Podcasts about Privacy by design

Framework for systems engineering

  • 103PODCASTS
  • 144EPISODES
  • 33mAVG DURATION
  • 1MONTHLY NEW EPISODE
  • Mar 16, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about Privacy by design

Latest podcast episodes about Privacy by design

Masters of Privacy
Newsroom: Winter 2025. SDKs under fire, AI Agents everywhere, AI Act-GDPR overlaps, major cases and serious fines

Masters of Privacy

Play Episode Listen Later Mar 16, 2025 23:01


It is time for a seasonal update at the intersection of Marketing, Data, Privacy and Technology. As usual, this Newsroom is divided into five blocks: ePrivacy & regulatory updates; MarTech & AdTech; AI, Competition and Digital Markets; PETs and Zero-Party Data; and Future of Media. TL;DL: The use of SDKs for data collection/sharing has been a common factor in various fines and lawsuits on both sides of the pond. The EDPB sparked an important debate on personal data-powered AI in the EU. Texas and California went after Allstate and Honda respectively. La Liga (ES), Netflix (NL), Meta (IR), and others received fines. The FTC put an end to personal data sales by General Motors. The My Health My Data Act (WA) was put to the test. AI “reasoning” models exploded, and then AI Agents followed. Garante (IT) blocked DeepSeek and a class action in Germany could have a major impact across the EU. Australia updated its legal framework. The biggest CDP players dissolved into adjacent markets and Google kept marching towards PET-powered AdTech. All references and links can be found in this episode's blog post.

Masters of Privacy
Mark Jaffe (Rivian): connected cars, assisted driving, and Privacy by Design

Masters of Privacy

Play Episode Listen Later Mar 2, 2025 35:02


What is the best way to address privacy risks in the context of connected cars? Is data minimization compatible with assisted driving? What is the meaning of “Core Vehicle Data”? Mark Jaffe leads the Rivian ethics, compliance and privacy program. This includes ethical culture, compliance oversight, privacy, and investigations.  Prior to joining Rivian, Mark was Senior Vice President for Privacy at Teleperformance, a global business process outsourcer with over 400,000 employees operating in over 80 countries, spending almost two years in Singapore managing privacy issues in the Asia Pacific region. He has also dealt with data protection compliance in Europe, Middle East, and Africa.  Prior to that, Mark spent 17 years at AT&T in global privacy roles as well as global compliance and ethics roles. Our guest is a frequent speaker on a variety of topics related to privacy compliance and data ethics. Mark earned his B.A., cum laude, from Duke University and his J.D., cum laude, from Northwestern University.  References: Mark Jaffe on LinkedIn Rivian's Privacy Hub FTC bans General Motors from selling driving data without permission, adding to case for CarPlay 2 (9to5Mac, January 2025) 800,000 EV drivers' data exposed in Volkswagen breach (The Register, January 2025) Privacy Not Included, a Mozilla Report about connected cars and privacy (“It's Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy”, September 2023) Investigation by Netherlands' DPA prompts changes to Tesla security cameras (IAPP, 2023) Tesla workers shared sensitive images recorded by customer cars (Reuters, 2022) Privacy4Cars  

Masters of Privacy (ES)
Nuria Ruiz: ingeniería de privacidad y Lean Analytics en acción

Masters of Privacy (ES)

Play Episode Listen Later Nov 25, 2024 34:06


Nuria Ruiz es ingeniera de datos en Netflix y antes ha liderado el equipo de ingeniería de datos en Wikipedia. Ha dedicado mucho tiempo a explorar el aprovechamiento respetuoso de datos a gran escala, forjándose profesionalmente en Amazon y habiendo comenzado su carrera en el Laboratorio de Oceanografía Física de Seattle. Con Nuria hemos hablado de Lean Analytics, así como de la aplicación práctica del principio de minimización en el recabado y uso de datos, en el contexto de la boyante disciplina de ingeniería de privacidad (“Privacy Engineering”). También hemos tocado Privacy Enhancing Technologies y ejemplos muy concretos de mejores prácticas.  Referencias:  Nuria Ruiz en LinkedIn Resumen de ponencias en PEPR'24 (USENIX Conference on Privacy Engineering Practice and Respect) Damien Desfontaines: Differential Privacy in Data Clean Rooms (Masters of Privacy) Luke Mulks - Brave: privacy-preserving ads (Masters of Privacy).

InfosecTrain
7 Principles of Privacy by Design

InfosecTrain

Play Episode Listen Later Sep 23, 2024 5:10


Privacy by Design (PbD) is a proactive way to make sure privacy is incorporated from the beginning in technology, systems, and procedures. The integration of privacy into every stage of business or product development is ensured by this methodology. It helps organizations handle personal information more securely in today's privacy-conscious culture and is regarded as an industry standard. Organizations may protect data, foster consumer trust, comply with privacy regulations, and establish a more secure and privacy-focused workplace by following the 7 Principles of Privacy by Design. What is Privacy by Design? Privacy by Design (PbD) is a method that integrates privacy from the outset into technologies, systems, and procedures. It promotes being proactive rather than reactive in order to protect personal data before issues arise. Using this approach allows organizations to make privacy a fundamental part of their practices, rather than just an afterthought. By integrating privacy considerations from the beginning, they ensure that protecting user data becomes a standard part of their processes, helping to build trust and enhance security. Businesses can adhere to data protection laws and gain the trust of their clients by integrating privacy into every aspect of their operations. View More: 7 Principles of Privacy by Design

Masters of Privacy
Jay Averitt: the evolving role of the Privacy Engineer, technical privacy reviews and DPIAs

Masters of Privacy

Play Episode Listen Later Aug 30, 2024 27:55


Jay Averitt is currently a Senior Privacy Product Manager at Microsoft, where he manages technical privacy reviews involving Microsoft365 products including CoPilot, GPT, and other LLM products. He was previously a Privacy Engineer at Twitter, where he managed technical privacy reviews across the platform. He's been working in privacy for over a decade as both a privacy technologist and a privacy attorney. Before switching to technical privacy, he worked as a technology counsel at SAP, SAS, and Lenovo.   References: Jay Averitt on LinkedIn NIST, Privacy Engineering Program Daniel J. Solove, Against Privacy Essentialism María P. Angel and Ryan Calo, Distinguishing Privacy Law: A Critique of Privacy as Social Taxonomy Sergio Maldonado, Some takeaways from PEPR'24 (USENIX Conference on Privacy Engineering Practice and Respect 2024)

Reimagining Cyber
Connected Car Chaos - Ep 102

Reimagining Cyber

Play Episode Listen Later Jun 19, 2024 31:12 Transcription Available


In this podcast episode, hosts Rob Aragao and Stan Wisseman are joined by Arun DeSouza, a renowned expert in connected vehicle security and former CISO at leading automotive companies. Arun begins by highlighting the critical challenges facing connected vehicles, emphasizing the importance of security by design throughout the development lifecycle. He stresses the need for rigorous vulnerability assessments and penetration testing to prevent vulnerabilities that could lead to remote hacking or data breaches.Arun discusses the vital role of infrastructure connectivity and encryption in securing data transmission between vehicles and the cloud. He emphasizes the necessity of secure over-the-air software updates to patch vulnerabilities promptly. Addressing the risks associated with peripheral devices connected to vehicles, Arun advocates for robust system interface protections and micro-segmentation strategies to isolate critical systems from non-critical ones.Privacy and data security emerge as central concerns, with Arun emphasizing the importance of adhering to privacy-by-design principles. He discusses the implications of GDPR-like standards for protecting sensitive data collected by connected vehicles and underscores the need for user consent frameworks in data handling practices.The conversation extends to the complex automotive supply chain ecosystem, where Arun stresses the importance of implementing robust security measures across third-party suppliers. He highlights the role of continuous security assessments and collaborative efforts within the supply chain to mitigate cybersecurity risks effectively.Concluding the episode, Arun offers practical advice for consumers considering connected vehicles, suggesting they seek transparency from manufacturers regarding cybersecurity features. He encourages leveraging industry networks and expert advice to make informed decisions about vehicle purchases in 2024.Join us for an insightful exploration of the evolving landscape of connected vehicle security.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

ITSPmagazine | Technology. Cybersecurity. Society
Practical Privacy by Design - Building Secure Applications that Respect Privacy | An OWASP AppSec Global Lisbon 2024 Conversation with Kim Wuyts and Avi Douglen | On Location Coverage with Sean Martin and Marco Ciappelli

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Jun 14, 2024 32:20


Guests: Kim Wuyts, Manager Cyber & Privacy, PwC Belgium [@PwC_Belgium]On LinkedIn | https://www.linkedin.com/in/kwuyts/On Twitter | https://twitter.com/WuytskiOn Mastodon | https://mastodon.social/@kimwAvi Douglen, CEO / Board of Directors, Bounce Security & OWASPOn LinkedIn | https://www.linkedin.com/in/avidouglen/On Twitter | https://twitter.com/sec_tigger____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of On Location with Sean and Marco, host Sean Martin offers a deep dive into the OWASP AppSec Lisbon event, engaging in a meaningful conversation with Kim Wuyts and Avi Douglen. Sean starts by setting the stage for an insightful discussion focused on privacy, security, and the integration of both in modern application development.Kim Wuyts, a Cyber and Privacy Manager at PwC Belgium, shares her journey from a security researcher to a privacy engineering expert, emphasizing the importance of privacy threat modeling and the intricate balance between security and privacy. She explains how privacy not only strengthens security but also involves complex considerations like legal, ethical, and technological aspects. Kim highlights the need for companies to adopt privacy by design, ensuring data is used with care and transparency, rather than merely being collected and stored.Avi Douglen, Lead Consultant at Bounce Security, brings his experience in threat modeling to the conversation, recounting his learning curve in understanding the depths of privacy beyond mere confidentiality. He speaks about the importance of educating security engineers on privacy considerations and using value-driven security to protect stakeholders' interests. Avi stresses that privacy and security should be integrated from the beginning of the application development process to avoid clashes and ensure robust, privacy-respecting systems.Throughout the discussion, the guests delve into various privacy engineering practices, including data minimization, the handling of meta-information, and the potential conflicts between security requirements and privacy needs. They touch on real-world scenarios where privacy can enhance overall security posture and how privacy engineering aligns with compliance requirements such as GDPR.Sean, Kim, and Avi also explore the concept of architectural data mapping and selecting the right components for privacy. They discuss the evolving skill set required for privacy engineering and how integrating privacy with existing security practices can add significant value to any organization.The episode concludes with a look at the upcoming training session at the OWASP AppSec event in Lisbon, emphasizing the need for a diverse audience, including security engineers, privacy professionals, and developers. This session aims to foster a collaborative environment where participants can expand their knowledge and apply practical privacy by design principles in their work.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube:

