Apr 2021

19 Mon

20 Tue

21 Wed

22 Thu

23 Fri 12:00 PM – 08:45 PM IST

24 Sat 12:00 PM – 08:15 PM IST

25 Sun 02:00 PM – 05:10 PM IST

Apr 2021

26 Mon 05:15 PM – 09:30 PM IST

27 Tue 02:00 PM – 05:25 PM IST

28 Wed 12:00 PM – 06:50 PM IST

29 Thu 03:30 PM – 08:15 PM IST

30 Fri

1 Sat

2 Sun

Aug 2021

16 Mon

17 Tue

18 Wed

19 Thu

20 Fri 02:00 PM – 02:45 PM IST

21 Sat

22 Sun

Make a submission

Accepting submissions till 18 Oct 2021, 01:20 PM

Tickets

Pinned update

Hasgeek updates; membership survey Does serveless architecture help in reducing cloud costs? Turns out speakers at Rootconf’s in-person conference on cloud costs have this and many other inter… more

The first edition of the Data Privacy Conference was held between 23 and 29 April 2021.

The conference featured talks and discussions around:

Processes for doing compliance and building privacy features in large and growing organizations.
Case studies of compliance, mainly GDPR and related practices of data anonymization and data deletion.
Using technology to handle processes for handling Personally Identifiable Information (PII); evaluation of developer tools that organizations use for governing access to PII and sensitive data - and whether to build, rent or buy these.
End-to-end encryption - technology and policy debates; practical applications.
Privacy preserving practices in consumer technology - netbanking and Android and mobile.
Cloud security practices; multi-geography compliance with cloud.

Speakers from LinkedIn, Whatsapp, Hotstar, Mozilla, Zerodha, ThoughtWorks, Appsecco, Gojek and other organizations shared their experiences, and demonstrated how the combination of ‘intent, process, resources and technology’ come together to help companies build privacy-respecting products.

Watch the talks on https://hasgeek.com/rootconf/data-privacy-conference/videos

Participants in the conference included:

SRE, DevSecOps and DevOps teams working with legal and compliance teams to heavy-lift operations around privacy and compliance.
Product managers building secure and compliant systems.
Business and engineering heads of organizations which deal with large volumes of consumer data on a regular basis.
Representatives early to mid-stage fintech companies which are evolving systems to handle petabytes of data securely in compliance with larger governance laws.
Consultants working on cloud and security; pricacy and compliance.

Contact information: Join the Rootconf Telegram group on https://t.me/rootconf or follow @rootconf on Twitter.
For inquiries, contact Rootconf on rootconf.editorial@hasgeek.com or call 7676332020.

Hosted by

Rootconf

Rootconf is a community-funded platform for activities and discussions on the following topics: Site Reliability Engineering (SRE). Infrastructure costs, including Cloud Costs - and optimization. Security - including Cloud Security. more

Supported by

Zeta Suite

Zeta® is in the business of providing a full-stack, cloud-native, API first neo-banking platform including a digital core and a payment engine for issuance of credit, debit and prepaid products that enable legacy banks and new-age fintech institutions to launch modern retail and corporate fintech p… more

Promoted

AWS

We’re the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. As a hyperscale cloud service provider, AWS provides access to highly advanced computing tools on rent for startups and SMEs at affordable prices. We help t… more

Omidyar Network India

Omidyar Network India invests in bold entrepreneurs who help create a meaningful life for every Indian, especially the hundreds of millions of Indians in low-income and lower-middle-income populations, ranging from the poorest among us to the existing middle class. To drive empowerment and social i… more

Featured submissions

See all

KN

Kailash Nadh

The life of personal data in heavily regulated environments

The mainstream focus on personal and sensitive data generally tends to be on social media and communications platforms. The public understanding of how personal data flows through heavily regulated organisations such as banks and stock brokers is limited. In fact, such organisations are mandated by laws and regulations to share data with more parties than their unregulated counterparts. This talk… more

04 Mar 2021
MG

Matthew D. Green

End-to-end encryption: State of the Technical and Policy Debate

Over the past decade, end-to-end encryption (E2EE) has been widely deployed in electronic messaging applications, including WhatsApp, Signal, Apple iMessage and others. This form of messaging ensures that information is encrypted from an end-user device (such as a phone) and remains encrypted until it reaches the destination. A key benefit of E2EE is that it protects messages from server-side hac… more

16 Apr 2021
PV

Paul Vixie

Closing keynote: Is NetworkOps Dead in the Age of Cloud?

