Make a submission
Accepting submissions till 30 Sep 2022, 11:55 PM
Organizations desire to adopt best practices around data which are aligned with the risk management approaches they have in place. With increasing complexity around privacy and data security, it is necessary to gain deep understanding of the strategic directions adopted at some of leading organizations in India. With this intent, the Privacy Mode Fellowship programme was put together to work with practitioners who document easily adopted practices that are flexible and are based on well understood design principles. The Best Practices Guides provides a quick introduction to some of the topics which receive a lot of attention.
The Privacy Mode Fellowship programme considered the following themes while publishing the Call for Submissions:
The following abstracts provide an insight into the topics covered by them. The abstracts are linked to the complete reports:
1. [Uzma Barlaskar](https://www.linkedin.com/in/uzmabarlaskar/), Head of privacy and growth at WhatsApp.
2. [Anand Venkatanarayanan](https://twitter.com/iam_anandv), Independent cybersecurity researcher.
3. [Sankarshan Mukhopadhyay](https://www.linkedin.com/in/sankarshan/), Editor at Privacy Mode.
For queries about the Fellowship Programme, mail privacymode@hasgeek.com or leave a comment in the comments section
View acceptance criteria for the fellowship program 👉 here
Hosted by
Supported by
Rohan Verma
@rhnvrm
Submitted Feb 21, 2022
Proper access control and appropriate proliferation of critically-sensitive customer data across a variety of internal apps can be a complex beast. Using a few common-sense privacy principles along with a few architectural changes across the organization; it is straightforward to fortify and prevent data proliferation across the stack. At Zerodha, we have built a siloed, centralized application along with easy-to-use client libraries that allow internal apps to send communications to users (e-mail, SMS etc.) based on strict permissions without having to store or access sensitive user data. With this fellowship, I aim to document Data protection/security practices that we have implemented with this project and other organizations can easily incorporate into their stack.
This project acts as a gateway for all client communication. It allows apps to communicate with clients via SMS, email, push notifications, etc. without any direct access to the client data or sharing sensitive information such as email ID, phone number etc. All the outgoing communique are pre-templated with variables and this centralized system enriches the data from sensitive data sources that are never exposed to internal applications. When a request to send a message is queued, the templates are enriched with the requested data from the appropriate data sources based on the unique client identifier sent by the client library. This reduces any unintended data leaks due to data duplication or extraneous logs containing client information at the application end and eliminates the need to share networks between different kinds of internal applications and databases. This system operates at scale sending out millions of critical transactional e-mails, notifications, SMS etc.
This also helps us achieve broader regulatory compliance goals.
All of this ties together with our principle of not intrinsically trusting even our internal applications with privileged access or sensitive data.
I think that the output of the fellowship would best be useful as an article where we share a generic architecture that can be applicable across a variety of stacks along with code snippets. Alongside that, I will do a deeper dive into data privacy and how we can achieve goals pertaining to those broader goals. I think it would be good to cover the following:
[SEBI] SEBI/HO/MIRSD/CIR/PB/2018/147 - Cyber Security & Cyber Resilience framework for Stock Brokers / Depository Participants https://www.sebi.gov.in/legal/circulars/dec-2018/cyber-security-and-cyber-resilience-framework-for-stock-brokers-depository-participants_41215.html
Hosted by
Supported by
{{ gettext('Login to leave a comment') }}
{{ gettext('Post a comment…') }}{{ errorMsg }}
{{ gettext('No comments posted yet') }}