SlideShare a Scribd company logo

Build a Privacy Program in 9 Steps

Download as PPTX, PDF
Daniel Ayala
Daniel Ayala

Privacy is a topic that inevitably emerges whenever people speak about technology or business. What is it, really? How can you build a program to support it and balance it within our businesses? This session will cover the basics of a privacy program for organisations, some of the more applicable regulations on privacy, how to find the right balance and how to begin to implement your program. We will also discuss how to position your privacy program as a business enabler, establish some lightweight internal governance processes as well as customer and employee communications and awareness, too. Bring your questions and cases to review and analyse.

Technology
1 of 46
Daniel Ayala (@buddhake) Managing Partner & Founder, Secratic How to Build a Privacy Program
© 2019 Secratic LLC.
Secratic was built on the premise that a strong bridge between information security and privacy and the broader company can help a business not just succeed, but flourish. Secratic provides strategic security and privacy advisory to growing companies through the benefit of decades of its global enterprise experience and helps its clients find the right balance in concert with the business at hand by acting as their outside CISO/CPO. By spending ample time getting to know these companies, Secratic uses that insight to give contextual, informed guidance on topics such as risk, compliance and incident response, and ensures that a company's security and privacy programs properly align with what the business needs and does. © 2019 Secratic LLC.
© 2019 Secratic LLC. https://maven.secratic.com
What is Privacy The state or condition of being free from observed or disturbed by other people.
Privacy in the News © 2019 Secratic LLC. https://www.theinformation.com/articles/apples-ad-targeting-crackdown-shakes-up-ad-market https://www.billboard.com/articles/business/legal-and-management/8545568/tiktok-class-action-lawsuit-child-privacy
Blockchain + Privacy = Conundrum
Blockchain Handdrawn © 2019 Secratic LLC.
Interconnected © 2019 Secratic LLC.
Blockchain + Privacy =Compliance = © 2019 Secratic LLC.
Step 1: Look At Yourself in the Mirror • What are your regulatory requirements? © 2019 Secratic LLC.
Inside Look: Regulatory Requirements © 2019 Secratic LLC. General Data Protection Regulation (GDPR) 12 Increased territorial scope Consent Breach notification Right to Access Right to be Forgotten Data Portability Privacy by Design Data Protection Officers
General Data Protection Regulation (GDPR) 13 Increased territorial scope Consent Breach notification Right to Access Right to be Forgotten Data Portability Privacy by Design Data Protection Officers© 2019 Secratic LLC.
https://iapp.org/resources/article/state-comparison-table/ © 2019 Secratic LLC.
Step 1: Look At Yourself in the Mirror • What are your regulatory requirements? • What jurisdictions are you operating in? © 2019 Secratic LLC.
Step 1: Look At Yourself in the Mirror • What are your regulatory requirements? • What jurisdictions are you operating in? • What is your customer culture? © 2019 Secratic LLC.
The Creepy Line http://creepyline.com
18 Security & Privacy Utility Balance © 2019 Secratic LLC.
Fully Private Fully Secure Fully Open Fully Collecting Utility Balance ??? Uninformed What do I pick? Huge utlity, huge data disclosure © 2019 Secratic LLC.
Fully Private Fully Secure Fully Open Fully Collecting Utility Now add in transparency Better informed Still want utility Might make better choices It’s clear what is collected It’s clear what it is used for It’s clear who they share it with It’s clear how long they keep it It’s presented so that average beings can read it quickly and clearly © 2019 Secratic LLC.
OMG! I can use w/o sharing everything? I can decide what to share? Fully Private Fully Secure Fully Open Fully Collecting Now add in transparency It’s clear what is collected It’s clear what it is used for It’s clear who they share it with It’s clear how long they keep it It’s presented so that average beings can read it quickly and clearly and choice! Utility © 2019 Secratic LLC.
Fully Private Fully Secure Fully Open Fully Collecting Finally, add trust (but verify) and accountability I can trust because I’ve verified They do what they say they do More value, more control Data security practises Depersonalisation (and even better, aggregation) Retention (GET RID OF IT FAST!) Use an identity that user’s care about and protect Utility © 2019 Secratic LLC.
Trust © 2019 Secratic LLC.
Step 1: Look At Yourself in the Mirror • What are your regulatory requirements? • What jurisdictions are you operating in? • What is your customer culture? • What is your company culture? © 2019 Secratic LLC.
Look Inside: Company Culture • Which type of company are you? • Data Slurper? • Risk Averse? • Bleeding Edge? • Fast Follower? • Data Economy Mandate? © 2019 Secratic LLC.
Step 1: Look At Yourself in the Mirror • What are your regulatory requirements? • What jurisdictions are you operating in? • What is your customer culture? • What is your company culture? • How can you build support for a privacy program? © 2019 Secratic LLC.
