Submissions
Data Privacy Conference

Data Privacy Conference

On building privacy in engineering and product processes.

We are accepting case study talks on the following topics: Architecture: REST API design for Personally Identifiable Information (PII). Libraries used. For e.g., how Twilio does PII compliance where fields are marked as privacy sensitive or not. expand

We are accepting case study talks on the following topics:

  1. Architecture:
  • REST API design for Personally Identifiable Information (PII).
  • Libraries used. For e.g., how Twilio does PII compliance where fields are marked as privacy sensitive or not.
  • Data collection patterns.
  • Data science aspects of data management including anonymization, masking, etc.
  • Development practices and precautions that are privacy-centric.
  1. Engineering and operations processes, including DevOps, and hand-off points from check-in to release; multiple processes that every functional team has to follow for compliance.

  2. Design and UX - if you are doing privacy-first development, how are you doing design, in terms of:

  • What is the data that is collected?
  • How is the data collected?
  • Design and UX of consent management practices.
  • What is the design language and templates you have evolved that will help other practitioners to learn from? For e.g., use of dark patterns.
  • Reusable libraries, design language, design templates.
  1. Process case studies:
  • How compliance is done, with emphasis on organization structure, how teams communicate, cost (budget), and why this approach is justified.
  • Cross-functional and cross-geography compliance done by SaaS companies. For example, data privacy in Distributed Cloud environments i.e., data moving between data centres for multi region setups; what laws apply?
  • Incident reporting processes and practices; dealing with data vulnerabilities and security-related threats.

Apart from large-scale internet organizations, we encourage fintech and next generation startups to submit case studies.

Content can be submitted in the form of:

  • 15 minute talks
  • 30 minute talks
  • 1,000 word written articles

All content will be peer-reviewed by practitioners from industry.

Make a submission

Submissions are closed for this project

Zainab Bawa

Zainab Bawa

Security practices for mobile app development

This submission is a summary of the Birds of Feather (BOF) session held on 28 April, 2021 with Chirayu Desai (CalyxOS), Madhusudhan Sambojhu (Able.do) and Apurva Jaiswal (Zeta) on security practices that individual developers and teams can undertake to ensure better data privacy. more
  • 0 comments
  • Submitted
  • 25 Aug 2021
Chirayu Desai

Chirayu Desai

Integrating privacy-preserving analytics into your application

Analytics is an important part of application development, and adding them in a privacy preserving manner is challenging. more
  • 2 comments
  • Confirmed & scheduled
  • 24 Mar 2021
Chirayu Desai

Chirayu Desai

Case study of CalyxOS

CalyxOS is an open source Android-based Operating System, sponsored by the Calyx Institute, a 501(c) non-profit dedicated to making privacy and security available for all. more
  • 3 comments
  • Confirmed & scheduled
  • 03 Apr 2021

Kailash Nadh

The life of personal data in heavily regulated environments

The mainstream focus on personal and sensitive data generally tends to be on social media and communications platforms. The public understanding of how personal data flows through heavily regulated organisations such as banks and stock brokers is limited. In fact, such organisations are mandated by laws and regulations to share data with more parties than their unregulated counterparts. This talk… more
  • 2 comments
  • Confirmed & scheduled
  • 04 Mar 2021

Kalusivalingam Thirugnanam

Data Governance at Intuit

There is an increased focus on data privacy and governance across the world. Intuit, offering products and services in the Financial Industry, operates worldwide in multiple countries. We needed to provide data privacy and compliance across multiple geographies. As part of enabling data privacy capabilities to our customers, we navigated through a number of challenges and built systems to support… more
  • 3 comments
  • Confirmed & scheduled
  • 26 Feb 2021

Rohan Prabhu

Our approach to PII/SPDI redaction

Abstract By regulation and more so by a moral obligation, Jupiter is required to safeguard the privacy of its customers. As providers of financial services, we are often entrusted with information that could be extremely private to users, of a sensitive nature and at the same time can be used to personally identify them by a single data element. Dealing with an engineering stack that builds upon … more
  • 1 comments
  • Confirmed & scheduled
  • 02 Mar 2021

