Your data is showing

Agree?
There is an increased focus on privacy of
consumer data.
IronCore | @cipher_sift

Breach
Regulation
Decentralization

Madison
Kerndt
Software Engineer,
IronCore Labs

1 Current state of privacy
(or lack there of)

Data proliferates.

Spent millions on security
Equifax
High complexity:
new, legacy, & acquired systems
30 chances to stop the breach
Equifax failed to implement an
adequate security program to
protect sensitive data. As a
result, Equifax allowed one of
the largest data breaches in
U.S. history.
Such a breach was entirely
preventable.
“

Microsoft Bing access to
every user’s list of friends
Facebook claims it doesn’t sell your data — But Facebook GAVE
Netﬂix & Spotify access to all
users’ private messages
Amazon access to user
contact information
Equifax failed to implement an
adequate security program to
protect sensitive data. As a
result, Equifax allowed one of
the largest data breaches in
U.S. history.
Such a breach was entirely
preventable.
“Considered partners
“extensions of itself” —
not third-parties for
privacy policy
Yahoo access to posts &
friends’ posts
Similar deals with Apple &
Google*

Facebook stops using GPS
Facebook claims you can opt out of location tracking — but not really.
Instead uses your IP to
geolocate you
You can’t disable location-
based ads

Companies are irresponsible with data &
undermine consumer trust.
Global public & regulatory backlash.
to

We are the collateral damage.

Decentralization of authority
Blockchain technology is part of the backlash — born out of the ethos of…
Reconstruction of behavior
Blockchain gives you the
actual power to aﬀect
change in the world.
“
What we are trying to stop is
simple. We are trying to stop
the abuse of power.
“
Lauri Love
Hacktivist
Vinay Gupta
Mattereum CEO
Freedom of information

2 Implications on the
software you build

Be honest
what data does your software hold?

Username
Data covered by GDPR & CCPA
Email
IP Addresses
Location
Address
Health
Financials
Sexual orientation
Any
user generated
content

GDPR Article 25
Data protection by design & by default.

Minimization.

Document
Document your processes to show that you
designed with security and privacy in mind.

GDPR Article 32
Security of processing.

Pseudonymisation.

Weather Channel turns on
location data
Package up data and sell
It’s not right to have consumers
kept in the dark about how
their data is sold and shared
and then leave them unable to
do anything about it.
“
Ron Wyden
Senator of OR.
Trivial to re-identify
Easily reversible deidentiﬁed data for sale

Encryption.

Three patterns — how to encrypt sensitive data
1. Server-side proxy
2. Server side application
3. Client-side encryption

Server-side proxy
{
ACL
Audit
Encryption

Proxy
Application
File Store

Server-side application
{
ACL
Audit
Application
Encryption

Service
File Store

Client-side application
{
ACL
Audit
Encryption

Service
Application
Encryption

Service
Billing

Service

No access to plaintext even
with access to database
Unavoidable point of access control & logging
Audit for every access
Critically important for
regulatory compliance
{
ACL
Audit
Encryption

Service

GDPR Article 17
Right to erasure.

Backup solutions that support
GDPR erasure
Backup products with built in GDPR features
Controlled and audited
access to backups

GDPR Article 7
Conditions for consent.

Granular consent
Tools to manage granular consent
Tracks legal right to have data
Tracks consent for updates to
privacy policy, retention
periods, and who data is
shared with

Thanks for
being here.
February 7, 2019
Denver, CO

Your data is showing.
IRONCORE LABS
IRONCORELABS.COM | @IRONCORELABS

Your data is showing

More Related Content

What's hot

Similar to Your data is showing

Recently uploaded

Your data is showing