Look Inside: Build Support • Organisational change management mindset • Find ways to tie to business value • Competitive Advantage • Customer Sentiment/Trust • Enable Later (Ethical) Data Use © 2019 Secratic LLC.
Step 2: What Data Do You Have? • Inventory • Data Flow • What is Sensitive? • How is it Protected? © 2019 Secratic LLC.
Coexistence SecurityPrivacy
Step 3: What Do You Do With Your Data • How Does Data Move From System to System? • Who Do You Share It With? Why? • Who Has Access to It? • Who Processes It For You? • Have You Reviewed Their Security & Privacy Controls & Policies © 2019 Secratic LLC.
Step 4: Data Governance & Ethics • Data Use Institutional Review Board (IRB) • Ethical Boundaries Exercise • Who Is Responsible - The DPO • Annual Review (Frequency) © 2019 Secratic LLC.
Data Use IRB • Is it ethical? • How will data use interact with customers? • How will we use the data? • What do we really need? • What are the risks? • Is the data protected? • Is it lawful? • Are we protected? • What are the unintended consequence? Legal Security/ Privacy Marketing Business Leaders © 2019 Secratic LLC.
Step 4: Data Governance & Ethics • Data Use Institutional Review Board (IRB) • Ethical Boundaries Exercise • Who Is Responsible - The DPO • Annual Review (Frequency) © 2019 Secratic LLC.
Step 5: Privacy By Design • Integrate Reviews into Development Lifecycle • Integrate Reviews into Product Lifecycle • Tie Into Data Use IRB © 2019 Secratic LLC.
Remediation Done by Business/Technology • Privacy by Design (rolls into existing product management planning processes) • Data Pseudonymisation of individuals in storage, separation of people data • Data Retention (Define the length of keeping data, and purge accordingly) Personal data w/ Token ID Token ID Usage Records Demographic Aggregated Data Purge Data Regularly © 2019 Secratic LLC.
Remediation Done by Business/Technology • Clear, concise disclosure of data collected, processed, used, shared, and consent kept w/ recall • Cookie acceptance before cookie is dropped and consent w/ recall © 2019 Secratic LLC.
Remediation Done by Business/Technology • Request & process for what we know, right to be forgotten, data correction • Store personal data securely (access control, encryption, deletion) • Add link to privacy notice to all pages and applications © 2019 Secratic LLC.
Step 6: Educate Colleagues © 2019 Secratic LLC. Data Collection Data Use
Step 7: Communicate with Transparency • Privacy Policy • Descriptive Privacy Site • Build Trust & Customer Confidence • Privacy as a Business Differentiator • Data Subject Access Requests & Don’t Sell My Info © 2019 Secratic LLC.
Step 8: Documentation & Such • Register with Privacy Shield • Register with DPA in Europe • Declare Compliance with Any Others? • Document Data Flows & IRB Outcomes • Third Party Assessments (Both Security & Privacy) © 2019 Secratic LLC.
Step 9: Stay Informed • Privacy Laws & Changes • Bloomberg Law • News & Business Impacts • Privacy Maven (https://maven.secratic.com) • Lawfare • Lexology • Connect with your GC or Outside Counsel © 2019 Secratic LLC.
The Steps Look in the mirror What data do you have? What do you do with the data? Data governance and ethics Privacy by design Educate colleagues Communicate to customers Documentation Stay Informed
In Summary • Security, privacy and compliance are closer than ever and growing closer • Privacy is a topic that customers are taking seriously, and are part of business • Not only that, robust and transparent privacy can be business enablers • The privacy world is in a very large state of flux, especially in the US, so keep up to date on happenings around the states • You don’t have to boil the ocean to get a privacy programme going. Start with your most important data • Think about the ways that data use can be used for bad, along with how they can be used for good as they are developed. • Push back on the idea that if some data is good, then more data is better. Use Governance to agree on ethics, legal, security approach. Balance! • Depersonalization of data alone doesn’t actually keep it private • Location and biometrics will see increased challenge both in courts of law and courts of public opinion. • On privacy, be Gretsky: skate to where the puck is going, not where it is now. • Transparency and leaning into security, privacy and compliance in tech builds trust and reputation. © 2019 Secratic LLC.
Privacy is dead It’s still not great, but getting better NOT YET
The Future of Privacy Is Interesting
Have a moment? Please review this session In the event app. Thank you for coming! Nope! @buddhake /danielaayala

Recommended

DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDATAVERSITY
 
Identity, Security and Healthcare
Identity, Security and HealthcareIdentity, Security and Healthcare
Identity, Security and HealthcareNetIQ
 
Getting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensicsGetting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensicsDruva
 
Are You Being Anti-Social
Are You Being Anti-SocialAre You Being Anti-Social
Are You Being Anti-SocialNetIQ
 
Bring Your Own Identity
Bring Your Own IdentityBring Your Own Identity
Bring Your Own IdentityNetIQ
 