Suman Kar

Netbanking fails

Security is hard. Designing user experience (UX) around security is harder. Yet almost everyday, we are forced to make security related decisions across multiple connected devices we own. Sometimes we make these choices for ourselves, and sometime we impose our choices subtly on others with whom we share these devices. Proliferation of personal IoT devices exacerbates this problem, and in some ca… more
  • 11 comments
  • Confirmed & scheduled
  • 08 Feb 2021
Ayush Priya

Ayush Priya

Masking Sensitive Data in Logs with LogStash

ElasticSearch, LogStash and Kibana together create one of the most popular log ingestion and indexing solution. However, the logs being indexed and made available can potentially contain sensitive information such as PII. The talk will explain how to setup masking for such sensitive information(s) present in the logs in LogStash. This would enable any principal who wants to look at the logs to be… more
  • 12 comments
  • Confirmed & scheduled
  • 16 Feb 2021
Ankit Pahuja

Ankit Pahuja

Lessons learned from the biggest data breach - Yahoo!

[15 minute talk] First in 2013, then in 2014 & Again in 2016 - Yahoo! suffered the biggest data breach after losing the data of billion people. more
  • 4 comments
  • Confirmed & scheduled
  • 04 Mar 2021

Michael W Lucas

TLS in 2021

Transport Layer Security: everybody needs it, but few of us understand it. TLS is not just about getting the lock icon in the browser address bar. It’s perhaps the most frequently misconfigured protocol on the Internet. more
  • 2 comments
  • Confirmed & scheduled
  • 02 Apr 2021

Paul Vixie

Closing keynote: Is NetworkOps Dead in the Age of Cloud?

It’s been said that the number of clues remains constant even as some field of expertise expands. This may sometimes be the outgoing generation accusing the incoming generation of being soft or lazy, and indeed it has also been said that progress in most fields occurs one obituary at a time. What we know for certain is that skills for which demand is not growing, become less common. Maybe some ma… more
  • 0 comments
  • Confirmed & scheduled
  • 14 Apr 2021

Subhashis Banerjee

Identity and biometrics

India has deployed the world’s largest national digital identity system based on biometrics. In this session we will review the suitability of biometrics based identity definition for delivery of essential services. more
  • 2 comments
  • Confirmed & scheduled
  • 27 Mar 2021
Atif Akhtar

Atif Akhtar

Data Governance - Strategies from experience

A lot of organizations have recently started taking Data Governance seriously given the different laws now coming up in countries regarding the use of data and heavy penalties on leaks which is further exacerbated by how much more data each of these orgs are now generating compared to before.With these accelerated motives a lot of Data Governance strategies are a make or break based on the toolin… more
  • 4 comments
  • Confirmed & scheduled
  • 28 Feb 2021

Anuradha Lipare

Leveraging existing Information Security practises to address data privacy requirements OR How Data Security and Data privacy can work together

Data privacy and cybersecurity practices are becoming increasingly important in view of new legislation, such as the General Data Protection Regulation (GDPR), Personal Data protection Act (PDPA) as well as increasing sophisticated cyber attacks.Many organization spends most of their cybersecurity budgets on addressing technical, financial and reputational risks and It is often noted that an insu… more
  • 3 comments
  • Confirmed & scheduled
  • 30 Mar 2021

Biju Nair

Best practices in FOSS compliance can help improve security.

Privacy and security are closely tied together in the form of legal requirements for “data protection” in laws across the world, such as under Article 32 of EU’s General Data Protection Regulation, and India’s Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. more
  • 4 comments
  • Confirmed & scheduled
  • 16 Mar 2021

Deepak Parthasarathy

Can my company be Data Privacy compliant and still stay Agile?