Redefining CyberSecurity
Practical Privacy by Design - Building Secure Applications that Respect Privacy | An OWASP AppSec Global Lisbon 2024 Conversation with Kim Wuyts and Avi Douglen | On Location Coverage with Sean Martin and Marco Ciappelli

Redefining CyberSecurity

Play Episode Listen Later Jun 14, 2024 32:20


Guests: Kim Wuyts, Manager Cyber & Privacy, PwC Belgium [@PwC_Belgium]On LinkedIn | https://www.linkedin.com/in/kwuyts/On Twitter | https://twitter.com/WuytskiOn Mastodon | https://mastodon.social/@kimwAvi Douglen, CEO / Board of Directors, Bounce Security & OWASPOn LinkedIn | https://www.linkedin.com/in/avidouglen/On Twitter | https://twitter.com/sec_tigger____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of On Location with Sean and Marco, host Sean Martin offers a deep dive into the OWASP AppSec Lisbon event, engaging in a meaningful conversation with Kim Wuyts and Avi Douglen. Sean starts by setting the stage for an insightful discussion focused on privacy, security, and the integration of both in modern application development.Kim Wuyts, a Cyber and Privacy Manager at PwC Belgium, shares her journey from a security researcher to a privacy engineering expert, emphasizing the importance of privacy threat modeling and the intricate balance between security and privacy. She explains how privacy not only strengthens security but also involves complex considerations like legal, ethical, and technological aspects. Kim highlights the need for companies to adopt privacy by design, ensuring data is used with care and transparency, rather than merely being collected and stored.Avi Douglen, Lead Consultant at Bounce Security, brings his experience in threat modeling to the conversation, recounting his learning curve in understanding the depths of privacy beyond mere confidentiality. He speaks about the importance of educating security engineers on privacy considerations and using value-driven security to protect stakeholders' interests. Avi stresses that privacy and security should be integrated from the beginning of the application development process to avoid clashes and ensure robust, privacy-respecting systems.Throughout the discussion, the guests delve into various privacy engineering practices, including data minimization, the handling of meta-information, and the potential conflicts between security requirements and privacy needs. They touch on real-world scenarios where privacy can enhance overall security posture and how privacy engineering aligns with compliance requirements such as GDPR.Sean, Kim, and Avi also explore the concept of architectural data mapping and selecting the right components for privacy. They discuss the evolving skill set required for privacy engineering and how integrating privacy with existing security practices can add significant value to any organization.The episode concludes with a look at the upcoming training session at the OWASP AppSec event in Lisbon, emphasizing the need for a diverse audience, including security engineers, privacy professionals, and developers. This session aims to foster a collaborative environment where participants can expand their knowledge and apply practical privacy by design principles in their work.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube:

The Shifting Privacy Left Podcast
S3E9: 'Building a Culture of Privacy & Achieving Compliance without Sacrificing Innovation' with Amaka Ibeji (Cruise)

The Shifting Privacy Left Podcast

Play Episode Listen Later Apr 2, 2024 43:24 Transcription Available


Today, I'm joined by Amaka Ibeji, Privacy Engineer at Cruise where she designs and implements robust privacy programs and controls. In this episode, we discuss Amaka's passion for creating a culture of privacy and compliance within organizations and engineering teams. Amaka also hosts the PALS Parlor Podcast, where she speaks to business leaders and peers about privacy, AI governance, leadership, and security and explains technical concepts in a digestible way. The podcast aims to enable business leaders to do more with their data and provides a way for the community to share knowledge with one other.In our conversation, we touch on her career trajectory from security engineer to privacy engineer and the intersection of cybersecurity, privacy engineering, and AI governance. We highlight the importance of early engagement with various technical teams to enable innovation while still achieving privacy compliance. Amaka also shares the privacy-enhancing technologies (PETs) that she is most excited about, and she recommends resources for those who want to learn more about strategic privacy engineering. Amaka emphasizes that privacy is a systemic, 'wicked problem' and offers her tips for understanding and approaching it. Topics Covered:How Amaka's compliance-focused experience at Microsoft helped prepare her for her Privacy Engineering role at CruiseWhere privacy overlaps with the development of AI Advice for shifting privacy left to make privacy stretch beyond a compliance exerciseWhat works well and what doesn't when building a 'Culture of Privacy'Privacy by Design approaches that make privacy & innovation a win-win rather than zero-sum gamePrivacy Engineering trends that Amaka sees; and, the PETs about which she's most excitedAmaka's Privacy Engineering resource recommendations, including: Hoepman's "Privacy Design Strategies" book;The LINDDUN Privacy Threat Modeling Framework; andThe PLOT4AI Framework"The PALS Parlor Podcast," focused on Privacy Engineering, AI Governance, Leadership, & SecurityWhy Amaka launched the podcast;Her intended audience; andTopics that she plans to cover this yearThe importance of collaboration; building a community of passionate privacy engineers, and addressing the systemic issue of privacy Guest Info & Resources:Follow Amaka on LinkedInListen to The PALS Parlor PodcastRead Jaap-Henk Hoepman's "Privacy Design Strategies (The Little Blue Book)"Read Jason Cronk's "Strategic Privacy by Design, 2nd Edition"Check out The LINDDUN Privacy Threat Modeling FrameworkCheck out The Privacy Library of Threats for Artificial Intelligence (PLOT4.AI) Framework Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.TRU Staffing Partners Top privacy talent - when you need it, where you need it.Shifting Privacy Left Media Where privacy engineers gather, share, & learnDisclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Masters of Privacy
Ellison Anne Williams: Homomorphic Encryption and its interplay with other PETs

Masters of Privacy

Play Episode Listen Later Apr 2, 2024 24:13


What is Homomorphic Encryption? Can it be leveraged in the context of cross-vertical challenges? Dr. Ellison Anne Williams is the Founder and CEO of Enveil, the pioneering data security startup protecting Data in Use. She has more than a decade of experience spearheading avant-garde efforts in the areas of large scale analytics, information security and privacy, computer network exploitation, and network modeling at the National Security Agency and the Johns Hopkins University Applied Physics Laboratory. In addition to her leadership experience, she is accomplished in the fields of distributed computing and algorithms, cryptographic applications, graph theory, combinatorics, machine learning, and data mining and holds a Ph.D. in Mathematics (Algebraic Combinatorics), a M.S. in Mathematics (Set Theoretic Topology), and a M.S. in Computer Science (Machine Learning).   References: Dr. Ellison Anne Williams (full profile), Enveil Enveil Drives Data Value Across Silos with Enhanced Encrypted Search Offering ICO Guidance on Privacy Enhancing Technologies Matthias Eigenmann: Confidential Computing, contractual relationships, and legal bases for Data Clean Rooms (Masters of Privacy) Damien Desfontaines: Differential Privacy in Data Clean Rooms (Masters of Privacy)  

The Shifting Privacy Left Podcast
S3E8: 'Recent FTC Enforcement: What Privacy Engineers Need to Know' with Heidi Saas (H.T. Saas)

The Shifting Privacy Left Podcast

Play Episode Listen Later Mar 26, 2024 75:33 Transcription Available


In this week's episode, I am joined by Heidi Saas, a privacy lawyer with a reputation for advocating for products and services built with privacy by design and against the abuse of personal data. In our conversation, she dives into recent FTC enforcement actions, analyzing five FTC actions and some enforcement sweeps by Colorado & Connecticut. Heidi shares her insights on the effect of the FTC enforcement actions and what privacy engineers need to know, emphasizing the need for data management practices to be transparent, accountable, and based on affirmative consent. We cover the role of privacy engineers in ensuring compliance with data privacy laws; why 'browsing data' is 'sensitive data;' the challenges companies face regarding data deletion; and the need for clear consent mechanisms, especially with the collection and use of location data. We also discuss the need to audit the privacy posture of products and services - which includes a requirement to document who made certain decisions - and how to prioritize risk analysis to proactively address risks to privacy.Topics Covered: Heidi's journey into privacy law and advocacy for privacy by design and defaultHow the FTC brings enforcement actions, the effect of their settlements, and why privacy engineers should pay closer attentionCase 1: FTC v. InMarket Media - Heidi explains the implication of the decision: where data that are linked to a mobile advertising identifier (MAID) or an individual's home are not considered de-identifiedCase 2: FTC v. X-Mode Social / OutLogic - Heidi explains the implication of the decision, focused on: affirmative express consent for location data collection; definition of a 'data product assessment' and audit programs; and data retention & deletion requirementsCase 3: FTC v. Avast - Heidi explains the implication of the decision: 'browsing data' is considered 'sensitive data'Case 4: The People (CA) v. DoorDash - Heidi explains the implications of the decision, based on CalOPPA: where companies that share personal data with one another as part of a 'marketing cooperative' are, in fact, selling of dataHeidi discusses recent State Enforcement Sweeps for privacy, specifically in Colorado and Connecticut and clarity around breach reporting timelinesThe need to prioritize independent third-party audits for privacyCase 5: FTC v. Kroger - Heidi explains why the FTC's blocking of Kroger's merger with Albertson's was based on antitrust and privacy harms given the sheer amount of personal data that they processTools and resources for keeping up with FTC cases and connecting with your privacy community Guest Info: Follow Heidi on LinkedInRead (book):  'Means of Control: How the Hidden Alliance of Tech and Government is Creating a New American Surveillance State' Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.TRU Staffing Partners Top privacy talent - when you need it, where you need it.Shifting Privacy Left Media Where privacy engineers gather, share, & learnDisclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Precision Neuroscience Reimagined
Precision Neuroscience Reimagined: Privacy by Design

Precision Neuroscience Reimagined

Play Episode Listen Later Mar 18, 2024 33:59


In this episode of Precision Neuroscience Reimagined, Tina is joined by Simon Pillinger, Head of Information Governance, Ethics and Patient and Public Involvement at Akrivia Health. Together, they revisit the topic of Information Governance, diving deeper into what's happening in the world right now, best practices and anonymisation. Simon offers invaluable guidance for navigating the complex terrain of data governance in healthcare. - - - - - Produced by Clarity Podcasts: https://claritypodcasts.co.uk/ - - - - -

RSA Conference
The Basics: Privacy by Design

RSA Conference

Play Episode Listen Later Feb 15, 2024 13:20


Protecting data is a critical key when developing products, systems, or services. What are some privacy measures to consider? Join us for a discussion on the overview of Privacy By Design and how to implement it into practice. Speakers: Kim Wuyts, Manager Cyber & Privacy, PwC Belgium Tatyana Sanchez, Content and Programming Coordinator, RSAC

CIP Podcast - voor meer kennis over informatieveiligheid
CIP Podcast - Handleiding Privacy by Design

CIP Podcast - voor meer kennis over informatieveiligheid

Play Episode Listen Later Feb 8, 2024 48:45


In deze podcast bespreken Pauline Verhaak (Ministerie Justitie & Veiligheid) en Nine Bennink (Considerati) de achtergrond en opzet van de nieuwe Handleiding Privacy by Design. 