Planning Information Governance and Litigation Readiness
Planning Information Governance and Litigation ReadinessPlanning Information Governance and Litigation Readiness
Planning Information Governance and Litigation ReadinessRich Medina
 
Enterprise Discovery: Taking Control, Driving Change
Enterprise Discovery: Taking Control, Driving ChangeEnterprise Discovery: Taking Control, Driving Change
Enterprise Discovery: Taking Control, Driving ChangeIron Mountain
 
The value of big data analytics
The value of big data analyticsThe value of big data analytics
The value of big data analyticsMarc Vael
 

Recommended

DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDATAVERSITY
 
Identity, Security and Healthcare
Identity, Security and HealthcareIdentity, Security and Healthcare
Identity, Security and HealthcareNetIQ
 
Getting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensicsGetting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensicsDruva
 
Are You Being Anti-Social
Are You Being Anti-SocialAre You Being Anti-Social
Are You Being Anti-SocialNetIQ
 
Bring Your Own Identity
Bring Your Own IdentityBring Your Own Identity
Bring Your Own IdentityNetIQ
 
Planning Information Governance and Litigation Readiness
Planning Information Governance and Litigation ReadinessPlanning Information Governance and Litigation Readiness
Planning Information Governance and Litigation ReadinessRich Medina
 
Enterprise Discovery: Taking Control, Driving Change
Enterprise Discovery: Taking Control, Driving ChangeEnterprise Discovery: Taking Control, Driving Change
Enterprise Discovery: Taking Control, Driving ChangeIron Mountain
 
The value of big data analytics
The value of big data analyticsThe value of big data analytics
The value of big data analyticsMarc Vael
 
Information Governance
Information GovernanceInformation Governance
Information GovernanceAtle Skjekkeland
 
Information Governance – What Does a Modern Program Look Like?
Information Governance – What Does a Modern Program Look Like?Information Governance – What Does a Modern Program Look Like?
Information Governance – What Does a Modern Program Look Like?Winston & Strawn LLP
 
12th July GDPR event slides
12th July GDPR event slides12th July GDPR event slides
12th July GDPR event slidesExponential_e
 
The state of data privacy with dimensional research
The state of data privacy with dimensional research The state of data privacy with dimensional research
The state of data privacy with dimensional research Druva
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy ManagementTrustArc
 
Interested in working at Druva?
Interested in working at Druva?Interested in working at Druva?
Interested in working at Druva?Druva
 
2019 09-26 leveraging the power of automated intelligence for privacy management
2019 09-26 leveraging the power of automated intelligence for privacy management2019 09-26 leveraging the power of automated intelligence for privacy management
2019 09-26 leveraging the power of automated intelligence for privacy managementTrustArc
 
Principles of Holistic Information Governance
Principles of Holistic Information GovernancePrinciples of Holistic Information Governance
Principles of Holistic Information GovernancePHIGs Information Management Consulting Inc.
 
Information Governance -- Necessary Evil or a Bridge to the Future?
Information Governance -- Necessary Evil or a Bridge to the Future?Information Governance -- Necessary Evil or a Bridge to the Future?
Information Governance -- Necessary Evil or a Bridge to the Future?John Mancini
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdprExponential_e
 
Learning From IG Experts In Healthcare & Beyond: How To Start An Information ...
Learning From IG Experts In Healthcare & Beyond: How To Start An Information ...Learning From IG Experts In Healthcare & Beyond: How To Start An Information ...
Learning From IG Experts In Healthcare & Beyond: How To Start An Information ...Nick Inglis
 
2019-06-11 What New US State Laws Mean For Your Business
2019-06-11 What New US State Laws Mean For Your Business2019-06-11 What New US State Laws Mean For Your Business
2019-06-11 What New US State Laws Mean For Your BusinessTrustArc
 
Protecting Corporate Data When an Employee Leaves: Survey and Best Practices
Protecting Corporate Data When an Employee Leaves: Survey and Best PracticesProtecting Corporate Data When an Employee Leaves: Survey and Best Practices
Protecting Corporate Data When an Employee Leaves: Survey and Best PracticesDruva
 
Next Dimension: How to create a Cybersecurity Strategy
Next Dimension: How to create a Cybersecurity StrategyNext Dimension: How to create a Cybersecurity Strategy
Next Dimension: How to create a Cybersecurity StrategyNext Dimension Inc.
 
