTechnical Documentation 101 for Data Engineers.pdf
Technical Documentation 101 for Data Engineers.pdf
Shristi Shrestha
 
Prompt Detection of Transformed Data Brench
Prompt Detection of Transformed Data BrenchPrompt Detection of Transformed Data Brench
Prompt Detection of Transformed Data Brench
IRJET Journal
 
Embedding Privacy by Design Into Data Infrastructure
Embedding Privacy by Design Into Data InfrastructureEmbedding Privacy by Design Into Data Infrastructure
Embedding Privacy by Design Into Data Infrastructure
Cillian Kieran
 
Product Keynote: Advancing Denodo’s Logical Data Fabric with AI and Advanced ...
Product Keynote: Advancing Denodo’s Logical Data Fabric with AI and Advanced ...Product Keynote: Advancing Denodo’s Logical Data Fabric with AI and Advanced ...
Product Keynote: Advancing Denodo’s Logical Data Fabric with AI and Advanced ...
Denodo
 
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?
Albert Hoitingh
 
Intro to big data and applications -day 3
Intro to big data and applications -day 3Intro to big data and applications -day 3
Intro to big data and applications -day 3
Parviz Vakili
 
Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...
Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...
Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...
IRJET Journal
 
Database Archiving - Managing Data for Long Retention Periods
Database Archiving - Managing Data for Long Retention PeriodsDatabase Archiving - Managing Data for Long Retention Periods
Database Archiving - Managing Data for Long Retention Periods
Craig Mullins
 
Your Data is Waiting. What are the Top 5 Trends for Data in 2022? (ASEAN)
Your Data is Waiting. What are the Top 5 Trends for Data in 2022? (ASEAN)Your Data is Waiting. What are the Top 5 Trends for Data in 2022? (ASEAN)
Your Data is Waiting. What are the Top 5 Trends for Data in 2022? (ASEAN)
Denodo
 
Denodo’s Data Catalog: Bridging the Gap between Data and Business
Denodo’s Data Catalog: Bridging the Gap between Data and BusinessDenodo’s Data Catalog: Bridging the Gap between Data and Business
Denodo’s Data Catalog: Bridging the Gap between Data and Business
Denodo
 
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah HurleyCedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
Cedar Consulting
 
Gdpr ccpa automated compliance - spark java application features and functi...
Gdpr ccpa automated compliance - spark java application features and functi...Gdpr ccpa automated compliance - spark java application features and functi...
Gdpr ccpa automated compliance - spark java application features and functi...
Steven Meister
 
Qiagram
QiagramQiagram
Qiagram
jwppz
 
System analysis and design
System analysis and designSystem analysis and design
System analysis and design
RobinsonObura
 
Ingres database and compliance
Ingres database and complianceIngres database and compliance
Ingres database and compliance
Actian Corporation
 

Similar to IAPP PSR 2022: How do you engineer DSAR for Complexity? (20)

Security Framework for Multitenant Architecture
Security Framework for Multitenant ArchitectureSecurity Framework for Multitenant Architecture
Security Framework for Multitenant Architecture
 
Open Source, Python based Privacy Engineering Tools
Open Source, Python based Privacy Engineering ToolsOpen Source, Python based Privacy Engineering Tools
Open Source, Python based Privacy Engineering Tools
 
Applying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsApplying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data Sets
 
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsEthyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
 
Logical Data Fabric: An Introduction
Logical Data Fabric: An IntroductionLogical Data Fabric: An Introduction
Logical Data Fabric: An Introduction
 
Technical Documentation 101 for Data Engineers.pdf
Technical Documentation 101 for Data Engineers.pdfTechnical Documentation 101 for Data Engineers.pdf
Technical Documentation 101 for Data Engineers.pdf
 
Prompt Detection of Transformed Data Brench
Prompt Detection of Transformed Data BrenchPrompt Detection of Transformed Data Brench
Prompt Detection of Transformed Data Brench
 
Embedding Privacy by Design Into Data Infrastructure
Embedding Privacy by Design Into Data InfrastructureEmbedding Privacy by Design Into Data Infrastructure
Embedding Privacy by Design Into Data Infrastructure
 
Product Keynote: Advancing Denodo’s Logical Data Fabric with AI and Advanced ...
Product Keynote: Advancing Denodo’s Logical Data Fabric with AI and Advanced ...Product Keynote: Advancing Denodo’s Logical Data Fabric with AI and Advanced ...
Product Keynote: Advancing Denodo’s Logical Data Fabric with AI and Advanced ...
 