ITSPmagazine | Technology. Cybersecurity. Society
Proactive Privacy in the Age of AI | A Conversation with Dr. Ann Cavoukian | The Soulful CXO Podcast with Dr. Rebecca Wynn

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Feb 6, 2024 30:44


Guest:  Dr. Ann Cavoukian, Executive Director of the Global Privacy and Security by Design CentreWebsite | https://gpsbydesign.org/On LinkedIn | https://www.linkedin.com/in/ann-cavoukian-ph-d-3a78809/On Twitter | https://twitter.com/anncavoukianWikipedia | https://en.wikipedia.org/wiki/Ann_CavoukianHost: Dr. Rebecca WynnOn ITSPmagazine  

ITSPmagazine | Technology. Cybersecurity. Society
Book | The Privacy Leader Compass | A Conversation with Valerie lyons | Redefining CyberSecurity Podcast with Sean Martin

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Nov 28, 2023 56:28


Guest: Dr. Valerie Lyons, AuthorOn Linkedin | https://www.linkedin.com/in/valerielyons-privsec/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of the Redefining Cybersecurity podcast, host Sean Martin engages in a conversation with Dr. Valerie Lyons, co-author of "The Privacy Leader Compass." They discuss various aspects of privacy and provide practical guidance for privacy leaders. Dr. Lyons highlights the regulatory difference between the US and Europe's approach to privacy, with data minimization being a regulatory requirement in Europe. However, she emphasizes that it's not about which approach is better, but rather understanding and complying with the regulatory requirements. They delve into the principles of Fair Information Practices (FIPS) and privacy by design, which are enshrined in GDPR. "The Privacy Leader Compass" is designed to be a comprehensive resource for privacy leaders, incorporating the McKinsey seven S model. It goes beyond compliance, incorporating ethics, trust, and consumer satisfaction in privacy programs. The book is intended to be location and jurisdiction agnostic, allowing privacy leaders to adapt the framework to their specific contexts. The conversation also highlights the value of learning from privacy pioneers and leveraging their experiences. The book includes contributions from over 60 privacy pioneers, providing real-world examples and insights. Dr. Lyons emphasizes the importance of collaboration and learning from others' experiences rather than starting from scratch. They discuss the flexible interpretation within privacy legislation, such as the choice between appointing a Data Protection Officer (DPO) or a Chief Privacy Officer (CPO). They stress the importance of developing a privacy strategy and vision, regardless of the jurisdiction, and exploring why privacy leaders were hired for their roles. Throughout the conversation, Dr. Lyons and Sean Martin present a balanced perspective, focusing on practical guidance and empowering privacy leaders. They explore the dynamic nature of privacy and the need to go beyond compliance, considering ethics, trust, and consumer satisfaction. The conversation is grounded in real-world experiences and provides valuable insights for privacy leaders navigating the ever-changing privacy landscape.About the BookCongratulations! Perhaps you have been appointed as the Chief Privacy Officer (CPO) or the Data Protection Officer (DPO) for your company. Or maybe you are an experienced CPO/DPO, and you wonder - "what can I learn from other successful privacy experts to be even more effective?" Or perhaps you are considering a move from a different career path and deciding if this is the right direction for you.Seasoned award-winning Privacy and Cybersecurity leaders Dr. Valerie Lyons (Dublin, Ireland) and Todd Fitzgerald (Chicago, IL USA) have teamed up with over 60 award-winning CPOs, DPOs, highly respected privacy/data protection leaders, data protection authorities, and privacy standard setters who have fought the tough battle.Just as the #1 best-selling and CANON Cybersecurity Hall of Fame winning CISO Compass: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers book provided actionable advice to Chief Information Security Officers, The Privacy Leader Compass is about straight talk - delivering a comprehensive privacy roadmap applied to, and organized by, a time-tested organizational effectiveness model (the McKinsey 7-S Framework) with practical, insightful stories and lessons learned.You own your continued success as a privacy leader. If you want a roadmap to build, lead, and sustain a program respected and supported by your board, management, organization, and peers, this book is for you.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Redefining CyberSecurity
Book | The Privacy Leader Compass | A Conversation with Valerie lyons | Redefining CyberSecurity Podcast with Sean Martin

Redefining CyberSecurity

Play Episode Listen Later Nov 28, 2023 56:28


Guest: Dr. Valerie Lyons, AuthorOn Linkedin | https://www.linkedin.com/in/valerielyons-privsec/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of the Redefining Cybersecurity podcast, host Sean Martin engages in a conversation with Dr. Valerie Lyons, co-author of "The Privacy Leader Compass." They discuss various aspects of privacy and provide practical guidance for privacy leaders.Dr. Lyons highlights the regulatory difference between the US and Europe's approach to privacy, with data minimization being a regulatory requirement in Europe. However, she emphasizes that it's not about which approach is better, but rather understanding and complying with the regulatory requirements. They delve into the principles of Fair Information Practices (FIPS) and privacy by design, which are enshrined in GDPR."The Privacy Leader Compass" is designed to be a comprehensive resource for privacy leaders, incorporating the McKinsey seven S model. It goes beyond compliance, incorporating ethics, trust, and consumer satisfaction in privacy programs. The book is intended to be location and jurisdiction agnostic, allowing privacy leaders to adapt the framework to their specific contexts.The conversation also highlights the value of learning from privacy pioneers and leveraging their experiences. The book includes contributions from over 60 privacy pioneers, providing real-world examples and insights. Dr. Lyons emphasizes the importance of collaboration and learning from others' experiences rather than starting from scratch.They discuss the flexible interpretation within privacy legislation, such as the choice between appointing a Data Protection Officer (DPO) or a Chief Privacy Officer (CPO). They stress the importance of developing a privacy strategy and vision, regardless of the jurisdiction, and exploring why privacy leaders were hired for their roles.Throughout the conversation, Dr. Lyons and Sean Martin present a balanced perspective, focusing on practical guidance and empowering privacy leaders. They explore the dynamic nature of privacy and the need to go beyond compliance, considering ethics, trust, and consumer satisfaction. The conversation is grounded in real-world experiences and provides valuable insights for privacy leaders navigating the ever-changing privacy landscape.About the BookCongratulations! Perhaps you have been appointed as the Chief Privacy Officer (CPO) or the Data Protection Officer (DPO) for your company. Or maybe you are an experienced CPO/DPO, and you wonder - "what can I learn from other successful privacy experts to be even more effective?" Or perhaps you are considering a move from a different career path and deciding if this is the right direction for you.Seasoned award-winning Privacy and Cybersecurity leaders Dr. Valerie Lyons (Dublin, Ireland) and Todd Fitzgerald (Chicago, IL USA) have teamed up with over 60 award-winning CPOs, DPOs, highly respected privacy/data protection leaders, data protection authorities, and privacy standard setters who have fought the tough battle.Just as the #1 best-selling and CANON Cybersecurity Hall of Fame winning CISO Compass: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers book provided actionable advice to Chief Information Security Officers, The Privacy Leader Compass is about straight talk - delivering a comprehensive privacy roadmap applied to, and organized by, a time-tested organizational effectiveness model (the McKinsey 7-S Framework) with practical, insightful stories and lessons learned.You own your continued success as a privacy leader. If you want a roadmap to build, lead, and sustain a program respected and supported by your board, management, organization, and peers, this book is for you.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Data Privacy Detective - how data is regulated, managed, protected, collected, mined, stolen, defended and transcended.
Episode 149 - Privacy & blockchain: an open source approach to privacy by design

Data Privacy Detective - how data is regulated, managed, protected, collected, mined, stolen, defended and transcended.

Play Episode Listen Later Nov 22, 2023 22:41


Blockchain technology. Can it be a solution to privacy risks inherent in traditional IT? How is it different from cryptocurrency? What can it do to allow both individuals and organizations to limit and protect personal information exchanged in daily life? Explore these questions in Episode 149, with Zenobia Godschalk, head of communications for Swirlds Labs (https://swirldslabs.com). Take a brisk tour of an open-source approach that applies blockchain technology to our evolving web. Learn about Hedera – an open source, leaderless proof-of-stake network. Consider how an individual need not share a lot of personal information when a transaction requires only proof of one thing – such as whether the individual is an adult or whether a person actually is a bank account holder. Listen for top tips to organizations and individuals about how open-source blockchain technology can minimize risks to personal information and identity theft. Hear how public ledgers for decentralized economies are changing our digital existence and can be a means of protecting personal privacy without disrupting our digital world. Time stamps: 01:02 — What is blockchain technology, and how is it different from cryptocurrency? 07:30 — What is tokenization? 12:42 — Is blockchain 100% effective? 14:44 — Top tips for organizations in considering blockchain technology as a replacement for traditional IT 18:52 — Top tips for individuals in considering blockchain

Privacy Pros Podcast
Negotiate Like A Pro: How To Land The Career You've Always Wanted