Automated Data Governance 101 - A Guide to Proactively Addressing Your Privac...
Automated Data Governance 101 - A Guide to Proactively Addressing Your Privac...Automated Data Governance 101 - A Guide to Proactively Addressing Your Privac...
Automated Data Governance 101 - A Guide to Proactively Addressing Your Privac...DATAVERSITY
 
Information Governance: Reducing Costs and Increasing Customer Satisfaction
Information Governance: Reducing Costs and Increasing Customer SatisfactionInformation Governance: Reducing Costs and Increasing Customer Satisfaction
Information Governance: Reducing Costs and Increasing Customer SatisfactionCapgemini
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideDLT Solutions
 
SPTechCon 2014 - Keep the Lawyers off Your Back:Where does eDiscover and Comp...
SPTechCon 2014 - Keep the Lawyers off Your Back:Where does eDiscover and Comp...SPTechCon 2014 - Keep the Lawyers off Your Back:Where does eDiscover and Comp...
SPTechCon 2014 - Keep the Lawyers off Your Back:Where does eDiscover and Comp...Jeff Willinger
 
2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliant2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliantTrustArc
 
Introduction to Ethics of Big Data
Introduction to Ethics of Big DataIntroduction to Ethics of Big Data
Introduction to Ethics of Big Data28 Burnside
 
How to Build a Privacy Program
How to Build a Privacy ProgramHow to Build a Privacy Program
How to Build a Privacy Programsecratic
 
Ethics in Data Management.pptx
Ethics in Data Management.pptxEthics in Data Management.pptx
Ethics in Data Management.pptxRavindra Babu
 

More Related Content

What's hot

Information Governance – What Does a Modern Program Look Like?
Information Governance – What Does a Modern Program Look Like?Information Governance – What Does a Modern Program Look Like?
Information Governance – What Does a Modern Program Look Like?Winston & Strawn LLP
 
12th July GDPR event slides
12th July GDPR event slides12th July GDPR event slides
12th July GDPR event slidesExponential_e
 
The state of data privacy with dimensional research
The state of data privacy with dimensional research The state of data privacy with dimensional research
The state of data privacy with dimensional research Druva
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy ManagementTrustArc
 
Interested in working at Druva?
Interested in working at Druva?Interested in working at Druva?
Interested in working at Druva?Druva
 
2019 09-26 leveraging the power of automated intelligence for privacy management
2019 09-26 leveraging the power of automated intelligence for privacy management2019 09-26 leveraging the power of automated intelligence for privacy management
2019 09-26 leveraging the power of automated intelligence for privacy managementTrustArc
 
Information Governance -- Necessary Evil or a Bridge to the Future?
Information Governance -- Necessary Evil or a Bridge to the Future?Information Governance -- Necessary Evil or a Bridge to the Future?
Information Governance -- Necessary Evil or a Bridge to the Future?John Mancini
 
Learning From IG Experts In Healthcare & Beyond: How To Start An Information ...
Learning From IG Experts In Healthcare & Beyond: How To Start An Information ...Learning From IG Experts In Healthcare & Beyond: How To Start An Information ...
Learning From IG Experts In Healthcare & Beyond: How To Start An Information ...Nick Inglis
 
2019-06-11 What New US State Laws Mean For Your Business
2019-06-11 What New US State Laws Mean For Your Business2019-06-11 What New US State Laws Mean For Your Business
2019-06-11 What New US State Laws Mean For Your BusinessTrustArc
 
Protecting Corporate Data When an Employee Leaves: Survey and Best Practices
Protecting Corporate Data When an Employee Leaves: Survey and Best PracticesProtecting Corporate Data When an Employee Leaves: Survey and Best Practices
Protecting Corporate Data When an Employee Leaves: Survey and Best PracticesDruva
 
Next Dimension: How to create a Cybersecurity Strategy
Next Dimension: How to create a Cybersecurity StrategyNext Dimension: How to create a Cybersecurity Strategy
Next Dimension: How to create a Cybersecurity StrategyNext Dimension Inc.
 
Automated Data Governance 101 - A Guide to Proactively Addressing Your Privac...
Automated Data Governance 101 - A Guide to Proactively Addressing Your Privac...Automated Data Governance 101 - A Guide to Proactively Addressing Your Privac...
Automated Data Governance 101 - A Guide to Proactively Addressing Your Privac...DATAVERSITY
 
Information Governance: Reducing Costs and Increasing Customer Satisfaction
Information Governance: Reducing Costs and Increasing Customer SatisfactionInformation Governance: Reducing Costs and Increasing Customer Satisfaction
Information Governance: Reducing Costs and Increasing Customer SatisfactionCapgemini
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideDLT Solutions
 
SPTechCon 2014 - Keep the Lawyers off Your Back:Where does eDiscover and Comp...
SPTechCon 2014 - Keep the Lawyers off Your Back:Where does eDiscover and Comp...SPTechCon 2014 - Keep the Lawyers off Your Back:Where does eDiscover and Comp...
SPTechCon 2014 - Keep the Lawyers off Your Back:Where does eDiscover and Comp...Jeff Willinger
 
2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliant2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliantTrustArc
 
Introduction to Ethics of Big Data
Introduction to Ethics of Big DataIntroduction to Ethics of Big Data
Introduction to Ethics of Big Data28 Burnside
 

What's hot (20)

Information Governance
Information GovernanceInformation Governance
Information Governance
 
Information Governance – What Does a Modern Program Look Like?
Information Governance – What Does a Modern Program Look Like?Information Governance – What Does a Modern Program Look Like?
Information Governance – What Does a Modern Program Look Like?
 
