Submissions – Data Privacy Conference

Submissions

We are accepting case study talks on the following topics: Architecture: REST API design for Personally Identifiable Information (PII). Libraries used. For e.g., how Twilio does PII compliance where fields are marked as privacy sensitive or not. expand

We are accepting case study talks on the following topics:

Architecture:

REST API design for Personally Identifiable Information (PII).
Libraries used. For e.g., how Twilio does PII compliance where fields are marked as privacy sensitive or not.
Data collection patterns.
Data science aspects of data management including anonymization, masking, etc.
Development practices and precautions that are privacy-centric.

Engineering and operations processes, including DevOps, and hand-off points from check-in to release; multiple processes that every functional team has to follow for compliance.
Design and UX - if you are doing privacy-first development, how are you doing design, in terms of:

What is the data that is collected?
How is the data collected?
Design and UX of consent management practices.
What is the design language and templates you have evolved that will help other practitioners to learn from? For e.g., use of dark patterns.
Reusable libraries, design language, design templates.

Process case studies:

How compliance is done, with emphasis on organization structure, how teams communicate, cost (budget), and why this approach is justified.
Cross-functional and cross-geography compliance done by SaaS companies. For example, data privacy in Distributed Cloud environments i.e., data moving between data centres for multi region setups; what laws apply?
Incident reporting processes and practices; dealing with data vulnerabilities and security-related threats.

Apart from large-scale internet organizations, we encourage fintech and next generation startups to submit case studies.

Content can be submitted in the form of:

15 minute talks
30 minute talks
1,000 word written articles

All content will be peer-reviewed by practitioners from industry.

Make a submission

Submissions are closed for this project

The life of personal data in heavily regulated environments

The mainstream focus on personal and sensitive data generally tends to be on social media and communications platforms. The public understanding of how personal data flows through heavily regulated organisations such as banks and stock brokers is limited. In fact, such organisations are mandated by laws and regulations to share data with more parties than their unregulated counterparts. This talk… more

2 comments
Confirmed & scheduled
04 Mar 2021

Our approach to PII/SPDI redaction

Abstract By regulation and more so by a moral obligation, Jupiter is required to safeguard the privacy of its customers. As providers of financial services, we are often entrusted with information that could be extremely private to users, of a sensitive nature and at the same time can be used to personally identify them by a single data element. Dealing with an engineering stack that builds upon … more

1 comments
Confirmed & scheduled
02 Mar 2021

Data Governance at Intuit

There is an increased focus on data privacy and governance across the world. Intuit, offering products and services in the Financial Industry, operates worldwide in multiple countries. We needed to provide data privacy and compliance across multiple geographies. As part of enabling data privacy capabilities to our customers, we navigated through a number of challenges and built systems to support… more

3 comments
Confirmed & scheduled
26 Feb 2021

Netbanking fails

Security is hard. Designing user experience (UX) around security is harder. Yet almost everyday, we are forced to make security related decisions across multiple connected devices we own. Sometimes we make these choices for ourselves, and sometime we impose our choices subtly on others with whom we share these devices. Proliferation of personal IoT devices exacerbates this problem, and in some ca… more

11 comments
Confirmed & scheduled
08 Feb 2021

Masking Sensitive Data in Logs with LogStash

ElasticSearch, LogStash and Kibana together create one of the most popular log ingestion and indexing solution. However, the logs being indexed and made available can potentially contain sensitive information such as PII. The talk will explain how to setup masking for such sensitive information(s) present in the logs in LogStash. This would enable any principal who wants to look at the logs to be… more

12 comments
Confirmed & scheduled
16 Feb 2021

Lessons learned from the biggest data breach - Yahoo!

[15 minute talk] First in 2013, then in 2014 & Again in 2016 - Yahoo! suffered the biggest data breach after losing the data of billion people. more

4 comments
Confirmed & scheduled
04 Mar 2021

TLS in 2021

Transport Layer Security: everybody needs it, but few of us understand it. TLS is not just about getting the lock icon in the browser address bar. It’s perhaps the most frequently misconfigured protocol on the Internet. more

2 comments
Confirmed & scheduled
02 Apr 2021

Closing keynote: Is NetworkOps Dead in the Age of Cloud?