Privacy Pros Podcast

Play Episode Listen Later Nov 21, 2023 10:24 Transcription Available


An Insider's Guide to Advancing Your Privacy CareerIn this enlightening episode we delve into the art of negotiation and career advancement with R. Jason Cronk. Jason, a renowned privacy engineer, lawyer, and author of the acclaimed IAPP textbook "Strategic Privacy by Design,".Key Highlights:1. Discover how Jason transformed his corporate role into a part-time role to allow him to work solely on Privacy By Design projects. You'll learn how to create opportunities and negotiate terms that align with your personal and professional aspirations.2. Jason also recounts challenging moments in his career, particularly dealing with resistance to privacy and security concerns within corporate departments. His takeaways emphasise the importance of choosing your battles wisely and knowing when to walk away.3. Learn from Jason's approach to negotiation, where he advocates for flexibility, adaptability, and seeking win-win solutions. He shares how creating a part-time role for himself opened doors to consulting and training opportunities, underlining the importance of not feeling trapped in your career.Whether you're facing career challenges, seeking to influence change, or exploring new avenues in privacy, Jason's experiences and strategies offer a roadmap to success.With over two decades of experience in principle and trust consulting, R. Jason Cronk is a seasoned privacy engineer, developer, lawyer, author of the IAPP textbook “Strategic Privacy by Design,”. He is also the founder and president of the Institute of Operational Privacy Design, a non-profit organisation of privacy professionals which seeks to define and drive the adoption of common and comprehensive standards to protect individuals' privacy. His knowledge and involvement reaches across the spectrum as an active member of the academic, engineering, legal and professional privacy communities and a pioneering voice in the development of privacy by design. Whether it is writing books, developing models and frameworks, or training companies and individuals alike, he is tirelessly advocating for privacy across the world.If you're ready to transform your career and become the go-to GDPR expert, get your copy of 'The Easy Peasy Guide to GDPR' here: https://www.bestgdprbook.com/Follow Jamal on LinkedIn: https://www.linkedin.com/in/kmjahmed/Follow Jason on LinkedIn: https://www.linkedin.com/in/rjc06c/Subscribe to the Privacy Pros Academy YouTube Channel► https://www.youtube.com/c/PrivacyProsJoin the Privacy Pros Academy Private Facebook Group for:Free LIVE TrainingFree Easy Peasy Data Privacy GuidesData Protection Updates and so much moreApply to join here whilst it's still free: https://www.facebook.com/groups/privacypro

Privacy Pros Podcast
The Groundbreaking Book Redefining Privacy By Design

Privacy Pros Podcast

Play Episode Listen Later Nov 14, 2023 35:58 Transcription Available


Unlocking the Power of Privacy by Design: An Exclusive Conversation with R. Jason Cronk, Author of the IAPP Textbook "Strategic Privacy By Design"In this episode, we have seasoned privacy engineer, developer, lawyer and author R. Jason Cronk on the show. Jason gives a comprehensive breakdown of the essence of privacy by design, the nuances of privacy threat modelling as well as the differences between normative and tangible privacy harms, and how companies often overlook the former.By the end of this episode, you'll learn:How to identify and model privacy threatsThe essential skills for mastering privacy by design The key qualities that define a successful privacy leaderDon't miss your chance to learn the ins and outs of privacy by design! With over two decades of experience in principle and trust consulting, R. Jason Cronk is a seasoned privacy engineer, developer, lawyer, author of the IAPP textbook “Strategic Privacy by Design,”. He is also the founder and president of the Institute of Operational Privacy Design, a non-profit organisation of privacy professionals which seeks to define and drive the adoption of common and comprehensive standards to protect individuals' privacy. His knowledge and involvement reaches across the spectrum as an active member of the academic, engineering, legal and professional privacy communities and a pioneering voice in the development of privacy by design. Whether it is writing books, developing models and frameworks, or training companies and individuals alike, he is tirelessly advocating for privacy across the world.If you're ready to transform your career and become the go-to GDPR expert, get your copy of 'The Easy Peasy Guide to GDPR' here: https://www.bestgdprbook.com/Follow Jamal on LinkedIn: https://www.linkedin.com/in/kmjahmed/Follow Jason on LinkedIn: https://www.linkedin.com/in/rjc06c/Subscribe to the Privacy Pros Academy YouTube Channel► https://www.youtube.com/c/PrivacyProsJoin the Privacy Pros Academy Private Facebook Group for:Free LIVE TrainingFree Easy Peasy Data Privacy GuidesData Protection Updates and so much moreApply to join here whilst it's still free: https://www.facebook.com/groups/privacypro

Data Privacy Detective - how data is regulated, managed, protected, collected, mined, stolen, defended and transcended.
Episode 147 — How small and mid-sized organizations can afford privacy by design

Data Privacy Detective - how data is regulated, managed, protected, collected, mined, stolen, defended and transcended.

Play Episode Listen Later Nov 9, 2023 20:46


How small and mid-sized organizations can afford privacy by design: Making data privacy and security affordable and scalable Tech giants have vast budgets for cybersecurity and data privacy. But most organizations are small or mid-sized enterprises (SMEs) and can't afford expensive in-house talent, hardware, and software to combat data piracy or prevent data breaches. How do startups, SMEs, and MSPs create a privacy responsible foundation as they start and grow? How can they make privacy part of their offering to customers? How can they maintain first-class cybersecurity and data privacy as they scale and grow on an affordable budget? Darren Gallop, co-founder and CEO of Carbide (Company | Carbide (carbidesecure.com), provides advice on these and other topics in this Episode. With an overview of how secure personal information is today, Darren explains the benefits of starting with a secure privacy-centric foundation on an outsourced basis, then adding essential tools as an organization grows. Listen for top tips on how organizations and individuals can protect sensitive personal information on an affordable basis. Time stamps: 01:59 — How secure is personal info these days? 06:10 — On a limited budget, how can small and mid-sized businesses invest in data protection? 12:02 — How does an SME maintain first-class data privacy practices? 17:19 — Top privacy tips for individuals

The Shifting Privacy Left Podcast
S2E34: "Embedding Privacy by Design & Threat Modeling for AI" with Isabel Barberá (Rhite & PLOT4ai)

The Shifting Privacy Left Podcast

Play Episode Listen Later Nov 7, 2023 50:03 Transcription Available


This week's guest is Isabel Barberá, Co-founder, AI Advisor, and Privacy Engineer at Rhite , a consulting firm specializing in responsible and trustworthy AI and privacy engineering, and creator of The Privacy Library Of Threats 4 Artificial Intelligence Framework and card game. In our conversation, we discuss: Isabel's work with privacy-by-design, privacy engineering, privacy threat modeling, and building trustworthy AI; and info about Rhite's forthcoming Self-Assessment Open-Source framework for AI maturity, SARAI®. As we wrap up the episode, Isabel shares details about PLOT4ai, her AI threat modeling framework and card game created based on a library of threats for artificial intelligence. Topics Covered:How Isabel became interested in privacy engineering, data protection, privacy by design, threat modeling, and trustworthy AIHow companies are thinking (or not) about incorporating privacy-by-design strategies & tactics and privacy engineering approaches within their orgs todayWhat steps can be taken so companies start investing in privacy engineering approaches; and whether AI has become a driver for such approaches.Background on Isabel's company, Rhite, and its mission to build responsible solutions for society and its individuals using a technical mindset. What “Responsible & Trustworthy AI” means to Isabel The 5 core values that make up the acronym, R-H-I-T-E, and why they're important for designing and building products & services.Isabel's advice for organizations as they approach AI risk assessments, analysis, & remediation The steps orgs can take in order to  build responsible AI products & servicesWhat Isabel hopes to accomplish through Rhite's new framework: SARAI® (for AI maturity), an open source AI Self-Assessment Tool and Framework, and an extension the Privacy Library Of Threats 4 Artificial Intelligence (PLOT4ai) Framework (i.e., a library of AI risks)What motivated Isabel to focus on threat modeling for privacyHow PLOT4ai builds on LINDDUN (which focuses on software development) and extends threat modeling to the AI lifecycle stages: Design, Input, Modeling, & OutputHow Isabel's experience with the LINDDUN Go card game inspired her to develop of a PLOT4ai card game to make it more accessible to teams.Isabel calls for collaborators to contribute to the PLOT4ai open source database of AI threats as the community grows.Resources Mentioned:Privacy Library Of Threats 4 Artificial Intelligence (PLOT4ai)PLOT4ai's Github Threat Repository"Threat Modeling Generative AI Systems with PLOT4ai”  Self-Assessment for Responsible AI (SARAI®)LINDDUN Privacy Threat Model Framework"S2E19: Privacy Threat Modeling - Mitigating Privacy Threats in Software with Kim Wuyts (KU Leuven)”"Data Privacy: a runbook for engineers"Guest Info:Isabel's LinkedIn ProfileRhite's Website  Copyright © 2022 - 2024 Principled LLC. All rights reserved.

The Shifting Privacy Left Podcast
S2E31: "Leveraging a Privacy Ontology to Scale Privacy Processes" with Steve Hickman (Epistimis)

The Shifting Privacy Left Podcast

Play Episode Listen Later Oct 10, 2023 51:35 Transcription Available


This week's guest is Steve Hickman, the founder of Epistimis, a privacy-first process design tooling startup that evaluate rules and enables the fixing of privacy issues before they ever take effect. In our conversation, we discuss: why the biggest impediment to protecting and respecting privacy within organizations is the lack of a common language; why we need a common Privacy Ontology in addition to a Privacy Taxonomy; Epistimis' ontological approach and how it leverages semantic modeling for privacy rules checking; and, examples of how Epistimis Privacy Design Process tooling complements privacy tech solutions on the market, not compete with them.Topics Covered:How Steve's deep engineering background in aerospace, retail, telecom, and then a short stint at Meta, led him to found Epistimis Why its been hard for companies to get privacy right at scaleHow Epistimis leverages 'semantic modeling' for rule checking and how this helps to scale privacy as part of an ontological approachThe definition of a Privacy Ontology and Steve's belief that all should use one for common understanding at all levels of the businessAdvice for designers, architects, and developers when it comes to creating and implementing privacy ontology, taxonomies & semantic modelsHow to make a Privacy Ontology usableHow Epistimis' process design tooling work with discovery and mapping platforms like BigID & Secuvy.aiHow Epistimis' process design tooling work along with a platform like Privado.ai, which scans a company's product code and then surfaces privacy risks in the code and detects processing activities for creating dynamic data mapsHow Epistimis' process design tooling works with PrivacyCode, which has a library of privacy objects, agile privacy implementations (e.g., success criteria & sample code), and delivers metrics on the privacy engineering process is goingSteve calls for collaborators who are interested in POCs and/or who can provide feedback on Epistimis' PbD processing toolingSteve describes what's next on the Epistimis roadmap, including wargamingResources Mentioned:Read Dan Solove's article, "Data is What Data Does: Regulating Based on Harm and Risk Instead of Sensitive Data"Guest Info:Connect with Steve on LinkedInReach out to Steve via EmailLearn more about Epistimis Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.Shifting Privacy Left Media Where privacy engineers gather, share, & learnDisclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Masters of Privacy
Katharine Jarmul: Demystifying Privacy Enhancing Technologies