12th July GDPR event slides
12th July GDPR event slides12th July GDPR event slides
12th July GDPR event slides
 
The state of data privacy with dimensional research
The state of data privacy with dimensional research The state of data privacy with dimensional research
The state of data privacy with dimensional research
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management
 
Interested in working at Druva?
Interested in working at Druva?Interested in working at Druva?
Interested in working at Druva?
 
2019 09-26 leveraging the power of automated intelligence for privacy management
2019 09-26 leveraging the power of automated intelligence for privacy management2019 09-26 leveraging the power of automated intelligence for privacy management
2019 09-26 leveraging the power of automated intelligence for privacy management
 
Principles of Holistic Information Governance
Principles of Holistic Information GovernancePrinciples of Holistic Information Governance
Principles of Holistic Information Governance
 
Information Governance -- Necessary Evil or a Bridge to the Future?
Information Governance -- Necessary Evil or a Bridge to the Future?Information Governance -- Necessary Evil or a Bridge to the Future?
Information Governance -- Necessary Evil or a Bridge to the Future?
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdpr
 
Learning From IG Experts In Healthcare & Beyond: How To Start An Information ...
Learning From IG Experts In Healthcare & Beyond: How To Start An Information ...Learning From IG Experts In Healthcare & Beyond: How To Start An Information ...
Learning From IG Experts In Healthcare & Beyond: How To Start An Information ...
 
2019-06-11 What New US State Laws Mean For Your Business
2019-06-11 What New US State Laws Mean For Your Business2019-06-11 What New US State Laws Mean For Your Business
2019-06-11 What New US State Laws Mean For Your Business
 
Protecting Corporate Data When an Employee Leaves: Survey and Best Practices
Protecting Corporate Data When an Employee Leaves: Survey and Best PracticesProtecting Corporate Data When an Employee Leaves: Survey and Best Practices
Protecting Corporate Data When an Employee Leaves: Survey and Best Practices
 
Next Dimension: How to create a Cybersecurity Strategy
Next Dimension: How to create a Cybersecurity StrategyNext Dimension: How to create a Cybersecurity Strategy
Next Dimension: How to create a Cybersecurity Strategy
 
Automated Data Governance 101 - A Guide to Proactively Addressing Your Privac...
Automated Data Governance 101 - A Guide to Proactively Addressing Your Privac...Automated Data Governance 101 - A Guide to Proactively Addressing Your Privac...
Automated Data Governance 101 - A Guide to Proactively Addressing Your Privac...
 
Information Governance: Reducing Costs and Increasing Customer Satisfaction
Information Governance: Reducing Costs and Increasing Customer SatisfactionInformation Governance: Reducing Costs and Increasing Customer Satisfaction
Information Governance: Reducing Costs and Increasing Customer Satisfaction
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the Outside
 
SPTechCon 2014 - Keep the Lawyers off Your Back:Where does eDiscover and Comp...
SPTechCon 2014 - Keep the Lawyers off Your Back:Where does eDiscover and Comp...SPTechCon 2014 - Keep the Lawyers off Your Back:Where does eDiscover and Comp...
SPTechCon 2014 - Keep the Lawyers off Your Back:Where does eDiscover and Comp...
 
2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliant2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliant
 
Introduction to Ethics of Big Data
Introduction to Ethics of Big DataIntroduction to Ethics of Big Data
Introduction to Ethics of Big Data
 

Similar to Build a Privacy Program in 9 Steps

How to Build a Privacy Program
How to Build a Privacy ProgramHow to Build a Privacy Program
How to Build a Privacy Programsecratic
 
Ethics in Data Management.pptx
Ethics in Data Management.pptxEthics in Data Management.pptx
Ethics in Data Management.pptxRavindra Babu
 
Creating Trust for the Internet of Things
Creating Trust for the Internet of ThingsCreating Trust for the Internet of Things
Creating Trust for the Internet of ThingsPECB
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Jim Kaplan CIA CFE
 
Global Data Privacy Regulation
Global Data Privacy RegulationGlobal Data Privacy Regulation
Global Data Privacy RegulationJatin Kochhar
 
Privacy Policies: Guide to Protecting User Data
Privacy Policies: Guide to Protecting User DataPrivacy Policies: Guide to Protecting User Data
Privacy Policies: Guide to Protecting User DataPrivacyCenter.cloud
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issuesJagdeepSingh394
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?Jatin Kochhar
 
Sask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir FancySask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir FancySaskSummit
 
