SlideShare una empresa de Scribd logo

Privacy by Design as a system design strategy - EIC 2019

Descargar como PPTX, PDF
Sagara Gunathunga
Sagara Gunathunga

Privacy by Design as a system design strategy - EIC 2019

Tecnología
1 de 39
Privacy By Design as a System Design Strategy Sagara Gunathunga Director, WSO2 sagara@wso2.com
About Me ● Director of Identity & Access Management at WSO2 ● Mainly focuses on WSO2 Identity and Access Management (IAM) offerings ● Core member of WSO2's effort in making its products and business processes GDPR compliant ● PMC member and committer for a number of Apache projects including Apache Axis2 and Apache Web Services
One Global Market
Global Privacy Outlook D Data Protection Act PIPEDA Privacy Act of 1988 HIPAA, COPPA, CCPA, etc.. Information Technology Act Personal Information Protection Act Personal Data Protection Bill POPI
Privacy is a Fundamental Human Right: GDPR
Take Back Control Of Your Personal Information: Ccpa
7 GDPR CCPA DPA One Way To Look At This Challenge
An Alternative Way to Look at the Problem
Privacy by Design (PbD) Principles 1 2 3 4 5 6 7 Proactive not reactive - preventative not remedical Lead with privacy as the default setting Embed privacy into design Retain full functionality(positive-sum, not zero-sum) Ensure end-to-end security Maintain visibility and transparency-keep it open Respect user privacy-keep it user-centric
Well… How can we Put These Principles into ACTION
Separate Personal Data (PII) from Other Business Data
12 Personal Data (PII)
A Typical System of a Business Organization Personal information is scattered all over the system
A Typical System of a Business Organization Personal information (user data) is scattered all over the system
● Number of systems to protect ● Number of systems to modify and replace to support privacy standards ● Personal data removal needs changes in multiple places ● Increased chance of personal data breaches A Typical System Of A Business Organization
Solution Move all the personal information (user data) into a separate system so that other applications can look-up user data on demand
● Reduce development and maintenance cost ● Reduce development and maintenance time ● Reduce system complexity ● Reduce the chance of personal data breaches ● Can adopt to future expansions easily Solution
Wait... My Organization Uses A Number Of Cloud Applications ?
Solution Most cloud applications today facilitate connecting to your corporate user management system as a trusted identity provider (trusted IdP)
Apply Anonymization and Pseudonymization into your Design
Anonymization Vs Pseudonymization Anonymization X Medical Report Medical Report John Doe SID536262 Pseudonymization Medical Report Medical Report John Doe SID536262 Name SID John Doe SID536262
Apply Anonymization and Pseudonymization into your Design System-Id Identity and Access Management System
Use Standard Protocols and Security Tokens for PII Sharing
Standard Protocols and Security Tokens ● Use standard transport security protocols and latested tools ○ TLS/SSL ○ Strong algorithm and key for hashing/encryption ● Use standard protocols ○ SAML ○ OAuth2/OIDC ○ WS-Federation ● Use standard security tokens over custom tokens ○ SAML tokens ○ JWT, OIDC IDToken
Standard Protocols and Security Tokens
Pick the Correct Token Type ● OAuth2 Bearer By Reference ● SAML 2.0 ● JWT ● OIDC IDToken By Value
Consideration for PII Repository Design
Provide Transparency Be transparent on ‘why’ you need specific PII data, how do you going to store and process, how long you retain those data. Source : https://startwithwhy.com/
Provide Transparency Source : https://startwithwhy.com/ Example, in a mobile application, ● Clearly show ‘location service’ icon when the app utilize customer location. ● Clearly show ‘bluetooth’ icon when the app communicate with another device via bluetooth.
Minimize PII data collection and storing ● Make sure to capture absolutely necessary set of PII only for current purposes. ● Consider data retention policy and implement data removal logic as a core requirement. ● Preference on storing results instead of raw PII data. ● Try to depend on system generated ids for identification. ● Use hashing and encryption whenever possible on PII data.
Minimize PII Data Collection and Storing Example : In a restaurant recommendation application, capture nearest city for processing instead of exact coordination of the user. Example : In a mobile application, use system generated id to track usages data of the application instead of mobile number or IMEI id.
Focus on Consent Management
Focus on Consent Management
Make Customer in Control on Own Data
Make Customer in Control on Their Data
Solution Provide a self-care user portal for users so that they can exercise their individual rights
Solution ● Individuals can access, modify, and remove their personal information ● Data processing activities can be informed and made transparent ● Individuals can download a copy of their personal data ● Can have a medium to submit ‘forget-me’ requests
References ● https://wso2.com/solutions/regulatory-compliance/gdpr/ ● https://docs.wso2.com/display/IS550/General+Data+Protection+Regulation ● https://ec.europa.eu/justice/smedataprotect/index_en.htm ● https://www.smashingmagazine.com/2017/07/privacy-by-design-framework/
THANK YOU wso2.com