Compliance is no longer a nice to have! An organization offering a SaaS product needs to secure appropriate compliance reports (SOC2, ISO27001, GDPR, FedRamp etc.) to ensure they put in place the organization’s structure, software, people and data-handling procedures to handle and protect their customer’s data. Compliance serves as beacon of transparency and conveys confidence to your customers t… more
  • 2 comments
  • Confirmed & scheduled
  • 14 Mar 2021

Sandeep Joshi

Synthetic data generation

At Needl, our mission is to organize and stitch your information to make it universally accessible and useful. Knowledge workers today are inundated with massive amounts of data via multiple communication apps and devices resulting in huge efforts to save, organise, retrieve, and make sense of data leading to productivity loss. Needl aims to unbundle your data across apps & devices into a single … more
  • 6 comments
  • Confirmed & scheduled
  • 18 Mar 2021

Matthew D. Green

End-to-end encryption: State of the Technical and Policy Debate

Over the past decade, end-to-end encryption (E2EE) has been widely deployed in electronic messaging applications, including WhatsApp, Signal, Apple iMessage and others. This form of messaging ensures that information is encrypted from an end-user device (such as a phone) and remains encrypted until it reaches the destination. A key benefit of E2EE is that it protects messages from server-side hac… more
  • 0 comments
  • Confirmed & scheduled
  • 16 Apr 2021

Pragya Misra Mehrishi

Product design and usability for privacy

As more of our conversations move online, privacy by design is becoming crucial in product development. In this session, Uzma Barlaskar, product manager at WhatsApp, will discuss “Product design and usability for privacy,” focusing on how WA features like ephemerality & live location as examples of how building e2ee into the system can be used for other things too. more
  • 0 comments
  • Confirmed & scheduled
  • 14 Apr 2021
Mrinal Wadhwa

Mrinal Wadhwa

Cryptographic Protocols for a Secure and Private IoT

The Internet of Things (IoT) suffers from critical, systemic, security and privacy flaws. Problems of Spoofable Identities, Weak Authentication and Ambient Authority are common in most deployments. more
  • 8 comments
  • Confirmed & scheduled
  • 12 Feb 2021

Udit Pathak

Data Privacy in cloud: “the challenges and how to address those”

The adoption of cloud is likely to continue growing at a rapid pace across all industries and sectors. Due to its game changing features such as rapid elasticity, scalability, pay as you use model and access from anywhere organisations are moving towards cloud adoption. While the adoption of cloud is prevailing, it has also raised challenges which includes privacy regulations. Like the adoption o… more
  • 6 comments
  • Waitlisted
  • 18 Feb 2021

Vijayendran Sridharan

Round table: Security Incident analysis and reporting

Hard Questions: Security Incident Analysis, Reporting and Management more
  • 0 comments
  • Confirmed & scheduled
  • 18 Mar 2021

Kaliya Identity Woman

Self-Sovereign Identity Technology

This talk shares key elements of an emerging set of technology tools known as Self-Sovereign Identity. The tech re-wires how people are empowered to share information about themselves when they navigate the digital world. The two core standards that have been developed by the W3C - Decentralized Identifiers and Decentralized Identifiers. New terms to support this new paradigm have emerged - Issue… more
  • 1 comments
  • Waitlisted
  • 30 Mar 2021

Vishy Ranganath

Handling User-data

In this talk, I place user-data at the center and explore the different considerations that need to be taken into account to keep the data safe, secure and private while giving the user control over their data. I also explore what custodians of user data can do to comply with the data regulations in effect where the user’s data resides. As I work for Google, it is natural for me to look at it fro… more
  • 1 comments
  • Waitlisted
  • 31 Mar 2021

Erin Nicholson

How to Future Proof Global Data Protection

Data Protection legislation is going at warp speed globally, with new and updated legislation coming in all the time. If you aren’t careful you will either be left behind, and left with a hefty fine or annoyed end users, or you will be constantly renovating your applications and processes with every tweak and new legislation and left with a hefty bill, and annoyed employees. more
  • 1 comments
  • Waitlisted
  • 01 Apr 2021

Vijayendran Sridharan

Talk: Organization, culture, security and compliance

https://drive.google.com/file/d/196NTurPMQ7OW4ESMHg14NMxTTZsJcPni/view?usp=sharing more
  • 0 comments
  • Waitlisted
  • 18 Mar 2021

Bhupendra Jain

Data deletion practices @ Offline Data lake

LinkedIn works at exabyte data scale and respecting the privacy of its Members is the top most priority as part of LinkedIn culture and the core value “Members first”. This talk will briefly touch upon some of the practices, tools & technologies used in offline data lake for adherence to GDPR “Right to erasure”. Talk will also cover the lessons learned and challenges faced while talking in detail… more
  • 3 comments
  • Confirmed & scheduled
  • 01 Apr 2021