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Delphix
 
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...AIIM International
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
TrustArc-Webinar-Slides-2022-03-01-Is Your Privacy Program Ready for a Fundin...
TrustArc-Webinar-Slides-2022-03-01-Is Your Privacy Program Ready for a Fundin...TrustArc-Webinar-Slides-2022-03-01-Is Your Privacy Program Ready for a Fundin...
TrustArc-Webinar-Slides-2022-03-01-Is Your Privacy Program Ready for a Fundin...TrustArc
 
How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of ThingsHow We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of ThingsJason Hong
 
Discovery, Risk, and Insight in a Metadata-Driven World Webinar
Discovery, Risk, and Insight in a Metadata-Driven World WebinarDiscovery, Risk, and Insight in a Metadata-Driven World Webinar
Discovery, Risk, and Insight in a Metadata-Driven World WebinarConcept Searching, Inc
 
TrustArc Webinar: Privacy Management Made Simple
TrustArc Webinar: Privacy Management Made SimpleTrustArc Webinar: Privacy Management Made Simple
TrustArc Webinar: Privacy Management Made SimpleTrustArc
 
Data Privacy: The Hidden Beast within Mergers & Acquisitions
Data Privacy: The Hidden Beast within Mergers & AcquisitionsData Privacy: The Hidden Beast within Mergers & Acquisitions
Data Privacy: The Hidden Beast within Mergers & AcquisitionsTrustArc
 
Managing Information for Impact
Managing Information for ImpactManaging Information for Impact
Managing Information for ImpactDonny Shimamoto
 

Similar to Build a Privacy Program in 9 Steps (20)

How to Build a Privacy Program
How to Build a Privacy ProgramHow to Build a Privacy Program
How to Build a Privacy Program
 
Ethics in Data Management.pptx
Ethics in Data Management.pptxEthics in Data Management.pptx
Ethics in Data Management.pptx
 
Creating Trust for the Internet of Things
Creating Trust for the Internet of ThingsCreating Trust for the Internet of Things
Creating Trust for the Internet of Things
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10)
 
Global Data Privacy Regulation
Global Data Privacy RegulationGlobal Data Privacy Regulation
Global Data Privacy Regulation
 
Privacy Policies: Guide to Protecting User Data
Privacy Policies: Guide to Protecting User DataPrivacy Policies: Guide to Protecting User Data
Privacy Policies: Guide to Protecting User Data
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issues
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?
 
Sask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir FancySask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir Fancy
 
Principles of Holistic Information Governance - Presented to ARMA Edmonton Ja...
Principles of Holistic Information Governance - Presented to ARMA Edmonton Ja...Principles of Holistic Information Governance - Presented to ARMA Edmonton Ja...
Principles of Holistic Information Governance - Presented to ARMA Edmonton Ja...
 
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
 
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
TrustArc-Webinar-Slides-2022-03-01-Is Your Privacy Program Ready for a Fundin...
TrustArc-Webinar-Slides-2022-03-01-Is Your Privacy Program Ready for a Fundin...TrustArc-Webinar-Slides-2022-03-01-Is Your Privacy Program Ready for a Fundin...
TrustArc-Webinar-Slides-2022-03-01-Is Your Privacy Program Ready for a Fundin...
 
How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of ThingsHow We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
 
Discovery, Risk, and Insight in a Metadata-Driven World Webinar
Discovery, Risk, and Insight in a Metadata-Driven World WebinarDiscovery, Risk, and Insight in a Metadata-Driven World Webinar
Discovery, Risk, and Insight in a Metadata-Driven World Webinar
 
TrustArc Webinar: Privacy Management Made Simple
TrustArc Webinar: Privacy Management Made SimpleTrustArc Webinar: Privacy Management Made Simple
TrustArc Webinar: Privacy Management Made Simple
 
Data Privacy: The Hidden Beast within Mergers & Acquisitions
Data Privacy: The Hidden Beast within Mergers & AcquisitionsData Privacy: The Hidden Beast within Mergers & Acquisitions
Data Privacy: The Hidden Beast within Mergers & Acquisitions
 
Protect Your Firm: Knowledge, Process, Policy and Action
Protect Your Firm: Knowledge, Process, Policy and ActionProtect Your Firm: Knowledge, Process, Policy and Action
Protect Your Firm: Knowledge, Process, Policy and Action
 
Managing Information for Impact
Managing Information for ImpactManaging Information for Impact
Managing Information for Impact
 

Recently uploaded

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

Recently uploaded (20)