Masters of Privacy

Play Episode Listen Later Oct 9, 2023 25:21


Katharine Jarmul is a privacy activist and data scientist focused on privacy and security in data science workflows. She's a principal data scientist at Thoughtworks and has worked at various companies in the US and Germany before that. She is also a frequent keynote speaker at software and AI conferences. Katharine has recently published “Practical Data Privacy” (O'Reilly, 2023), in which she provides a deep dive of Privacy Enhancing Technologies (“PET”), including detailed answers to increasingly common questions: How can we actually anonymize data? How does federated learning work? Can we already leverage Homomorphic Encryption to run analysis or work with data even while it is encrypted? How can we compare and pick the most appropriate PETs? Can we use open source libraries? In our discussion: Can we bring Privacy Enhancing Technologies down to earth for smaller companies to understand and apply them on a regular basis? Are they otherwise the monopoly of Big Tech, and does this mean that a company like Meta ends up becoming the unlikely poster child for Privacy by Design? Can we really speak of a common ethical framework for AI or GenAI? How does a US/Western Europe ethical framework fit within African or Asian cultures? Can we break the convenience barrier when it comes to individual control? References: Katharine Jarmul, Practical Data Privacy (O'Reilly, 2023) Katharine Jarmul on LinkedIn Katharine Jarmul on X Ethics in eCommerce Summit Shoshana Zuboff, The Age of Surveillance Capitalism

She Said Privacy/He Said Security
Privacy Regulations, Privacy by Design, and AI: Creating Engaging Apps While Remaining Compliant

She Said Privacy/He Said Security

Play Episode Listen Later Oct 5, 2023 22:54


Nia Castelly is the Co-founder and Legal Lead at Checks, a Google-backed privacy platform that uses AI to simplify privacy compliance for developers. Before Checks, Nia spent nearly five years as a legal advisor for Google Play's Developer Console, Policy, and Operations teams. Nia is an entrepreneur and supporter of early-stage startups, serving as an Angel Investor at the Black Angel Group and as a Limited Partner at How Women Invest. In this episode… In the early 2000s, Apple trademarked the phrase “there's an app for that!” Fast forward to today — the public demands applications because it simplifies areas of our lives. With that demand, developers often rush to launch but must adhere to complicated privacy regulations. How can developers create delightful apps while remaining compliant? Most mobile engineers use software developer kits, a third-party code. If developers do not adequately edit the codes, it can cause unintentional consequences, such as data collection and sharing. Seasoned lawyer Nia Castelly, co-founder of privacy platform Checks, explains there is a three-step procedure known as a triangle to analyze such issues. Once detected, mobile app companies can make requirements to be compliant. Product developers also leverage AI to translate privacy policies, helping simplify compliance complexities. In this episode of the She Said Privacy/He Said Security Podcast with Jodi and Justin Daniels, Nia Castelly, Co-founder and Legal Lead at Checks, discusses data privacy compliance within mobile app development. Nia explains how cultural differences affect privacy across the globe, demystifying compliance complexities, and procedures for governing AI within product development.

Privacy & Security Insights with PICCASO
Privacy by Design and Default: Safeguarding Personal Data with Dr Philipp Raether

Privacy & Security Insights with PICCASO

Play Episode Listen Later Aug 10, 2023 17:48


In this episode, we had a conversation with Dr Philipp Raether, Group Chief Privacy Officer at Allianz, about the significance of Privacy by Design and Default (PbD) and the protection of personal data within a multinational corporation. Within this podcast episode, Dr Philipp delves into the intricacies of embedding privacy by design, outlining the meticulous steps that yield the desired outcomes. Our discussion encompasses the following subjects:Integrating PbD into AI tools.Tackling data minimisation in AI undertakings.Navigating challenges encountered while implementing PbD within a worldwide context.Devising strategies to uphold PbD throughout the project lifecycle.Discover the fundamental principles of Privacy by Design and the importance of incorporating these strategies into your privacy programmes, contributing to a strong privacy ethos.You can read Dr Philipp's article here and learn more about PICCASO at www.piccaso.org.Sign up here to join our growing community and to stay up to date with PICCASO.

Partially Redacted: Data Privacy, Security & Compliance
Operationalizing Privacy-by-Design for New Products with Jodi and Justin Daniels

Partially Redacted: Data Privacy, Security & Compliance

Play Episode Listen Later Jul 26, 2023 47:08


In the podcast episode Jodi Daniels, Founder & CEO of Red Clover Advisors, and Justin Daniels, Legal and Corporate Counsel at Baker Donelson, share valuable insights on privacy and security considerations in product development. They discuss the common mistakes made and the crucial questions to ask when designing new products, emphasizing the need for proactive data protection. Jodi and Justin delve into core principles and best practices for integrating privacy-by-design, highlight the risks of neglecting privacy and security during product development, and explore ways to balance innovation and functionality with privacy and data protection requirements. They also address the importance of ingraining privacy and security throughout the product life cycle and provide guidance on evaluating the privacy and security implications of emerging technologies like AI. Topics: From your point of view, what do you think is the biggest mistake or oversight people make when building new products when it comes to privacy and security? What kind of questions should I be asking myself when designing a new product when it comes to data protection? What are the core principles and best practices for operationalizing privacy-by-design when developing new products? What are the potential risks and challenges associated with neglecting privacy and security considerations during the product development phase? How can organizations effectively balance the need for innovation and functionality with the requirements of privacy and data protection? What steps can companies take to ensure that privacy and security are ingrained throughout the product life cycle, from design to deployment? Are there any specific regulations or standards that companies should be aware of when it comes to privacy and security in new product development? What are some of the privacy and security challenges facing companies interested in generative AI? When it comes to any kind of new technology, like AI, how can individuals and businesses evaluate the privacy and security implications before integrating them into their operations? What are some common misconceptions or myths surrounding privacy and security in AI, and how can they be addressed? Resources: Data Reimagined: Building Trust One Byte at a Time

Hacker Valley Studio
Privacy by Design: The Future of Homomorphic Encryption & Secure Data Analytics

Hacker Valley Studio

Play Episode Listen Later Jul 11, 2023 36:59


In this episode, Chris and Ron interview Derek Wood from Duality Technologies, a leading privacy technology company to discuss the concept of homomorphic encryption and its significance in data security, privacy, and governance. Homomorphic encryption enables users to perform computations on encrypted data without exposing it, revolutionizing the way data is used and analyzed. In this episode, the group discusses the challenges in the current data landscape, the importance of security and privacy, and the potential impact of duality's solutions in various industries such as finance and healthcare. Check out Duality's webinar, Why Data, Privacy, & Security Leaders are Key to Growth & Innovation Impactful Moments: 00:00 - Introduction 01:09 - What is homomorphic encryption? 04:03 - Misconceptions of security and privacy 06:25 - What is Duality's mission? 10:04 - Does Google Drive use homomorphic encryption? 13:08 - What homomorphic encryption enables 22:08 - Innovations that Duality is working on 24:37 - Secure data analytics and Homomorphic encryption 31:41 - Impact of AI and LLMs on security and privacy Links: Stay in touch with Derek Wood on LinkedIn: https://www.linkedin.com/in/drwood/ Learn more about Duality Technologies: https://dualitytech.com/  Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

Masters of Privacy
Nick Baskett: Mastering DPIAs

Masters of Privacy

Play Episode Listen Later Jul 11, 2023 27:24


Nick Baskett is DPO at Holland & Barrett. He has a personal interest in ethics and philosophy, encryption and AI, and he once published a book on Data Protection Impact Assessments. He was also the founder of one of the early Cyber Security consultancies in the UK (Matta). With Nick we have discussed best practices around Data Protection Impact Assessments or Privacy Impact Assessments, including their management at scale in the context of privacy operations, as well as risk assessment efforts associated with Generative AI projects.   References: Nick Baskett on LinkedIn EDPB Guidelines on Data Protection Impact Assessments ICO: Data Protection Impact Assessments (guidelines and templates) ICO: Eight questions to ask ourselves in order to manage Generative AI  

Luiza's Podcast
#3: Privacy by Design in the Age of AI, with Dr. Ann Cavoukian

Luiza's Podcast

Play Episode Listen Later May 14, 2023 28:38


In this episode, Luiza Jarovsky talks with Dr. Ann Cavoukian - the inventor of Privacy by Design - about:The origins of Privacy by DesignHow it is essential for businesses, especially todayHer new Privacy by Design ISO certificationHow should we think of Privacy by Design in the Age of AIQuestions brought by the audienceLuiza Jarovsky is a lawyer, CEO of Implement Privacy, and author of Luiza's Newsletter.Read more about Luiza's work at https://www.luizajarovsky.comSubscribe to Luiza's Newsletter: https://www.luizasnewsletter.comCheck out the courses and training programs Luiza is leading at https://www.implementprivacy.comFollow Luiza on social media:LinkedIn: https://www.linkedin.com/in/luizajarovskyTwitter: https://www.twitter.com/luizaJarovskyYouTube: https://youtube.com/@luizajarovsky

Sustain Open Source Design
Episode 40: Winfried Tilanus & Emilie Tromp on Privacy by Design