Recomendados

Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artJames Mulhern
 
Privacy by Design: White Papaer
Privacy by Design: White PapaerPrivacy by Design: White Papaer
Privacy by Design: White PapaerKristyn Greenwood
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by DesignUnisys Corporation
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
 
Enlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter GridEnlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter Gridbradley_g
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by designTommy Vandepitte
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetupIshay Tentser
 
Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Trish McGinity, CCSK
 

Recomendados

Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artJames Mulhern
 
Privacy by Design: White Papaer
Privacy by Design: White PapaerPrivacy by Design: White Papaer
Privacy by Design: White PapaerKristyn Greenwood
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by DesignUnisys Corporation
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
 
Enlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter GridEnlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter Gridbradley_g
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by designTommy Vandepitte
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetupIshay Tentser
 
Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Trish McGinity, CCSK
 
Privacy by design
Privacy by designPrivacy by design
Privacy by designblogzilla
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Designbradley_g
 
Privacy by design
Privacy by designPrivacy by design
Privacy by designMichelangelo van Dam
 
GDPR project board deck (example)
GDPR project board deck (example)GDPR project board deck (example)
GDPR project board deck (example)Tommy Vandepitte
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers Gary Dodson
 
Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Otherbradley_g
 
Big data security challenges and recommendations!
Big data security challenges and recommendations!Big data security challenges and recommendations!
Big data security challenges and recommendations!cisoplatform
 
Security bigdata
Security bigdataSecurity bigdata
Security bigdataJitendra Chauhan
 
Privacy by design
Privacy by designPrivacy by design
Privacy by designMichelangelo van Dam
 
Continuous Compliance 14.9.2016
Continuous Compliance 14.9.2016Continuous Compliance 14.9.2016
Continuous Compliance 14.9.2016Digia Plc
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014kevintsmith
 
Wearable technologies, privacy and intellectual property rights
Wearable technologies, privacy and intellectual property rightsWearable technologies, privacy and intellectual property rights
Wearable technologies, privacy and intellectual property rightsGiulio Coraggio
 
How privacy by design can be the key of your success at the time of the digit...
How privacy by design can be the key of your success at the time of the digit...How privacy by design can be the key of your success at the time of the digit...
How privacy by design can be the key of your success at the time of the digit...Giulio Coraggio
 
Towards Privacy by Design. Key issues to unlock science.
Towards Privacy by Design. Key issues to unlock science.Towards Privacy by Design. Key issues to unlock science.
Towards Privacy by Design. Key issues to unlock science.Marlon Domingus
 
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...Giulio Coraggio
 
Big security for big data
Big security for big dataBig security for big data
Big security for big dataAri Elias-Bachrach
 
Big Data & Privacy
Big Data & PrivacyBig Data & Privacy
Big Data & PrivacyAbzetdin Adamov
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinSridhar Karnam
 
Mobile Devices and Internet of Things
Mobile Devices and Internet of ThingsMobile Devices and Internet of Things
Mobile Devices and Internet of ThingsPaul Hastings
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law Priyanka Aash
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityPriyanka Aash
 
Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...
Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...
Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...PaaSword EU Project
 

Más contenido relacionado

La actualidad más candente

Privacy by design
Privacy by designPrivacy by design
Privacy by designblogzilla
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Designbradley_g
 
GDPR project board deck (example)
GDPR project board deck (example)GDPR project board deck (example)
GDPR project board deck (example)Tommy Vandepitte
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers Gary Dodson
 
Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Otherbradley_g
 
Big data security challenges and recommendations!
Big data security challenges and recommendations!Big data security challenges and recommendations!
Big data security challenges and recommendations!cisoplatform
 