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 

Build a Privacy Program in 9 Steps

  • 1. Daniel Ayala (@buddhake) Managing Partner & Founder, Secratic How to Build a Privacy Program
  • 3. Secratic was built on the premise that a strong bridge between information security and privacy and the broader company can help a business not just succeed, but flourish. Secratic provides strategic security and privacy advisory to growing companies through the benefit of decades of its global enterprise experience and helps its clients find the right balance in concert with the business at hand by acting as their outside CISO/CPO. By spending ample time getting to know these companies, Secratic uses that insight to give contextual, informed guidance on topics such as risk, compliance and incident response, and ensures that a company's security and privacy programs properly align with what the business needs and does. © 2019 Secratic LLC.
  • 4. © 2019 Secratic LLC. https://maven.secratic.com
  • 5. What is Privacy The state or condition of being free from observed or disturbed by other people.
  • 6. Privacy in the News © 2019 Secratic LLC. https://www.theinformation.com/articles/apples-ad-targeting-crackdown-shakes-up-ad-market https://www.billboard.com/articles/business/legal-and-management/8545568/tiktok-class-action-lawsuit-child-privacy
  • 7. Blockchain + Privacy = Conundrum
  • 10. Blockchain + Privacy =Compliance = © 2019 Secratic LLC.
  • 11. Step 1: Look At Yourself in the Mirror • What are your regulatory requirements? © 2019 Secratic LLC.
  • 12. Inside Look: Regulatory Requirements © 2019 Secratic LLC. General Data Protection Regulation (GDPR) 12 Increased territorial scope Consent Breach notification Right to Access Right to be Forgotten Data Portability Privacy by Design Data Protection Officers
  • 13. General Data Protection Regulation (GDPR) 13 Increased territorial scope Consent Breach notification Right to Access Right to be Forgotten Data Portability Privacy by Design Data Protection Officers© 2019 Secratic LLC.
  • 15. Step 1: Look At Yourself in the Mirror • What are your regulatory requirements? • What jurisdictions are you operating in? © 2019 Secratic LLC.
  • 16. Step 1: Look At Yourself in the Mirror • What are your regulatory requirements? • What jurisdictions are you operating in? • What is your customer culture? © 2019 Secratic LLC.
  • 19. Fully Private Fully Secure Fully Open Fully Collecting Utility Balance ??? Uninformed What do I pick? Huge utlity, huge data disclosure © 2019 Secratic LLC.
  • 20. Fully Private Fully Secure Fully Open Fully Collecting Utility Now add in transparency Better informed Still want utility Might make better choices It’s clear what is collected It’s clear what it is used for It’s clear who they share it with It’s clear how long they keep it It’s presented so that average beings can read it quickly and clearly © 2019 Secratic LLC.
  • 21. OMG! I can use w/o sharing everything? I can decide what to share? Fully Private Fully Secure Fully Open Fully Collecting Now add in transparency It’s clear what is collected It’s clear what it is used for It’s clear who they share it with It’s clear how long they keep it It’s presented so that average beings can read it quickly and clearly and choice! Utility © 2019 Secratic LLC.
  • 22. Fully Private Fully Secure Fully Open Fully Collecting Finally, add trust (but verify) and accountability I can trust because I’ve verified They do what they say they do More value, more control Data security practises Depersonalisation (and even better, aggregation) Retention (GET RID OF IT FAST!) Use an identity that user’s care about and protect Utility © 2019 Secratic LLC.
  • 24. Step 1: Look At Yourself in the Mirror • What are your regulatory requirements? • What jurisdictions are you operating in? • What is your customer culture? • What is your company culture? © 2019 Secratic LLC.
  • 25. Look Inside: Company Culture • Which type of company are you? • Data Slurper? • Risk Averse? • Bleeding Edge? • Fast Follower? • Data Economy Mandate? © 2019 Secratic LLC.
  • 26. Step 1: Look At Yourself in the Mirror • What are your regulatory requirements? • What jurisdictions are you operating in? • What is your customer culture? • What is your company culture? • How can you build support for a privacy program? © 2019 Secratic LLC.
  • 27. Look Inside: Build Support • Organisational change management mindset • Find ways to tie to business value • Competitive Advantage • Customer Sentiment/Trust • Enable Later (Ethical) Data Use © 2019 Secratic LLC.
  • 28. Step 2: What Data Do You Have? • Inventory • Data Flow • What is Sensitive? • How is it Protected? © 2019 Secratic LLC.
  • 30. Step 3: What Do You Do With Your Data • How Does Data Move From System to System? • Who Do You Share It With? Why? • Who Has Access to It? • Who Processes It For You? • Have You Reviewed Their Security & Privacy Controls & Policies © 2019 Secratic LLC.
  • 31. Step 4: Data Governance & Ethics • Data Use Institutional Review Board (IRB) • Ethical Boundaries Exercise • Who Is Responsible - The DPO • Annual Review (Frequency) © 2019 Secratic LLC.
  • 32. Data Use IRB • Is it ethical? • How will data use interact with customers? • How will we use the data? • What do we really need? • What are the risks? • Is the data protected? • Is it lawful? • Are we protected? • What are the unintended consequence? Legal Security/ Privacy Marketing Business Leaders © 2019 Secratic LLC.
  • 33. Step 4: Data Governance & Ethics • Data Use Institutional Review Board (IRB) • Ethical Boundaries Exercise • Who Is Responsible - The DPO • Annual Review (Frequency) © 2019 Secratic LLC.
  • 34. Step 5: Privacy By Design • Integrate Reviews into Development Lifecycle • Integrate Reviews into Product Lifecycle • Tie Into Data Use IRB © 2019 Secratic LLC.
  • 35. Remediation Done by Business/Technology • Privacy by Design (rolls into existing product management planning processes) • Data Pseudonymisation of individuals in storage, separation of people data • Data Retention (Define the length of keeping data, and purge accordingly) Personal data w/ Token ID Token ID Usage Records Demographic Aggregated Data Purge Data Regularly © 2019 Secratic LLC.
  • 36. Remediation Done by Business/Technology • Clear, concise disclosure of data collected, processed, used, shared, and consent kept w/ recall • Cookie acceptance before cookie is dropped and consent w/ recall © 2019 Secratic LLC.
  • 37. Remediation Done by Business/Technology • Request & process for what we know, right to be forgotten, data correction • Store personal data securely (access control, encryption, deletion) • Add link to privacy notice to all pages and applications © 2019 Secratic LLC.
  • 38. Step 6: Educate Colleagues © 2019 Secratic LLC. Data Collection Data Use
  • 39. Step 7: Communicate with Transparency • Privacy Policy • Descriptive Privacy Site • Build Trust & Customer Confidence • Privacy as a Business Differentiator • Data Subject Access Requests & Don’t Sell My Info © 2019 Secratic LLC.
  • 40. Step 8: Documentation & Such • Register with Privacy Shield • Register with DPA in Europe • Declare Compliance with Any Others? • Document Data Flows & IRB Outcomes • Third Party Assessments (Both Security & Privacy) © 2019 Secratic LLC.
  • 41. Step 9: Stay Informed • Privacy Laws & Changes • Bloomberg Law • News & Business Impacts • Privacy Maven (https://maven.secratic.com) • Lawfare • Lexology • Connect with your GC or Outside Counsel © 2019 Secratic LLC.
  • 42. The Steps Look in the mirror What data do you have? What do you do with the data? Data governance and ethics Privacy by design Educate colleagues Communicate to customers Documentation Stay Informed
  • 43. In Summary • Security, privacy and compliance are closer than ever and growing closer • Privacy is a topic that customers are taking seriously, and are part of business • Not only that, robust and transparent privacy can be business enablers • The privacy world is in a very large state of flux, especially in the US, so keep up to date on happenings around the states • You don’t have to boil the ocean to get a privacy programme going. Start with your most important data • Think about the ways that data use can be used for bad, along with how they can be used for good as they are developed. • Push back on the idea that if some data is good, then more data is better. Use Governance to agree on ethics, legal, security approach. Balance! • Depersonalization of data alone doesn’t actually keep it private • Location and biometrics will see increased challenge both in courts of law and courts of public opinion. • On privacy, be Gretsky: skate to where the puck is going, not where it is now. • Transparency and leaning into security, privacy and compliance in tech builds trust and reputation. © 2019 Secratic LLC.
  • 44. Privacy is dead It’s still not great, but getting better NOT YET
  • 45. The Future of Privacy Is Interesting
  • 46. Have a moment? Please review this session In the event app. Thank you for coming! Nope! @buddhake /danielaayala