Sustain Open Source Design

Play Episode Listen Later Apr 25, 2023 36:20


Guests Winfried Tilanus | Emilie Tromp Panelist Richard Littauer Show Notes Hello and welcome to Sustain Open Source Design! The podcast where we talk about sustaining open source with design. Learn how we, as designers, interface with open source in a sustainable way, how we integrate into different communities, and how we as coders, work with other designers. Richard has two amazing guests joining him, Winfried Tilanus, who's a Privacy Consultant at Privacy Company, and Emilie Tromp, who's a Social Design Strategist at Reframing Studio. Today, they discuss how Privacy by Design should be approached, and the importance of understanding the different perspectives on privacy. We'll hear about the Samen Beter project they did, challenges of designing privacy centered systems, the importance of user feedback and testing, and the iterative process of building trust with users when it comes to their data. Download this episode to hear much more! [00:01:41] What is Privacy by Design? [00:02:59] Emilie has more of a social design strategy background, so she tells us the project she worked on with Winfried through eHealth applications, and how Privacy by Design should be approached and the importance of understanding the different perspectives on privacy. [00:07:27] Richard wonders if they've implemented Privacy by Design as a theoretical framework for designing something in any open source projects or if they've talked to open source projects and how they should implement this. [00:08:53] Emilie explains more about the project they worked on called, Better Together (Samen Beter in Dutch). [00:10:05] As part of this open standard that they've built for privacy by design, we find out how they made sure that they took into account all the different definitions of privacy. [00:12:17] Emilie and Winfried highlight how they tested some concepts with end users who don't use eHealth but could envision a scenario in the future where they would be using eHealth, and they explain a game they developed called, The Privacy Game. [00:17:15] Earlier, they mentioned this is an open standard they're making, and we hear if someone wants to build an app, how they can implement Privacy by Design as a standard into their process. [00:21:24] Richard wonders if he can see the standard for Privacy by Design and how he can apply it directly whenever he's working, and Emily tells us there's a new standard for Privacy by Design, currently in the draft stage. [00:26:52] In Emilie and Winfried's work with implementing Privacy by Design, developing a standard on it, and talking to users, we learn what work they had to do to convince other people in their organization that it's a good idea, and they share some ideas on how other designers do that. [00:29:23] Winfried and Emilie gave a talk at FOSDEM, and we hear if they had any special notes about reaching out to open source designers or developers about how they could implement these principles into their work. [00:31:05] Find out where you can learn more about Privacy by Design and where to follow Winfried and Emilie on the web. Quotes [00:29:50] “It may be even easier for open source developers to work through the methodology because a lot of projects have clear stated principles as guidelines for what commits to accept or not.” [00:30:18] “When it's open source, it's much easier to show what you're doing in reality is what you show also, that it aligns.” Spotlight [00:33:08] Richard's spotlight is Privacy Badger. [00:33:28] Winfried's spotlight is the book, The Space Between Us by Cynthia Cockburn. [00:34:11] Emilie's spotlight is the book, Le Grand Vide by Lea Murawiec. Links Open Source Design Twitter (https://twitter.com/opensrcdesign) Open Source Design (https://opensourcedesign.net/) podcast@sustainoss.org (mailto:podcast@sustainoss.org) Sustain Design & UX working group (https://discourse.sustainoss.org/t/design-ux-working-group/348) SustainOSS Discourse (https://discourse.sustainoss.org/) Sustain Open Source Twitter (https://twitter.com/sustainoss?lang=en) Richard Littauer Twitter (https://twitter.com/richlitt?lang=en) Winfried Tilanus LinkedIn (https://nl.linkedin.com/in/winfriedtilanus) Winfried Tilanus Twitter (https://twitter.com/winfriedtilanus) Emilie Tromp LinkedIn (https://www.linkedin.com/in/emilie-tromp-435a971/) Privacy Company (https://www.privacycompany.eu/en/home-en) Reframing Studio (https://reframingstudio.com/) Reframing Method (https://reframingstudio.com/reframing-method) Sustain Podcast-Episode 127: GitHub Maintainer Month with Marie Kochsiek of drip and Hélène Martin of ODK (https://podcast.sustainoss.org/guests/kochsiek) FOSDEM '23 Talk: Value Driven Design by Winfried Tilanus and Emilie Tromp (https://fosdem.org/2023/schedule/event/value_driven_design/) FOSDEM '20 Talk: Designing to change it all by Winfried Tilanus (https://archive.fosdem.org/2020/schedule/event/designing_to_change_it_all/) Better Together (Samen Beter) (https://www.samenbeter.org/) GIDS-HTI-Protocol (https://github.com/GIDSOpenStandaarden/GIDS-HTI-Protocol) VIP Vision in Design: A Guidebook for Innovators by Paul Hekkert (https://www.amazon.com/VIP-Vision-Design-Guidebook-Innovators/dp/9063693710) Privacy Badger (https://privacybadger.org/) The Space Between Us by Cynthia Cockburn (https://www.bloomsbury.com/us/space-between-us-9781856496186/) Le Grand Vide by Léa Murawiec (https://www.amazon.com/Grand-Vide-L%C3%A9a-Murawiec/dp/2901000703) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr Peachtree Sound (https://www.peachtreesound.com/) Special Guests: Emilie Tromp and Winfried Tilanus.

SecurityCast
Privacy by Design & Security by Default

SecurityCast

Play Episode Listen Later Apr 12, 2023 68:35


Seja membro deste canal e ganhe benefícios: https://www.youtube.com/channel/UCTEAZTTJ69yatuMd70k2Wow/join Privacidade por Design é uma abordagem à proteção de privacidade que incorpora considerações de privacidade no design e operação de tecnologia, práticas de negócios e espaços físicos desde o início, em vez de como uma reflexão tardia. Segurança por Padrão é uma abordagem para a cibersegurança que preconiza a implementação de medidas de segurança padrão, desde o início do desenvolvimento de sistemas e produtos. Em resumo, tanto a Privacidade por Design quanto a Segurança por Padrão visam incorporar a proteção de dados e privacidade desde o início e se você quiser saber mais sobre isso, basta participar desse SecurityCast. Site - http://securitycast.com.br/ Maior grupo de discussão sobre Segurança em língua portuguesa -https://t.me/SecCastOficial​ Fonte das matérias e notícias: - https://techcrunch.com/2023/04/05/fbi-genesis-market-seized-stolen-logins/ - https://www.cisoadvisor.com.br/empresas-com-seguro-cibernetico-sao-mais-atraentes-para-hackers/ - https://www.cisoadvisor.com.br/dados-vazados-sobre-a-guerra-na-ucrania-podem-ter-sido-alterados/ - https://olhardigital.com.br/2023/04/05/internet-e-redes-sociais/chatgpt-pode-receber-seu-primeiro-processo-por-difamacao/

The Shifting Privacy Left Podcast
S2E5 - What's New in Privacy-by-Design with R. Jason Cronk (IOPD)

The Shifting Privacy Left Podcast

Play Episode Listen Later Feb 7, 2023 58:32 Transcription Available


R. Jason Cronk is the Founder of the Institute of Operational Privacy Design (IOPD) and CEO of Enterprivacy Consulting Group, as well as the author of Strategic Privacy by Design. I recently caught up with Jason at the annual Privacy Law Salon event and had a conversation about the socio-technical challenges of privacy, different privacy-by-design frameworks that he's worked on, and his thoughts on some hot topics in the web privacy space.---------Thank you to our sponsor, Privado, the developer-friendly privacy platform---------We start off discussing updates to  Strategic Privacy by Design, now in it's 2nd edition. We chat about the brand new ISO 31700 Privacy by Design for Consumer Goods and Services standard and consensus process and  compare it to the NIST Privacy Framework, IEEE 7002 Standard for Data Privacy, and Jason's work with the Institute of Operational Privacy Design (IOPD) and it's newly-published Design Process Standard v1. Jason and I also explore risk tolerance through the lens of privacy using FAIR. There's a lot of room for subjective interpretation, particularly of non-monetary harm, and Jason provides many thought-provoking examples of how this plays out in our society. We round out our conversation by talking about the challenges of Global Privacy Control (GPC) and what deceptive design strategies to look out for.Topics Covered:Why we should think of privacy beyond "digital privacy"What readers can expect from Jason's book,  Strategic Privacy by Design, and what's included in the 2nd editionIOPD's B2B third-party privacy auditWhy you should leverage the FAIR quantitative risk analysis model to define address effective privacy risk management programsThe NIST Privacy Framework and developments of its Privacy Workforce Working GroupDark patterns & why just asking the wrong question can be a privacy harm (interrogation)How there are 15 privacy harms & only 1 of them is about securityResources Mentioned:Learn about the ISO 31700 Privacy by Design StandardReview the IOPD Design Process Standard v1Guest Info:Follow Jason on LinkedInFollow Enterprivacy Consulting Group on Twitter Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.Shifting Privacy Left Media Where privacy engineers gather, share, & learnBuzzsprout - Launch your podcast Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Follow the White Rabbit
Privacy by Design: Navigating the Future of Data Ownership with Debra Farber

Follow the White Rabbit

Play Episode Listen Later Feb 1, 2023 46:27


This week Derek E. Silva is joined by privacy tech advisor Debra Farber, host of the Shifting Privacy Left podcast to tackle the important topic of building consumer trust with a privacy by design approach. We'll also examine GDPR compliance, decentralized identity solutions, and look ahead at the future of data ownership.

The Shifting Privacy Left Podcast
S2E2: "Software Libraries, SBOMs & Wicked Privacy, Oh My!" with Michelle Dennedy (PrivacyCode)

The Shifting Privacy Left Podcast

Play Episode Play 60 sec Highlight Listen Later Jan 10, 2023 57:33 Transcription Available


Michelle Dennedy is Co-Founder & CEO of PrivacyCode, Inc., Partner at Privatus Consulting, and the Co-Author of The Privacy Engineer's Manifesto. In our lively conversation, we discuss the digital cost of information, the privacy problems that her company solves for, and how the Privatus Wicked Privacy™ framework differs from other approaches.---------Thank you to our sponsor, Privado, the developer-friendly privacy platform---------As Michelle puts it, we're living in an ‘innovation palooza' right now. But, there's still progress to be made. Michelle highlights how we can change the investment proposition to get more VCs and investors to see privacy is a strategic business enabler. At PrivacyCode, they're focused on creating a simple way to communicate the language of ‘people data' across specialities.Part of the solution includes having a software bill of materials (SBOM), which is essentially a list of ingredients that make up software components. Michelle shares a tangible example of how an SBOM creates flow, compliance, and transparency in new areas of tech. She also touches on her consulting work, including her simple strategy for determining privacy benefit metrics.Topics Covered:Privacy as a strategic enablerWhy Michelle thinks "today's VCs are more of a mood than an algorithm"How PrivacyCode allows users to orchestrate requirements across various departments and lets specialists operate in their "zone of genius"What a Software Bill of Materials (SBOM) is & why we need one to ensure privacyMichelle's advice to privacy engineers on how to leverage an SBOM for quality codeMichelle's work at Privatus Consulting and their Wicked Privacy FrameworkExamples of creative, straightforward privacy metricsResources Mentioned:Learn more about PrivacyCode & schedule a demoLearn more about Privatus ConsultingTrillions: Thriving in the Emerging Information EcologyGuest Info:Follow Michelle on LinkedInFollow Michelle on TwitterRead The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to Value Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.Shifting Privacy Left Media Where privacy engineers gather, share, & learnBuzzsprout - Launch your podcast Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.