It’s been said that the number of clues remains constant even as some field of expertise expands. This may sometimes be the outgoing generation accusing the incoming generation of being soft or lazy, and indeed it has also been said that progress in most fields occurs one obituary at a time. What we know for certain is that skills for which demand is not growing, become less common. Maybe some ma… more

14 Apr 2021
SK

Suman Kar

Netbanking fails

Security is hard. Designing user experience (UX) around security is harder. Yet almost everyday, we are forced to make security related decisions across multiple connected devices we own. Sometimes we make these choices for ourselves, and sometime we impose our choices subtly on others with whom we share these devices. Proliferation of personal IoT devices exacerbates this problem, and in some ca… more

08 Feb 2021
Chirayu Desai

Case study of CalyxOS

CalyxOS is an open source Android-based Operating System, sponsored by the Calyx Institute, a 501(c) non-profit dedicated to making privacy and security available for all. more

03 Apr 2021
KT

Kalusivalingam Thirugnanam

Data Governance at Intuit

There is an increased focus on data privacy and governance across the world. Intuit, offering products and services in the Financial Industry, operates worldwide in multiple countries. We needed to provide data privacy and compliance across multiple geographies. As part of enabling data privacy capabilities to our customers, we navigated through a number of challenges and built systems to support… more

26 Feb 2021
RP

Rohan Prabhu

Our approach to PII/SPDI redaction

Abstract By regulation and more so by a moral obligation, Jupiter is required to safeguard the privacy of its customers. As providers of financial services, we are often entrusted with information that could be extremely private to users, of a sensitive nature and at the same time can be used to personally identify them by a single data element. Dealing with an engineering stack that builds upon … more

02 Mar 2021
Ayush Priya

Masking Sensitive Data in Logs with LogStash

ElasticSearch, LogStash and Kibana together create one of the most popular log ingestion and indexing solution. However, the logs being indexed and made available can potentially contain sensitive information such as PII. The talk will explain how to setup masking for such sensitive information(s) present in the logs in LogStash. This would enable any principal who wants to look at the logs to be… more

16 Feb 2021
Zainab Bawa

Security practices for mobile app development

This submission is a summary of the Birds of Feather (BOF) session held on 28 April, 2021 with Chirayu Desai (CalyxOS), Madhusudhan Sambojhu (Able.do) and Apurva Jaiswal (Zeta) on security practices that individual developers and teams can undertake to ensure better data privacy. more

25 Aug 2021
ML

Michael W Lucas

TLS in 2021

Transport Layer Security: everybody needs it, but few of us understand it. TLS is not just about getting the lock icon in the browser address bar. It’s perhaps the most frequently misconfigured protocol on the Internet. more

02 Apr 2021
Chirayu Desai

Integrating privacy-preserving analytics into your application

Analytics is an important part of application development, and adding them in a privacy preserving manner is challenging. more

24 Mar 2021
SB

Subhashis Banerjee

Identity and biometrics

India has deployed the world’s largest national digital identity system based on biometrics. In this session we will review the suitability of biometrics based identity definition for delivery of essential services. more

27 Mar 2021
PM

Pragya Misra Mehrishi

Product design and usability for privacy

As more of our conversations move online, privacy by design is becoming crucial in product development. In this session, Uzma Barlaskar, product manager at WhatsApp, will discuss “Product design and usability for privacy,” focusing on how WA features like ephemerality & live location as examples of how building e2ee into the system can be used for other things too. more