Continuous Compliance 14.9.2016
Continuous Compliance 14.9.2016Continuous Compliance 14.9.2016
Continuous Compliance 14.9.2016Digia Plc
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014kevintsmith
 
Wearable technologies, privacy and intellectual property rights
Wearable technologies, privacy and intellectual property rightsWearable technologies, privacy and intellectual property rights
Wearable technologies, privacy and intellectual property rightsGiulio Coraggio
 
How privacy by design can be the key of your success at the time of the digit...
How privacy by design can be the key of your success at the time of the digit...How privacy by design can be the key of your success at the time of the digit...
How privacy by design can be the key of your success at the time of the digit...Giulio Coraggio
 
Towards Privacy by Design. Key issues to unlock science.
Towards Privacy by Design. Key issues to unlock science.Towards Privacy by Design. Key issues to unlock science.
Towards Privacy by Design. Key issues to unlock science.Marlon Domingus
 
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...Giulio Coraggio
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinSridhar Karnam
 
Mobile Devices and Internet of Things
Mobile Devices and Internet of ThingsMobile Devices and Internet of Things
Mobile Devices and Internet of ThingsPaul Hastings
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law Priyanka Aash
 

La actualidad más candente (20)

Privacy by design
Privacy by designPrivacy by design
Privacy by design
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Design
 
Privacy by design
Privacy by designPrivacy by design
Privacy by design
 
GDPR project board deck (example)
GDPR project board deck (example)GDPR project board deck (example)
GDPR project board deck (example)
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
 
Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other
 
Big data security challenges and recommendations!
Big data security challenges and recommendations!Big data security challenges and recommendations!
Big data security challenges and recommendations!
 
Security bigdata
Security bigdataSecurity bigdata
Security bigdata
 
Privacy by design
Privacy by designPrivacy by design
Privacy by design
 
Continuous Compliance 14.9.2016
Continuous Compliance 14.9.2016Continuous Compliance 14.9.2016
Continuous Compliance 14.9.2016
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
 
Wearable technologies, privacy and intellectual property rights
Wearable technologies, privacy and intellectual property rightsWearable technologies, privacy and intellectual property rights
Wearable technologies, privacy and intellectual property rights
 
How privacy by design can be the key of your success at the time of the digit...
How privacy by design can be the key of your success at the time of the digit...How privacy by design can be the key of your success at the time of the digit...
How privacy by design can be the key of your success at the time of the digit...
 
Towards Privacy by Design. Key issues to unlock science.
Towards Privacy by Design. Key issues to unlock science.Towards Privacy by Design. Key issues to unlock science.
Towards Privacy by Design. Key issues to unlock science.
 
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
 
Big security for big data
Big security for big dataBig security for big data
Big security for big data
 
Big Data & Privacy
Big Data & PrivacyBig Data & Privacy
Big Data & Privacy
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy Franklin
 
Mobile Devices and Internet of Things
Mobile Devices and Internet of ThingsMobile Devices and Internet of Things
Mobile Devices and Internet of Things
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law
 

Similar a Privacy by Design as a system design strategy - EIC 2019

Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityPriyanka Aash
 
Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...
Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...
Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...PaaSword EU Project
 
Accelerating Your GDPR Compliance with the WSO2 Platform
Accelerating Your GDPR Compliance with the WSO2 PlatformAccelerating Your GDPR Compliance with the WSO2 Platform
Accelerating Your GDPR Compliance with the WSO2 PlatformWSO2
 
How Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR complianceHow Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR complianceCloudera, Inc.
 
Check Point: Defining Your Security blueprint
Check Point: Defining Your Security blueprint Check Point: Defining Your Security blueprint
Check Point: Defining Your Security blueprint Group of company MUK
 
Creating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout PlanCreating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout PlanMediacurrent
 
Smarter Experimentation with Fully Integrated Data
Smarter Experimentation with Fully Integrated DataSmarter Experimentation with Fully Integrated Data
Smarter Experimentation with Fully Integrated DataOptimizely
 
Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Sebastien Deleersnyder
 
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, RubrikVMUG IT
 
Analyst Webinar: Best Practices In Enabling Data-Driven Decision Making
Analyst Webinar: Best Practices In Enabling Data-Driven Decision MakingAnalyst Webinar: Best Practices In Enabling Data-Driven Decision Making
Analyst Webinar: Best Practices In Enabling Data-Driven Decision MakingDenodo
 