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?
 
Intro to big data and applications -day 3
Intro to big data and applications -day 3Intro to big data and applications -day 3
Intro to big data and applications -day 3
 
Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...
Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...
Implementation and Review Paper of Secure and Dynamic Multi Keyword Search in...
 
Database Archiving - Managing Data for Long Retention Periods
Database Archiving - Managing Data for Long Retention PeriodsDatabase Archiving - Managing Data for Long Retention Periods
Database Archiving - Managing Data for Long Retention Periods
 
Your Data is Waiting. What are the Top 5 Trends for Data in 2022? (ASEAN)
Your Data is Waiting. What are the Top 5 Trends for Data in 2022? (ASEAN)Your Data is Waiting. What are the Top 5 Trends for Data in 2022? (ASEAN)
Your Data is Waiting. What are the Top 5 Trends for Data in 2022? (ASEAN)
 
Denodo’s Data Catalog: Bridging the Gap between Data and Business
Denodo’s Data Catalog: Bridging the Gap between Data and BusinessDenodo’s Data Catalog: Bridging the Gap between Data and Business
Denodo’s Data Catalog: Bridging the Gap between Data and Business
 
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah HurleyCedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
 
Gdpr ccpa automated compliance - spark java application features and functi...
Gdpr ccpa automated compliance - spark java application features and functi...Gdpr ccpa automated compliance - spark java application features and functi...
Gdpr ccpa automated compliance - spark java application features and functi...
 
Qiagram
QiagramQiagram
Qiagram
 
System analysis and design
System analysis and designSystem analysis and design
System analysis and design
 
Ingres database and compliance
Ingres database and complianceIngres database and compliance
Ingres database and compliance
 

Recently uploaded

Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
Techgropse Pvt.Ltd.
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
Claudio Di Ciccio
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 

Recently uploaded (20)

Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 

IAPP PSR 2022: How do you engineer DSAR for Complexity?