The Shifting Privacy Left Podcast
S1E7: Privacy Engineers: The Next Generation with Lorrie Cranor (CMU)

The Shifting Privacy Left Podcast

Play Episode Play 58 sec Highlight Listen Later Dec 6, 2022 45:03 Transcription Available


In this episode, I'm joined by Lorrie Cranor, FORE Systems Professor, Computer Science and Engineering & Public Policy at Carnegie Mellon University (CMU); Director, CyLab Usable Privacy and Security Laboratory; and Co-Director, of CMU's MSIT-Privacy Engineering Masters Program. We discuss the different tracks within the Privacy Engineering Program at CMU, privacy engineering hiring trends, the need for industry education, and Lorrie's research outside of the classroom.----------Thank you to our sponsor, Privado, the developer-friendly privacy platform----------Lorrie explains how this next generation of privacy experts and engineers can work together to bring new architectures, innovations, and software to market. She describes the kind of hands-on work in which her students participate, including a capstone project sponsored by Meta that's exploring ways the platform can integrate more privacy education into its UI/UX.In addition, Lorrie shares her perspective on the job market for privacy engineers for recent grads and explains how CMU's Certificate Program in Privacy Engineering aims to meet the high demand for experienced privacy experts with knowledge of privacy engineering concepts. We also get into her research on cookie banners and privacy “nutrition labels” for IoT devices.Topics Covered:Lorrie's professional background and what drew her into privacy engineeringWhat candidates can expect from the Privacy Engineering Program at CMU Insights into how people interact with cookie banners and potential solutions to improve the user experienceWays that we can bridge the hiring gap in our industryDifferent sectors outside of tech that are looking for privacy experts, including finance and retailResources Mentioned:Apply to CMU's Privacy Engineering Program (Applications due Dec 12th, 2022 for the next enrollment period)Learn about CMU's CyLab Security & Privacy InstituteLearn about the CyLab Usable Privacy and Security (CUPS) LaboratoryReview CMU's research on IoT Privacy & Security Labels.Guest Info:Connect with Lorrie on LinkedInFollow Lorrie on TwitterLearn more about Lorrie Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.Shifting Privacy Left Media Where privacy engineers gather, share, & learnBuzzsprout - Launch your podcast Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Privacy Pros Podcast
How To Succeed With Privacy By Design

Privacy Pros Podcast

Play Episode Listen Later Oct 4, 2022 38:54 Transcription Available


Former General Counsel At Snap and Co-Founder of TerraTrue Spills The Secrets To A Successful Privacy CareerHi, my name is Jamal Ahmed and I'd like to invite you to listen to this special episode of the #1 ranked Data Privacy podcast. In this episode, you'll discover: How Privacy Pros can help their organisations embrace privacy by design Why Privacy needs to #ShiftLeft and what the future holds for the industry What leading companies look for when hiring Subscribe Now Before co-founding TerraTrue, Chris was the first General Counsel at Snap, where he built the company's legal, compliance, public policy, and law-enforcement teams. During his time there, Chris developed a transformative privacy program that coupled rigorous review with tools and systems that were nimble enough not to restrain the relentless pace of execution. Chris is a Homeland Security Project fellow at Harvard's Belfer Center for Science and International Affairs. And he's constructed two crossword puzzles that have been published in the New York Times (one of which was featured on the Colbert Report). He graduated from Yale Law School. Listen Now... Follow Jamal on LinkedIn: https://www.linkedin.com/in/kmjahmed/ (https://www.linkedin.com/in/kmjahmed/) Connect with Chris on LinkedIn: https://www.linkedin.com/in/chris-handman-746095a0/ (https://www.linkedin.com/in/chris-handman-746095a0/) Check out TerraTrue: https://terratruehq.com/ (https://terratruehq.com/) Get Exclusive Insights, Secret Expert Tips & Actionable Resources For A Thriving Privacy Career That We Only Share With Email Subscribers► https://my.captivate.fm/%C2%A0https://newsletter.privacypros.academy/sign-up ( https://newsletter.privacypros.academy/sign-up) Subscribe to the Privacy Pros Academy YouTube Channel► https://www.youtube.com/c/PrivacyPros (https://www.youtube.com/c/PrivacyPros) Join the Privacy Pros Academy Private Facebook Group for:Free LIVE Training Free Easy Peasy Data Privacy Guides Data Protection Updates and so much more Apply to join here whilst it's still free: https://www.facebook.com/groups/privacypro (https://www.facebook.com/groups/privacypro)

Bigdata Hebdo
Episode 144 : DALL-E pour torpiller la productivité

Bigdata Hebdo

Play Episode Listen Later Jul 7, 2022 83:30


### Apero* Les pires réalisations de DALL-E (2 ou version mini ?) -> https://huggingface.co/spaces/dalle-mini/dalle-mini* HOW DALL-E COULD POWER A CREATIVE REVOLUTION -> https://www.theverge.com/23162454/openai-dall-e-image-generation-tool-creative-revolution### Database* Introducing Unistore, Snowflake's New Workload for Transactional and Analytical Data -> https://www.snowflake.com/blog/introducing-unistore/* Snowflake summit 2022 -> https://www.montecarlodata.com/snowflake-summit-2022-keynote-recap-disrupting-data-application-development-in-the-cloud/* PostgreSQL et le principe de "Privacy By Design" -> https://blog.dalibo.com/2022/05/23/privacy-by-design.html### ML* Back from MS Build 2022 : Azure ML -> https://www.youtube.com/watch?v=pxY4i76LMSI* Extension VSCode pour DVC et nouvelles features -> https://marketplace.visualstudio.com/items?itemName=Iterative.dvc### Catalog* Lineage de Azure Databricks dans Microsoft Purview -> https://github.com/microsoft/Purview-ADB-Lineage-Solution-Accelerator### Tooling* La prochaine refonte de l'IHM Intellij IDEA -> ### No Code* Coder Moins Coder Mieux -> https://www.programmez.com/magazine/article/low-code-raise-citizen-developer* Développer avec peu ou sans code, mais développer quand même -> https://www.programmez.com/magazine/article/low-code-raise-citizen-developer* Les dix commandements d'une plateforme no-code mature -> https://blog.octo.com/les-dix-commandements-dune-plateforme-no-code-mature/### Culture* The Billion dollar code (la mini série) -> https://www.netflix.com/title/81074012* The Billion dollar code (le making-of, documentaire) -> https://www.netflix.com/title/81503864SponsorsCette publication est sponsorisée par [Affini-Tech](https://affini-tech.com/) et [CerenIT](https://www.cerenit.fr/).[CerenIT](https://www.cerenit.fr/) vous accompagne pour concevoir, industrialiser ou automatiser vos plateformes mais aussi pour faire parler vos données temporelles. Ecrivez nous à [contact@cerenit.fr](mailto:contact@cerenit.fr) et retrouvez-nous aussi sur [Time Series France](https://www.timeseriesfr.org/).Affini-Tech vous accompagne dans tous vos projets Cloud et Data, pour Imaginer, Expérimenter etExecuter vos services ! ([Affini-Tech](http://affini-tech.com), La plateforme [Datatask](https://datatask.io/)) pour accélérer vos services Data et IAConsulter le [blog d'Affini-Tech](https://affini-tech.com/blog/) et le [blog de Datatask](https://datatask.io/blog/) pour en savoir plus.On recrute ! Venez cruncher de la data avec nous ! Ecrivez nous à [recrutement@affini-tech.com](mailto:recrutement@affini-tech.com)Le générique a été composé et réalisé par Maxence Lecointe.

U.S. National Privacy Legislation Podcast
72 | DeleteMe: Looking at Privacy Solutions for Individuals & Organizations

U.S. National Privacy Legislation Podcast

Play Episode Listen Later Jul 5, 2022 30:15


This week we are honored to have Rob Shavell, CEO and Co-Founder of DeleteMe, join us to discuss the threat of publicly available PII to individuals and companies, the types of threats they are encountering, the need for companies to protect executives and employees, and how individuals and organizations can address these issues, using both technological and legal/policy approaches. Rob is a privacy expert who has been quoted in The Wall Street Journal, New York Times, The Telegraph, NPR, ABC, NBC, and Fox. Rob is a vocal proponent of privacy legislation reform, including the California Privacy Rights Act (CPRA).

CISO Stories Podcast
CSP #76 - Achieving a Competitive Advantage Through Privacy By Design - Ann Cavoukian

CISO Stories Podcast

Play Episode Listen Later Jun 28, 2022 22:10


Join the former Privacy Commissioner of Ontario, Canada and creator of PrivacyByDesign (PbD), translated into 40 languages and incorporated into General Data Protection Regulation (GDPR) and used by many organizations to proactively “bake-in” privacy into our systems. Every CISO needs to pay attention to and support the various country privacy laws. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/05/CISOSTORIES_AnnCavoukian_Article.pdf Cavoukian, A. 2019. Lead with Privacy by Design for Competitive Advantage. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 270-1. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp76

U.S. National Privacy Legislation Podcast
71 | Incident Response: Gaps That Matter and Approaches That Work

U.S. National Privacy Legislation Podcast

Play Episode Listen Later Jun 24, 2022 35:50


This week we have Violet Sullivan, Vice President of Client Development for Redpoint Cybersecurity, as our guest to discuss incident response, gaps that are costly, using external resources, bottlenecks that can take time, interacting with vendors, and successful approaches to tabletops. Violet also serves as a professor of Cybersecurity & Privacy Law for Baylor Law School's LLM program where she focuses on litigation management. On the podcast, she offers tips on incident response that can help organizations manage future litigation related to the incident.

Serious Privacy
Privacy: The Self-Fulfilling Prophecy (with Shay Sharon)

Serious Privacy

Play Episode Play 47 sec Highlight Listen Later May 25, 2022 34:13


In this episode of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal of Outschool take some time to review recent events in the privacy / data protection world. This week, this means they cover the Connecticut Act concerning Personal Data Privacy and Online Monitoring Act - the PDPOM… Paul has a cool name for it. Connecticut's act passed on May 10, 2022 and takes effect July 1, 2023 - along with CPRA and Virginia on January 1, 2023; Colorado also on July 1, 2023; Utah on December 31, 2023  Please also see the recent state laws webinar from TrustArc and the state whitepapers.This leads into the Roe v. Wade US Supreme Court leaked draft decision and then on to Europe with a study conducted  by the  Radboud University in the Netherlands, imec-COSIC, KU Leuven (a Catholic research university in the city of Leuven, Belgium), and University of Lausanne in Switzerland. These researchers looked at thousands of websites and their “leaky forms.” Leaky forms are those that capture data before the individual submits it, so companies get a lot of data that they should not have, including passwords. This may not be purposeful, but it is concerning. The full paper is published here.As always, if you have comments or questions, let us know - LinkedIn, Twitter @podcastprivacy @euroPaulB @heartofprivacy @trustArc and email seriousprivacy@trustarc.com. Please do like and write comments on your favorite podcast act so other professionals can find us easier. 