Agile Mumbai 2022 - Balvinder Kaur & Sushant Joshi | Real-Time Insights and A...
Agile Mumbai 2022 - Balvinder Kaur & Sushant Joshi | Real-Time Insights and A...Agile Mumbai 2022 - Balvinder Kaur & Sushant Joshi | Real-Time Insights and A...
Agile Mumbai 2022 - Balvinder Kaur & Sushant Joshi | Real-Time Insights and A...AgileNetwork
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec
 
Trustable Tech Mark / Magic Monday at Casa Jasmina Torino
Trustable Tech Mark / Magic Monday at Casa Jasmina TorinoTrustable Tech Mark / Magic Monday at Casa Jasmina Torino
Trustable Tech Mark / Magic Monday at Casa Jasmina TorinoPeter Bihr
 
Internet of Things With Privacy in Mind
Internet of Things With Privacy in MindInternet of Things With Privacy in Mind
Internet of Things With Privacy in MindGosia Fraser
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRMatt Stubbs
 
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) planCWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) planCapgemini
 
TLabs - deutsche telekom
TLabs - deutsche telekomTLabs - deutsche telekom
TLabs - deutsche telekomChristina Azzam
 
GDPR Noncompliance: Avoid the Risk with Data Virtualization
GDPR Noncompliance: Avoid the Risk with Data VirtualizationGDPR Noncompliance: Avoid the Risk with Data Virtualization
GDPR Noncompliance: Avoid the Risk with Data VirtualizationDenodo
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec
 
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdprSharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdprSharp Cookie Advisors
 

Similar a Privacy by Design as a system design strategy - EIC 2019 (20)

Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
 
Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...
Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...
Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...
 
Accelerating Your GDPR Compliance with the WSO2 Platform
Accelerating Your GDPR Compliance with the WSO2 PlatformAccelerating Your GDPR Compliance with the WSO2 Platform
Accelerating Your GDPR Compliance with the WSO2 Platform
 
How Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR complianceHow Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR compliance
 
Check Point: Defining Your Security blueprint
Check Point: Defining Your Security blueprint Check Point: Defining Your Security blueprint
Check Point: Defining Your Security blueprint
 
Creating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout PlanCreating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout Plan
 
Smarter Experimentation with Fully Integrated Data
Smarter Experimentation with Fully Integrated DataSmarter Experimentation with Fully Integrated Data
Smarter Experimentation with Fully Integrated Data
 
Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...
 
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
 
Analyst Webinar: Best Practices In Enabling Data-Driven Decision Making
Analyst Webinar: Best Practices In Enabling Data-Driven Decision MakingAnalyst Webinar: Best Practices In Enabling Data-Driven Decision Making
Analyst Webinar: Best Practices In Enabling Data-Driven Decision Making
 
Agile Mumbai 2022 - Balvinder Kaur & Sushant Joshi | Real-Time Insights and A...
Agile Mumbai 2022 - Balvinder Kaur & Sushant Joshi | Real-Time Insights and A...Agile Mumbai 2022 - Balvinder Kaur & Sushant Joshi | Real-Time Insights and A...
Agile Mumbai 2022 - Balvinder Kaur & Sushant Joshi | Real-Time Insights and A...
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
 
Trustable Tech Mark / Magic Monday at Casa Jasmina Torino
Trustable Tech Mark / Magic Monday at Casa Jasmina TorinoTrustable Tech Mark / Magic Monday at Casa Jasmina Torino
Trustable Tech Mark / Magic Monday at Casa Jasmina Torino
 
Internet of Things With Privacy in Mind
Internet of Things With Privacy in MindInternet of Things With Privacy in Mind
Internet of Things With Privacy in Mind
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
 
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) planCWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
 
TLabs - deutsche telekom
TLabs - deutsche telekomTLabs - deutsche telekom
TLabs - deutsche telekom
 
GDPR Noncompliance: Avoid the Risk with Data Virtualization
GDPR Noncompliance: Avoid the Risk with Data VirtualizationGDPR Noncompliance: Avoid the Risk with Data Virtualization
GDPR Noncompliance: Avoid the Risk with Data Virtualization
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR Compliance
 
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdprSharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
 

