Is your application private by design and by default? Once an afterthought, privacy is now a critical software requirement. In this talk, you will learn about:
* Emerging privacy regulations (GDPR & CCPA)
* Privacy rights and how they impact your software (transparency & revocation)
* How to architect data privacy into your applications
After this talk, you will know how to build your app with data privacy and security in mind.
10. Spent millions on security
Equifax
High complexity:
new, legacy, & acquired systems
30 chances to stop the breach
Equifax failed to implement an
adequate security program to
protect sensitive data. As a
result, Equifax allowed one of
the largest data breaches in
U.S. history.
Such a breach was entirely
preventable.
“
IronCore | @cipher_sift
12. Microsoft Bing access to
every user’s list of friends
Facebook claims it doesn’t sell your data — But Facebook GAVE
Netflix & Spotify access to all
users’ private messages
Amazon access to user
contact information
Equifax failed to implement an
adequate security program to
protect sensitive data. As a
result, Equifax allowed one of
the largest data breaches in
U.S. history.
Such a breach was entirely
preventable.
“Considered partners
“extensions of itself” —
not third-parties for
privacy policy
Yahoo access to posts &
friends’ posts
Similar deals with Apple &
Google*
IronCore | @cipher_sift
13. Facebook stops using GPS
Facebook claims you can opt out of location tracking — but not really.
Instead uses your IP to
geolocate you
You can’t disable location-
based ads
IronCore | @cipher_sift
14. Companies are irresponsible with data &
undermine consumer trust.
Global public & regulatory backlash.
to
IronCore | @cipher_sift
15. We are the collateral damage.
IronCore | @cipher_sift
19. Decentralization of authority
Blockchain technology is part of the backlash — born out of the ethos of…
Reconstruction of behavior
Blockchain gives you the
actual power to affect
change in the world.
“
What we are trying to stop is
simple. We are trying to stop
the abuse of power.
“
Lauri Love
Hacktivist
Vinay Gupta
Mattereum CEO
Freedom of information
IronCore | @cipher_sift
24. Username
Data covered by GDPR & CCPA
Email
IP Addresses
Location
Address
Health
Financials
Sexual orientation
Any
user generated
content
IronCore | @cipher_sift
31. Weather Channel turns on
location data
Package up data and sell
It’s not right to have consumers
kept in the dark about how
their data is sold and shared
and then leave them unable to
do anything about it.
“
Ron Wyden
Senator of OR.
Trivial to re-identify
Easily reversible deidentified data for sale
IronCore | @cipher_sift
38. No access to plaintext even
with access to database
Unavoidable point of access control & logging
Audit for every access
Critically important for
regulatory compliance
{
ACL
Audit
Encryption
Service
IronCore | @cipher_sift
42. Backup solutions that support
GDPR erasure
Backup products with built in GDPR features
IronCore | @cipher_sift
Controlled and audited
access to backups
44. Granular consent
Tools to manage granular consent
Tracks legal right to have data
Tracks consent for updates to
privacy policy, retention
periods, and who data is
shared with
IronCore | @cipher_sift