Tech Without Borders by DojoLIVE!
How Privacy By Design Powers Innovation

Tech Without Borders by DojoLIVE!

Play Episode Listen Later May 24, 2022 36:50


Can you accelerate your time to market and out-innovate competitors by building privacy into your products from day 1? View the full video interview here. Anshu Sharma is the Co-founder & CEO of Skyflow. A serial entrepreneur and angel investor, he co-founded Clearedin where he serves as Executive Chairman, and Suki, a digital assistant for doctors. Prior, he served as venture partner at Storm Ventures and was vice president of platform at Salesforce. He has invested in over 25 startups including Nutanix, Algolia, Workato, and RazorPay. Amruta Moktali is the CPO of Skyflow. Amruta is an innovative, customer-focused product management leader with developer roots. She has held executive product leader roles at a number of software companies, including Cleo, Salesforce, Topsy Labs, and Microsoft, building data-driven products in search, AI, and analytics across multiple industries.

The Privacy Advisor Podcast
Talking Strategic Privacy by Design with Jason Cronk

The Privacy Advisor Podcast

Play Episode Listen Later Mar 23, 2022 56:56


The concept of privacy and data protection by design is not new in the privacy world. We know that privacy should be integrated in the foundational design of a product or service; that is should be baked in, not bolted on. But what that means in practice is often elusive. In 2018, Enterprivacy Consulting Group founder Jason Cronk wrote the book Strategic Privacy by Design, which was published by the IAPP. In it, Cronk offered insights for building processes, products and services that consider an individual's privacy interests as a requirement. In the four years since, law and technology have continued to evolve, prompting Jason to write a second edition of the book. The IAPP's Jedidiah Bracy recently caught up with Cronk to discuss his work in designing for privacy and what's new in his second edition.

She Said Privacy/He Said Security

Debra Farber is the CEO of Principled LLC, a privacy-first tech advisory. Debra is a global privacy and security advisor, investor, and privacy tech enthusiast. She has over 16 years of privacy and security leadership experience at companies like Amazon Web Services (AWS), BigID, Visa, and IBM. She currently serves on multiple advisory boards for organizations including The Rise of Privacy Tech, D-ID, and Taskbar. In this episode… Once your company has checked off the basic privacy requirements, how can it continue to move forward? What should you be implementing next?  According to Debra Farber, the first step is to do an inventory of your current practices. Where are your potential privacy problems? Are you over-collecting data that may be causing compliance issues later in the process? By mapping your biggest privacy challenges, you can begin to work backward and prevent problems from happening. This way, you can create a privacy program that is uniquely designed to meet your company's needs. In this episode of the She Said Privacy/He Said Security podcast, Justin and Jodi Daniels sit down with Debra Farber, the CEO of Principled LLC, to talk about building a better privacy plan for your company. Debra discusses how to recognize your weak spots, the key to bridging the communication gap between different departments, and the new trends and updates in the privacy tech space.

The Privacy Insider by WireWheel
Dark Patterns and Privacy By Design: A Delicate Balancing Act

The Privacy Insider by WireWheel

Play Episode Listen Later Aug 11, 2021 46:03


‘Dark Patterns' are ways in which websites and mobile apps trick consumers into doing something they don't necessarily want to do. Learn how Pedro Pavón (Director, Ads and Monetization Privacy and Fairness Policy at Facebook), Andy Dale (General Counsel & Chief Privacy Officer at Alyce), and Sarah Barrows (Senior Director, Product, Privacy & Policy Counsel at NextRoll) and their respective companies approach dark patterns.To access all the Spokes sessions, please visit this page.You can also follow WireWheel on social media to track the latest news in the Privacy world!Follow us on Linkedin,  Twitter, Youtube or Facebook.To learn more about WireWheel Data Privacy Management solutions, visit www.wirewheel.io. Any questions? You can contact us at marketing@wirewheel.io!

Explain to Shane
‘Privacy by design': How to engineer better data governance (with Nishant Bhajaria)

Explain to Shane

Play Episode Listen Later Jul 20, 2021 30:38


Efforts to legislate data protection (or “privacy”) have become a top priority in the US and Europe. But the real issue at hand is data governance — namely the collection, storage, and deletion of data that companies collect about customers. These companies, especially those whose mobile digital applications collect location data, contacts, and other personal information, now face a patchwork of potential legislation to regulate data access and retention. But what if engineers and corporate leaders could work together to limit data collection risks before their products come to market? And what if privacy protections could evolve to meet consumer preferences around information gathering and sharing by both companies and third-party vendors? Would there be more understanding of how the information is used and less concern over the security of the data retained by these companies? On this episode, https://www.aei.org/profile/shane-tews/ (Shane) is joined by https://qconsf.com/sf2019/speakers/nishant-bhajaria (Nishant Bhajaria), Uber's head of technical privacy and governance. Nishant's upcoming book, https://www.manning.com/books/privacy-engineering (Privacy Engineering) (releasing in August), will offer a roadmap for company executives and engineers to equip their products with greater built-in privacy protections while increasing transparency and accountability for users. Nishant joins the podcast to share points of interest from his book and explain what industry leaders stand to gain from improved data governance.

aruba unplugged
EP47: Privacy by Design: Best Practices for Embedding Security and Privacy from the Start

aruba unplugged

Play Episode Listen Later Feb 10, 2021 20:10


With tectonic shifts in the way we live and work, privacy has never been a more relevant and hotly contested topic. It has broad implications within the enterprise spanning topics as diverse as security, ethics, and labor laws. Join experts from the HPE and Aruba teams for a discussion on what it takes to build an environment that proactively considers privacy implications within the organization. Paul Kaspian hosts.

The FIT4PRIVACY Podcast - For those who care about privacy
007 Ann Cavoukian On Making Privacy By Design Actionable (Trailer)

The FIT4PRIVACY Podcast - For those who care about privacy

Play Episode Listen Later Jun 24, 2020 7:45


Ann Cavoukian, the creator of Privacy By Design, shares how she created Privacy By Design and how it can be made actionable in companies. She also talks about how companies with legacy systems can incorporate Privacy By Design principles into their old legacy systems. Dr. Ann Cavoukian is recognized as one of the world's leading privacy experts. Dr. Cavoukian served an unprecedented three terms as the Information & Privacy Commissioner of Ontario, Canada. There she created Privacy by Design, a framework that seeks to proactively embed privacy into the design specifications of information technologies, networked infrastructure, and business practices, thereby achieving the strongest protection possible. Dr. Cavoukian is the author of two books i.e., “The Privacy Payoff: How Successful Businesses Build Customer Trust” with Tyler Hamilton, and “Who Knows: Safeguarding Your Privacy in a Networked World” with Don Tapscott. She has received numerous awards recognizing her leadership in privacy, including being recognized among the Top 100 Identity Influencers (February 2019), and also awarded the 2020 Canadian Women in Cybersecurity Lifetime Achievement Award In Recognition of Your Outstanding Contributions to Cybersecurity and Privacy in Ontario (March 2020). You can listen to the full conversation at Anchor, iTunes, Spotify, Stitcher. Please do share your comments on what you think and what you like to listen to in the future episodes. --- Send in a voice message: https://anchor.fm/fit4privacy/message

The FIT4PRIVACY Podcast - For those who care about privacy
007 The FIT4PRIVACY Podcast with Ann Cavoukian (Full Episode) - The Creator Of Privacy By Design

The FIT4PRIVACY Podcast - For those who care about privacy

Play Episode Listen Later Jun 17, 2020 44:23


Ann Cavoukian, the creator of Privacy By Design talks to Punit Bhatia in The FIT4PRIVACY Podcast episode that is focussed on Privacy By Design. She shares a perspective on how she got into privacy, what was her rationale when creating privacy by design, and so on. Dr. Ann Cavoukian is recognized as one of the world's leading privacy experts. Dr. Cavoukian served an unprecedented three terms as the Information & Privacy Commissioner of Ontario, Canada. There she created Privacy by Design, a framework that seeks to proactively embed privacy into the design specifications of information technologies, networked infrastructure, and business practices, thereby achieving the strongest protection possible. In 2010, International Privacy Regulators unanimously passed a Resolution recognizing Privacy by Design as an International Standard. Since then, PbD has been translated into 40 languages! In 2018, PbD was included in a sweeping new law in the EU: the General Data Protection Regulation. Dr. Cavoukian is now the Executive Director of the Global Privacy & Security by Design Centre. She is also a Senior Fellow of the Ted Rogers Leadership Centre at Ryerson University, and a Faculty Fellow of the Center for Law, Science & Innovation at the Sandra Day O'Connor College of Law at Arizona State University. Dr. Cavoukian is the author of two books, “The Privacy Payoff: How Successful Businesses Build Customer Trust” with Tyler Hamilton, and “Who Knows: Safeguarding Your Privacy in a Networked World” with Don Tapscott. She has received numerous awards recognizing her leadership in privacy, including being named as one of the Top 25 Women of Influence in Canada, named as one of the Top 10 Women in Data Security and Privacy, and named as one of the ‘Power 50' by Canadian Business. She was awarded the Meritorious Service Medal by the Governor-General of Canada for her outstanding work on creating Privacy by Design and taking it globally (May 2017), named as one of the 50 Most Impactful Smart Cities Leaders (November 2017), named among the Top Women in Tech (December 2017), was awarded the Toastmasters Communication and Leadership Award (April 2018), recognized among the Top 100 Identity Influencers (February 2019), and most recently, she was named among the Top 18 Global AI Influencers within the AI & Tech Space (February 2019), was awarded the 2020 Canadian Women in Cybersecurity Lifetime Achievement Award In Recognition of Your Outstanding Contributions to Cybersecurity and Privacy in Ontario (March 2020). Listen to the conversation and share your views on what you think about it. You can listen to The FIT4PRIVACY Podcast conversations at Anchor, iTunes, Stitcher, Spotify... --- Send in a voice message: https://anchor.fm/fit4privacy/message