Más de Sagara Gunathunga

Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscapeSagara Gunathunga
 
Consumer Identity World EU - Five pillars of consumer IAM
Consumer Identity World EU - Five pillars of consumer IAM Consumer Identity World EU - Five pillars of consumer IAM
Consumer Identity World EU - Five pillars of consumer IAM Sagara Gunathunga
 
kicking your enterprise security up a notch with adaptive authentication sa...
kicking your enterprise security up a notch with adaptive authentication sa...kicking your enterprise security up a notch with adaptive authentication sa...
kicking your enterprise security up a notch with adaptive authentication sa...Sagara Gunathunga
 
Synergies across APIs and IAM
Synergies across APIs and IAMSynergies across APIs and IAM
Synergies across APIs and IAMSagara Gunathunga
 
GDPR impact on Consumer Identity and Access Management (CIAM)
GDPR impact on Consumer Identity and Access Management (CIAM)GDPR impact on Consumer Identity and Access Management (CIAM)
GDPR impact on Consumer Identity and Access Management (CIAM)Sagara Gunathunga
 
Introduction to the All New WSO2 Governance Centre
Introduction to the All New WSO2 Governance CentreIntroduction to the All New WSO2 Governance Centre
Introduction to the All New WSO2 Governance CentreSagara Gunathunga
 
Building Services with WSO2 Application Server and WSO2 Microservices Framewo...
Building Services with WSO2 Application Server and WSO2 Microservices Framewo...Building Services with WSO2 Application Server and WSO2 Microservices Framewo...
Building Services with WSO2 Application Server and WSO2 Microservices Framewo...Sagara Gunathunga
 
An Introduction to WSO2 Microservices Framework for Java
An Introduction to WSO2 Microservices Framework for JavaAn Introduction to WSO2 Microservices Framework for Java
An Introduction to WSO2 Microservices Framework for JavaSagara Gunathunga
 
Understanding Microservice Architecture WSO2Con Asia 2016
Understanding Microservice Architecture WSO2Con Asia 2016 Understanding Microservice Architecture WSO2Con Asia 2016
Understanding Microservice Architecture WSO2Con Asia 2016 Sagara Gunathunga
 
Introduction to the all new wso2 governance centre asia 16
Introduction to the all new wso2 governance centre asia 16Introduction to the all new wso2 governance centre asia 16
Introduction to the all new wso2 governance centre asia 16Sagara Gunathunga
 
Building Your Own Store with WSO2 Enterprise Store: The WSO2 Store Case Study
Building Your Own Store with WSO2 Enterprise Store: The WSO2 Store Case StudyBuilding Your Own Store with WSO2 Enterprise Store: The WSO2 Store Case Study
Building Your Own Store with WSO2 Enterprise Store: The WSO2 Store Case StudySagara Gunathunga
 
Introduction to the All New WSO2 Governance Centre
Introduction to the All New WSO2 Governance CentreIntroduction to the All New WSO2 Governance Centre
Introduction to the All New WSO2 Governance CentreSagara Gunathunga
 
Java colombo-deep-dive-into-jax-rs
Java colombo-deep-dive-into-jax-rsJava colombo-deep-dive-into-jax-rs
Java colombo-deep-dive-into-jax-rsSagara Gunathunga
 
JavaEE and RESTful development - WSO2 Colombo Meetup
JavaEE and RESTful development - WSO2 Colombo Meetup JavaEE and RESTful development - WSO2 Colombo Meetup
JavaEE and RESTful development - WSO2 Colombo Meetup Sagara Gunathunga
 
Application Monitoring with WSO2 App Server
Application Monitoring with WSO2 App ServerApplication Monitoring with WSO2 App Server
Application Monitoring with WSO2 App ServerSagara Gunathunga
 
Creating APIs with the WSO2 Platform
Creating APIs with the WSO2 PlatformCreating APIs with the WSO2 Platform
Creating APIs with the WSO2 PlatformSagara Gunathunga
 
Apache contribution-bar camp-colombo
Apache contribution-bar camp-colomboApache contribution-bar camp-colombo
Apache contribution-bar camp-colomboSagara Gunathunga
 

Más de Sagara Gunathunga (20)

Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscape
 
Consumer Identity World EU - Five pillars of consumer IAM
Consumer Identity World EU - Five pillars of consumer IAM Consumer Identity World EU - Five pillars of consumer IAM
Consumer Identity World EU - Five pillars of consumer IAM
 
kicking your enterprise security up a notch with adaptive authentication sa...
kicking your enterprise security up a notch with adaptive authentication sa...kicking your enterprise security up a notch with adaptive authentication sa...
kicking your enterprise security up a notch with adaptive authentication sa...
 