Editor's Notes

  1. Clear the myth: Privacy is dead Good news: It’s not dead yet. EU is driving a new way of thinking Bad news: Still not great in the USA Refer to Apple billboard at CES in 2019, apple card marketing
  2. Public & Private – different but same Plan ahead on the way you architect blockchain solutions. If personal info is included in the blockchain, you can’t undo it
  3. Integrity and Availability are pretty well taken care of in Blockchain, but what about Confidentiality? The biggest issues, as in many technology efforts comes down to how the technology is architected and established from the beginning. As Blockchain has permanent (immutable) and perpetual life, if the information stored on the blockchain or the crypto used to protect it is not futureproofed. GDPR/CCPA also has some very significant conflicts with blockchain: entries can NOT be deleted, or amended. No DSAR request can change that. So that means using blockchain for storing personal info is a GDPR nonstarter. There are some approaches when looking at private blockchains, but the tradeoffs are pretty significant including lack of transparency, forced control of the copies of the blockchain, and a lot more complex infrastructure subject to error/attack vectors
  4. So ill leave you with two concepts that are also part of securing and managing and protecting the privacy of data.
  5. Clear the myth: Privacy is dead Good news: It’s not dead yet. EU is driving a new way of thinking Bad news: Still not great in the USA Refer to Apple billboard at CES in 2019, apple card marketing