Pratap Kudupudi

Data Anonymization @ Offline Data Lake

LinkedIn works at exabyte data scale and respecting the privacy of its Members is the top most priority as part of LinkedIn culture and the core value “Members first”. In this talk we will walk through the tools & technologies used in creating a PII-free anonymized data warehouse for allowing GDPR compliant access to data. We will look at the challenges involved in various approaches and design f… more
  • 5 comments
  • Confirmed & scheduled
  • 01 Apr 2021

Nneka Soyinka

How to Use Lean Data Practices to Build Trust with Customers

Lean Data Practices (LDP) is a flexible framework that anyone handling personal data can use to build in privacy, security, and transparency in ways that can build trust and reduce risk. This talk is a follow up to the November 2020 LDP presentation to dive deeper into the methodology, specifically how to apply it from the product management and development lens. We will discuss how to implement … more
  • 0 comments
  • Confirmed & scheduled
  • 13 Apr 2021

Srinivasa Rao Aravilli

Design/Algorithms considerations to detect personal data in large scale data stores

In this talk, I will present about the design approaches used by cloud providers, data loss prevention products to detect personal data in the large scale stores ( data at rest and in motion i.e streaming data) and possible challenges/limitations. I will share the algorithms/design approaches needs to be followed/considered in order to detect personal data in large scale stores ( in petabytes sca… more
  • 1 comments
  • Rejected
  • 13 Mar 2021

Anand Prakash

Preventing big data breaches!

15 mins talk - Cloud Security (How to automate cloud security get instant alerts on threats/vulnerabilities on your cloud) [ Am i allowed to speak about multiple cloud security tools which a company can use?] - Some of the big data breaches happened due to cloud misconfigurations more
  • 1 comments
  • Rejected
  • 04 Mar 2021

Deepak Krishnan

Leapanalysis : Federated Querying

Leapanalysis is a patented piece of technology that lets users query disparate data sources as if they were a single unified data source. In the past, there has been an influx of technology around building massive big data clusters to which data will be replicated and then unified based on the need. This process is very expensive. Leapanalysis lets users query data across these datasources as a s… more
  • 2 comments
  • Rejected
  • 13 Mar 2021

Naveen Kumar Nallapati

Usage of Cryptographic Primitives for Data Sharing

Data Sharing between organisations is one of the common approaches followed by many organisations for various purposes like understanding the user behaviour, KYC activities or for identifying the Purchase/Affordability capacities etc,. more
  • 3 comments
  • Rejected
  • 15 Mar 2021

Swati Sharma

Enabling customers' security and privacy journey in the AWS/Cloud

AWS delivers its wide bouquet of services to millions of active customers in over 240 countries and territories. Our customers include financial services providers, healthcare providers, telecom and governmental agencies, who trust us with some of their most sensitive information. Over the years and through operating across data jurisdictions, we have developed a security assurance program that u… more
  • 1 comments
  • Confirmed & scheduled
  • 16 Apr 2021

Ravindra Ved

AWS Security Best Practice

AWS has developed mechanisms & controls to achieve desired security posture to meet security objectives, compliance & regulations. more
  • 0 comments
  • Confirmed & scheduled
  • 21 Apr 2021
Make a submission

Submissions are closed for this project

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more

Supported by

Zeta® is in the business of providing a full-stack, cloud-native, API first neo-banking platform including a digital core and a payment engine for issuance of credit, debit and prepaid products that enable legacy banks and new-age fintech institutions to launch modern retail and corporate fintech p… more

Promoted

We’re the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. As a hyperscale cloud service provider, AWS provides access to highly advanced computing tools on rent for startups and SMEs at affordable prices. We help t… more
Omidyar Network India invests in bold entrepreneurs who help create a meaningful life for every Indian, especially the hundreds of millions of Indians in low-income and lower-middle-income populations, ranging from the poorest among us to the existing middle class. To drive empowerment and social i… more