14 Apr 2021
Atif Akhtar

Data Governance - Strategies from experience

A lot of organizations have recently started taking Data Governance seriously given the different laws now coming up in countries regarding the use of data and heavy penalties on leaks which is further exacerbated by how much more data each of these orgs are now generating compared to before.With these accelerated motives a lot of Data Governance strategies are a make or break based on the toolin… more

28 Feb 2021
NS

Nneka Soyinka

How to Use Lean Data Practices to Build Trust with Customers

Lean Data Practices (LDP) is a flexible framework that anyone handling personal data can use to build in privacy, security, and transparency in ways that can build trust and reduce risk. This talk is a follow up to the November 2020 LDP presentation to dive deeper into the methodology, specifically how to apply it from the product management and development lens. We will discuss how to implement … more

13 Apr 2021
BJ

Bhupendra Jain

Data deletion practices @ Offline Data lake

LinkedIn works at exabyte data scale and respecting the privacy of its Members is the top most priority as part of LinkedIn culture and the core value “Members first”. This talk will briefly touch upon some of the practices, tools & technologies used in offline data lake for adherence to GDPR “Right to erasure”. Talk will also cover the lessons learned and challenges faced while talking in detail… more

01 Apr 2021
AS

Anwesha Sen

Nadika N Editor

Summary of session: Birds of Feather (BOF) discussion on investors' views of privacy and security; proactive measures and compliance for existing and future investees

Date of event: April 24, 2021 Moderators: Subhashish Bhadra (ONI), Anand V (Hasgeek) Discussants: Sharda Balaji (Novo Juris), Samuel Mani (Mani Chengappa Mathur), KK Mookhey (NII Consulting), Kailash Nadh (Zerodha) more

18 Oct 2021
AL

Anuradha Lipare

Leveraging existing Information Security practises to address data privacy requirements OR How Data Security and Data privacy can work together

Data privacy and cybersecurity practices are becoming increasingly important in view of new legislation, such as the General Data Protection Regulation (GDPR), Personal Data protection Act (PDPA) as well as increasing sophisticated cyber attacks.Many organization spends most of their cybersecurity budgets on addressing technical, financial and reputational risks and It is often noted that an insu… more

30 Mar 2021
SJ

Sandeep Joshi

Synthetic data generation

At Needl, our mission is to organize and stitch your information to make it universally accessible and useful. Knowledge workers today are inundated with massive amounts of data via multiple communication apps and devices resulting in huge efforts to save, organise, retrieve, and make sense of data leading to productivity loss. Needl aims to unbundle your data across apps & devices into a single … more

18 Mar 2021
Biju Nair

Best practices in FOSS compliance can help improve security.

Privacy and security are closely tied together in the form of legal requirements for “data protection” in laws across the world, such as under Article 32 of EU’s General Data Protection Regulation, and India’s Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. more

16 Mar 2021
VS

Vijayendran Sridharan

Round table: Security Incident analysis and reporting

Hard Questions: Security Incident Analysis, Reporting and Management more

18 Mar 2021
PK

Pratap Kudupudi

Data Anonymization @ Offline Data Lake

LinkedIn works at exabyte data scale and respecting the privacy of its Members is the top most priority as part of LinkedIn culture and the core value “Members first”. In this talk we will walk through the tools & technologies used in creating a PII-free anonymized data warehouse for allowing GDPR compliant access to data. We will look at the challenges involved in various approaches and design f… more

01 Apr 2021
RV

Ravindra Ved

AWS Security Best Practice

AWS has developed mechanisms & controls to achieve desired security posture to meet security objectives, compliance & regulations. more

21 Apr 2021
AS

Anwesha Sen

How to handle data deletion requests under privacy laws

On 28 April, the Data Privacy Product and Engineering Conference held a Birds of Feather (BOF) session about handling data deletion requests from users under privacy laws, and how Indian companies service this request. The session was moderated by Venkata Pingali, co-founder at Scribble Data. Sreenath Kamath of Hotstar and Sheik Idris of Zeta participated in this session. more

30 May 2022