Conversations around privacy and data security are increasing everyday. The government has tabled a Personal Data Protection bill in the parliament, and a Joint Parliamentary Committee has presented its report on the potential and concerns regarding privacy and personal data.
There is a need to do data privacy across domains and at scale, especially around the following themes:
- Data protection/security practices.
- Consent frameworks tied to purpose use limitations.
- Data rights.
- Encryption practices.
The Privacy Mode Fellowship programme is set in this context. The goal of the programme is to work with practitioners to document practices that can be widely adopted across the industry, and innovated upon. The programme is particularly interested in showcasing:
- Privacy-related challenges that practitioners are solving, and the context around these.
- Solutions, and evidence of how these solutions have been implemented in different organizations.
- Results achieved through the solutions - a before and after explanation of what changed, and metrics achieved.
Check out the Best Practices Guides to understand the type of topics that the Fellowship is looking at.
If this is you, apply to be a Privacy Mode fellow today.
Duration of the fellowship programme: 3 months - from February to 30 April. Applications can be submitted till 21 February.
Time commitment involved: Part-time. As a Fellow, you will do your Fellowship projects alongside your day job. The programme will require between one and four hours time commitment per week to produce the output. The editorial desk will work with Fellows to set milestones and deadlines.
a. A detailed article of 1,000 to 2,000 words - with illustrations, OR
b. 2-3 videos explaining practice and learnings in sequence.
Compensation: Rs. 1,50,000 - paid in three tranches, upon completion of milestones during the Fellowship period.
Feedback and mentorship from jury: A three-member jury of experts will guide selected applicants through conceptualization and documentation stages. The jury members for the fellowship programme are:
1. Uzma Barlaskar, Head of privacy and growth at WhatsApp.
2. Anand Venkatanarayanan, Independent cybersecurity researcher.
3. Sankarshan Mukhopadhyay, Editor at Privacy Mode.
Other benefits: As a Fellow, you will receive the following infrastructure and support:
- Editorial desk with copy-editing, proof reading and graphic design resources to help you complete your outputs.
- Distribution and elevation of final outputs.
Who can apply:
1. Tech practitioners - senior engineer, product manager, engineering manager, privacy officer - who work on data governance and privacy in their organizations.
2. Individuals from academia who work on data privacy.
3. Individuals working on social impact via data privacy.
Five applicants will be selected to participate in the first batch of the Fellowship Programme.
To apply for the Fellowship, submit the following here:
- A statement of intent and purpose, detailing the following-
- What problem area are you solving and the context around this? As mentioned above, the Fellowship programme will cover the following themes:
A. Data protection/security practices
B. Consent frameworks tied to purpose use limitations
C. Data rights
D. Encryption practices
- A description of the solution and evidence of how it was implemented at your company.
- Results achieved through this.
- The form in which you see the knowledge finally shaping up as - as an article or as a series of two-three explainer videos.
- Two samples of work - written or video.
- Your bio.
Fellows’ will be selected on the basis of innovative approaches and solutions implemented for privacy.
The following criteria will also be applied for selecting fellows:
- Diversity - women, trans and gender non conforming persons and individuals from marginalised social contexts will be given preference.
- Candidates with prior speaking/writing experience.
- Candidates with mid to senior engineering and product leadership roles will be given preference.
Privacy Mode Fellowship Application
Statement of Intent & Purpose
I had the opportunity to closely work with various stakeholders to ensure the privacy and “Governance, Risk & Compliance” posturing of my company Zeotap was adequate to enable our data business in EU and US. This was by virtue of my position of current CTO and past VP of Engineering at Zeotap. Zeotap has 2 offerings one as Data-as-a-service and another is data platform offered as a SAAS. The former is pure 3rd party data and latter has flavours of pure 1st party as well as combination of 1st & 3rd. Operating in EU means we had to adhere to GDPR regulations and have necessary measures across the Org for the same. When CCPA was established the measures we took for GDPR gave us an easy transition to compliance of CCPA as well.
To tackle GDRP we took a product centric approach with a longer term vision around reusing the bits for future compliance regulations whether they are county specific or vertical specific. The goal was to have a system in place which delivered the flexibility to extend for new type of regulations and data assets we may get.
The first step of detailing would be around how the regulations were broken down to specific usecases including sensitive data management, PII management, Consent management, User information management, Access rights, Audit needs and so on. Next to realize all the use-cases tech design which included our infra, data storage and processing applications with the necessary modules to realizes the product usecases.
During this fellowship we want to go over the internals of this usecase esp to the people centric data collected by business and give practical examples of how these were solved. We go over the scenarios around data flows and the challenges they present in solving for regulations and privacy. This would draw across principles from privacy engineering, security, data governance and infrastructure design in cloud. We would add the relevant cross-references to these principles so that practitioners could connect them with say an control requirement for an Audit.
Then we move on to 2nd business - data platform SAAS businesses wherein multi-tenancy around data sovereignty and more vertical specific extensions come into play and how do you transform your approach to cater to this added complexity would be seen. In this model there are certain elements in terms of access control rights, tenancy around storage and client specific needs around data catalog and PII data management all come into play. We will look at the evolution of the same from a product and tech perspective.
The deep-dive during the above is going to be about as a company where we had to invest in terms of additional entity models, the services/processing which were needed to be created and how these translates or get plugged in with products delivering business value.
The example architectures and solution design can be use used as reference implementation on any cloud-based technology stack.
In the end we find parallels between existing regulations and the proposed PDP bill and look at cross-fitting and extending the approaches to aid in compliance to the same.