Synergies across APIs and IAM
Synergies across APIs and IAMSynergies across APIs and IAM
Synergies across APIs and IAM
 
GDPR impact on Consumer Identity and Access Management (CIAM)
GDPR impact on Consumer Identity and Access Management (CIAM)GDPR impact on Consumer Identity and Access Management (CIAM)
GDPR impact on Consumer Identity and Access Management (CIAM)
 
Introduction to the All New WSO2 Governance Centre
Introduction to the All New WSO2 Governance CentreIntroduction to the All New WSO2 Governance Centre
Introduction to the All New WSO2 Governance Centre
 
Building Services with WSO2 Application Server and WSO2 Microservices Framewo...
Building Services with WSO2 Application Server and WSO2 Microservices Framewo...Building Services with WSO2 Application Server and WSO2 Microservices Framewo...
Building Services with WSO2 Application Server and WSO2 Microservices Framewo...
 
An Introduction to WSO2 Microservices Framework for Java
An Introduction to WSO2 Microservices Framework for JavaAn Introduction to WSO2 Microservices Framework for Java
An Introduction to WSO2 Microservices Framework for Java
 
Understanding Microservice Architecture WSO2Con Asia 2016
Understanding Microservice Architecture WSO2Con Asia 2016 Understanding Microservice Architecture WSO2Con Asia 2016
Understanding Microservice Architecture WSO2Con Asia 2016
 
Introduction to the all new wso2 governance centre asia 16
Introduction to the all new wso2 governance centre asia 16Introduction to the all new wso2 governance centre asia 16
Introduction to the all new wso2 governance centre asia 16
 
Building Your Own Store with WSO2 Enterprise Store: The WSO2 Store Case Study
Building Your Own Store with WSO2 Enterprise Store: The WSO2 Store Case StudyBuilding Your Own Store with WSO2 Enterprise Store: The WSO2 Store Case Study
Building Your Own Store with WSO2 Enterprise Store: The WSO2 Store Case Study
 
Introduction to the All New WSO2 Governance Centre
Introduction to the All New WSO2 Governance CentreIntroduction to the All New WSO2 Governance Centre
Introduction to the All New WSO2 Governance Centre
 
Java colombo-deep-dive-into-jax-rs
Java colombo-deep-dive-into-jax-rsJava colombo-deep-dive-into-jax-rs
Java colombo-deep-dive-into-jax-rs
 
JavaEE and RESTful development - WSO2 Colombo Meetup
JavaEE and RESTful development - WSO2 Colombo Meetup JavaEE and RESTful development - WSO2 Colombo Meetup
JavaEE and RESTful development - WSO2 Colombo Meetup
 
Application Monitoring with WSO2 App Server
Application Monitoring with WSO2 App ServerApplication Monitoring with WSO2 App Server
Application Monitoring with WSO2 App Server
 
WSO2 Application Server
WSO2 Application ServerWSO2 Application Server
WSO2 Application Server
 
Creating APIs with the WSO2 Platform
Creating APIs with the WSO2 PlatformCreating APIs with the WSO2 Platform
Creating APIs with the WSO2 Platform
 
WSO2 AppDev platform
WSO2 AppDev platformWSO2 AppDev platform
WSO2 AppDev platform
 
Apache contribution-bar camp-colombo
Apache contribution-bar camp-colomboApache contribution-bar camp-colombo
Apache contribution-bar camp-colombo
 
What is new in Axis2 1.7.0
What is new in Axis2 1.7.0 What is new in Axis2 1.7.0
What is new in Axis2 1.7.0
 

Último

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Último (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