  • 1. How Do You Engineer … DSAR For Multiple Profiles Complexity? Privacy Engineering @cillian
  • 2. + Open source privacy engineering platform ~ Free DSR orchestration platform ~ Standard for privacy metadata ~ Privacy labeling built for developers fid.es/join
  • 3. # DSRs: the cause of complexity # DSRs: the impacts of complexity # Architecture for agile DSR at scale # Recommendations for Engineering DSR Contents
  • 4. Why are DSRs so painful, slow and costly?
  • 5. A new user’s data is created across systems in seconds
  • 6. A new user’s data is created across systems in seconds DATA SOURCES INTERNAL STORAGE BUSINESS INTELLIGENCE 3RD PARTY SYSTEMS NEW USER
  • 7. Deleting the same user’s data can take weeks. Why?
  • 8. REQUEST INGESTION SUPPORT TEAMS INTERNAL WORKFLOW TEAM PROCESSES SUBJECT REQUEST A subject request is processed manually over weeks DATA PROCESSING PRIVACY WORKFLOW
  • 9. DSRs cost time, money and create risk
  • 10. Engineering teams have perfected the art of data creation Not the art of data deletion
  • 11. The causes of DSRs Exponential Complexity # System design prioritizes creation, not deletion, or consolidated access # Data sprawl increases over time with new technology adoption # User data structures vary widely # There is no consistent data labeling convention # Request types vary (agent, controller, subject) # Business constraints on what data to process in a request vary widely
  • 12. The impact of DSRs Exponential Complexity # No data model = no data automation # Avg. time per request 4 - 80 hours # Avg. cost per request $1,400 # Creating a resource tax on all business units # Valuable resources diverted from core business activities # Certainty of completeness is low
  • 14. Our criteria for DSR orchestration # Deleting a user should be as seamless as creating a user # DSRs should be easy and free (for users and businesses) # DSRs should be scalable and a core feature of systems # Product and technology innovation should not break DSRs
  • 15. The solutions to DSRs Exponential Complexity # System design prioritizes creation, not deletion, or consolidated access # Systems designed for DSR by default # Data sprawl increases over time with new technology adoption # A standard interface and protocol for DSR # User data structures vary widely # An orchestration tool built for flexibility # There is no consistent data labeling convention # A consistent and interoperable labeling standard # Request types vary (agent, controller, subject) # A standard interface and protocol for DSR (see point 2) # Business constraints on what data to process in a request vary widely # Flexible rule and policy engine
  • 16. GEOGRAPHIC POLICIES POLICY ENGINE AGENT VERIFICATION ID VERIFICATION WAREHOUSES THIRD PARTY SYSTEMS INTERNAL DATA SYSTEMS DATA MODEL ORCHESTRATION DE-IDENTIFY DATA UPDATE DATA RETRIEVE DATA EMAIL INGESTION SUPPORT TICKET PHONE CALL CONSUMER / USER API SUBJECT ID MFA CONTROLLER VERIFICATION BUSINESS POLICIES TECHNICAL POLICIES AUTOMATED RESPONSE TO SUBJECT / REQUESTING PARTY Systems & Processes DSR View AGENT CONTROLLER SUBJECT
  • 17. CONSUMER / USER AUTOMATED RESPONSE TO SUBJECT / REQUESTING PARTY Abstract Architecture AGENT CONTROLLER SUBJECT REQUEST INGESTION IDENTITY VERIFICATION AUDIT TRAIL CONFIGURABLE POLICIES CONSISTENT PRIVACY METADATA ORCHESTRATION ENGINE
  • 18. CONSUMER / USER AUTOMATED RESPONSE TO SUBJECT / REQUESTING PARTY Abstract Architecture AGENT CONTROLLER SUBJECT REQUEST INGESTION IDENTITY VERIFICATION AUDIT TRAIL CONFIGURABLE POLICIES CONSISTENT PRIVACY METADATA ORCHESTRATION ENGINE
  • 19. An open source privacy standard for data labeling and policies that supports GDPR, CCPA, LGPD and ISO 19944 Explorer fid.es/taxonomy
  • 20. Using this standard privacy language you can describe… # What type of data your application processes (data_category) # How your system uses that data (data_use) # What policies or rules you want your systems to adhere to
  • 21. # Light-weight declarative language # Dot notation (mostly) # YAML in your projects (inline declarations coming soon) Fides Declarations # System operations data # User provided email address system.operations user.provided.identifiable.contact.email
  • 22. Fides Primitives Organizations 1. Represents all or any part of an organization. 2. Establishes the root of the resource hierarchy. 3. Organizations are unique, i.e. you cannot reference other organization scopes. # Organizations # Systems # Datasets # Policies
  • 23. # Organizations # Systems # Datasets # Policies Fides Primitives Systems 1. Represents the privacy properties of a single project, services, codebase or application. 2. Describes the categories of data being processed and use of the data in the system.
  • 24. # Organizations # Systems # Datasets # Policies Fides Primitives Datasets 1. Represent any location data is stored; databases, data warehouses or other stores. 2. You can declare individual fields of data and describe the types of data they are storing.
  • 25. # Organizations # Systems # Datasets # Policies Fides Primitives Policies 1. Represents a set of rules that a system must adhere to — your privacy policy as code. 2. Fidesctl evaluates these policies against system/dataset declarations for compliance.
  • 26. Intake API’s Product connectors Data Subject Interface Privacy request Intake Identity Graph Builder Request Fulfillment Services Policy execution of datastore Policy-generated Identity graph Stripe Billing Info Database & 3rd party adaptors Data package storage Response to subject Privacy request response S3Bucket SELECT * FROM CUSTOMERS WHERE email = ‘james@gmail.com’ Access Edit Erasure postgres.customers. stripe_id Programmatic DSR View CONSUMER / USER AGENT CONTROLLER SUBJECT
  • 27. Strong criteria for DSR orchestration # Deleting a user should be as seamless as creating a user # DSRs should be easy and free (for users and businesses) # DSRs should be scalable and a core feature of systems # Product and technology innovation should not break DSRs
  • 28. Takeaways: Engineering DSRs for Complexity # Data orchestration is easy… if you have a great data model # A consistent, interoperable labeling taxonomy is vital # Solve the problem upstream with CI enforced data labeling # Policy rules should be an abstraction of data orchestration
  • 29.
  • 30. + Open source privacy engineering platform ~ Free DSR orchestration platform ~ Standard for privacy metadata ~ Privacy labeling built for developers fid.es/join