Privacy by Design as a system design strategy - EIC 2019

  • 1. Privacy By Design as a System Design Strategy Sagara Gunathunga Director, WSO2 sagara@wso2.com
  • 2. About Me ● Director of Identity & Access Management at WSO2 ● Mainly focuses on WSO2 Identity and Access Management (IAM) offerings ● Core member of WSO2's effort in making its products and business processes GDPR compliant ● PMC member and committer for a number of Apache projects including Apache Axis2 and Apache Web Services
  • 4. Global Privacy Outlook D Data Protection Act PIPEDA Privacy Act of 1988 HIPAA, COPPA, CCPA, etc.. Information Technology Act Personal Information Protection Act Personal Data Protection Bill POPI
  • 5. Privacy is a Fundamental Human Right: GDPR
  • 6. Take Back Control Of Your Personal Information: Ccpa
  • 7. 7 GDPR CCPA DPA One Way To Look At This Challenge
  • 8. An Alternative Way to Look at the Problem
  • 9. Privacy by Design (PbD) Principles 1 2 3 4 5 6 7 Proactive not reactive - preventative not remedical Lead with privacy as the default setting Embed privacy into design Retain full functionality(positive-sum, not zero-sum) Ensure end-to-end security Maintain visibility and transparency-keep it open Respect user privacy-keep it user-centric
  • 10. Well… How can we Put These Principles into ACTION
  • 11. Separate Personal Data (PII) from Other Business Data
  • 13. A Typical System of a Business Organization Personal information is scattered all over the system
  • 14. A Typical System of a Business Organization Personal information (user data) is scattered all over the system
  • 15. ● Number of systems to protect ● Number of systems to modify and replace to support privacy standards ● Personal data removal needs changes in multiple places ● Increased chance of personal data breaches A Typical System Of A Business Organization
  • 16. Solution Move all the personal information (user data) into a separate system so that other applications can look-up user data on demand
  • 17. ● Reduce development and maintenance cost ● Reduce development and maintenance time ● Reduce system complexity ● Reduce the chance of personal data breaches ● Can adopt to future expansions easily Solution
  • 18. Wait... My Organization Uses A Number Of Cloud Applications ?
  • 19. Solution Most cloud applications today facilitate connecting to your corporate user management system as a trusted identity provider (trusted IdP)
  • 21. Anonymization Vs Pseudonymization Anonymization X Medical Report Medical Report John Doe SID536262 Pseudonymization Medical Report Medical Report John Doe SID536262 Name SID John Doe SID536262
  • 22. Apply Anonymization and Pseudonymization into your Design System-Id Identity and Access Management System
  • 23. Use Standard Protocols and Security Tokens for PII Sharing
  • 24. Standard Protocols and Security Tokens ● Use standard transport security protocols and latested tools ○ TLS/SSL ○ Strong algorithm and key for hashing/encryption ● Use standard protocols ○ SAML ○ OAuth2/OIDC ○ WS-Federation ● Use standard security tokens over custom tokens ○ SAML tokens ○ JWT, OIDC IDToken
  • 25. Standard Protocols and Security Tokens
  • 26. Pick the Correct Token Type ● OAuth2 Bearer By Reference ● SAML 2.0 ● JWT ● OIDC IDToken By Value
  • 28. Provide Transparency Be transparent on ‘why’ you need specific PII data, how do you going to store and process, how long you retain those data. Source : https://startwithwhy.com/
  • 29. Provide Transparency Source : https://startwithwhy.com/ Example, in a mobile application, ● Clearly show ‘location service’ icon when the app utilize customer location. ● Clearly show ‘bluetooth’ icon when the app communicate with another device via bluetooth.
  • 30. Minimize PII data collection and storing ● Make sure to capture absolutely necessary set of PII only for current purposes. ● Consider data retention policy and implement data removal logic as a core requirement. ● Preference on storing results instead of raw PII data. ● Try to depend on system generated ids for identification. ● Use hashing and encryption whenever possible on PII data.
  • 31. Minimize PII Data Collection and Storing Example : In a restaurant recommendation application, capture nearest city for processing instead of exact coordination of the user. Example : In a mobile application, use system generated id to track usages data of the application instead of mobile number or IMEI id.
  • 32. Focus on Consent Management
  • 33. Focus on Consent Management
  • 34. Make Customer in Control on Own Data
  • 35. Make Customer in Control on Their Data
  • 36. Solution Provide a self-care user portal for users so that they can exercise their individual rights
  • 37. Solution ● Individuals can access, modify, and remove their personal information ● Data processing activities can be informed and made transparent ● Individuals can download a copy of their personal data ● Can have a medium to submit ‘forget-me’ requests
  • 38. References ● https://wso2.com/solutions/regulatory-compliance/gdpr/ ● https://docs.wso2.com/display/IS550/General+Data+Protection+Regulation ● https://ec.europa.eu/justice/smedataprotect/index_en.htm ● https://www.smashingmagazine.com/2017/07/privacy-by-design-framework/