It’s been said that the number of clues remains constant even as some field of expertise expands. This may sometimes be the outgoing generation accusing the incoming generation of being soft or lazy, and indeed it has also been said that progress in most fields occurs one obituary at a time. What we know for certain is that skills for which demand is not growing, become less common. Maybe some ma… more

0 comments
Confirmed & scheduled
14 Apr 2021

Integrating privacy-preserving analytics into your application

Analytics is an important part of application development, and adding them in a privacy preserving manner is challenging. more

2 comments
Confirmed & scheduled
24 Mar 2021

Identity and biometrics

India has deployed the world’s largest national digital identity system based on biometrics. In this session we will review the suitability of biometrics based identity definition for delivery of essential services. more

2 comments
Confirmed & scheduled
27 Mar 2021

Data Governance - Strategies from experience

A lot of organizations have recently started taking Data Governance seriously given the different laws now coming up in countries regarding the use of data and heavy penalties on leaks which is further exacerbated by how much more data each of these orgs are now generating compared to before.With these accelerated motives a lot of Data Governance strategies are a make or break based on the toolin… more

4 comments
Confirmed & scheduled
28 Feb 2021

Leveraging existing Information Security practises to address data privacy requirements OR How Data Security and Data privacy can work together

Data privacy and cybersecurity practices are becoming increasingly important in view of new legislation, such as the General Data Protection Regulation (GDPR), Personal Data protection Act (PDPA) as well as increasing sophisticated cyber attacks.Many organization spends most of their cybersecurity budgets on addressing technical, financial and reputational risks and It is often noted that an insu… more

3 comments
Confirmed & scheduled
30 Mar 2021

Best practices in FOSS compliance can help improve security.

Privacy and security are closely tied together in the form of legal requirements for “data protection” in laws across the world, such as under Article 32 of EU’s General Data Protection Regulation, and India’s Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. more

4 comments
Confirmed & scheduled
16 Mar 2021

Can my company be Data Privacy compliant and still stay Agile?

Compliance is no longer a nice to have! An organization offering a SaaS product needs to secure appropriate compliance reports (SOC2, ISO27001, GDPR, FedRamp etc.) to ensure they put in place the organization’s structure, software, people and data-handling procedures to handle and protect their customer’s data. Compliance serves as beacon of transparency and conveys confidence to your customers t… more

2 comments
Confirmed & scheduled
14 Mar 2021

Case study of CalyxOS

CalyxOS is an open source Android-based Operating System, sponsored by the Calyx Institute, a 501(c) non-profit dedicated to making privacy and security available for all. more

3 comments
Confirmed & scheduled
03 Apr 2021

Synthetic data generation

At Needl, our mission is to organize and stitch your information to make it universally accessible and useful. Knowledge workers today are inundated with massive amounts of data via multiple communication apps and devices resulting in huge efforts to save, organise, retrieve, and make sense of data leading to productivity loss. Needl aims to unbundle your data across apps & devices into a single … more

6 comments
Confirmed & scheduled
18 Mar 2021

End-to-end encryption: State of the Technical and Policy Debate

Over the past decade, end-to-end encryption (E2EE) has been widely deployed in electronic messaging applications, including WhatsApp, Signal, Apple iMessage and others. This form of messaging ensures that information is encrypted from an end-user device (such as a phone) and remains encrypted until it reaches the destination. A key benefit of E2EE is that it protects messages from server-side hac… more

0 comments
Confirmed & scheduled
16 Apr 2021

Product design and usability for privacy

As more of our conversations move online, privacy by design is becoming crucial in product development. In this session, Uzma Barlaskar, product manager at WhatsApp, will discuss “Product design and usability for privacy,” focusing on how WA features like ephemerality & live location as examples of how building e2ee into the system can be used for other things too. more

0 comments
Confirmed & scheduled
14 Apr 2021

Cryptographic Protocols for a Secure and Private IoT

The Internet of Things (IoT) suffers from critical, systemic, security and privacy flaws. Problems of Spoofable Identities, Weak Authentication and Ambient Authority are common in most deployments. more

8 comments
Confirmed & scheduled
12 Feb 2021

Data Privacy in cloud: “the challenges and how to address those”

The adoption of cloud is likely to continue growing at a rapid pace across all industries and sectors. Due to its game changing features such as rapid elasticity, scalability, pay as you use model and access from anywhere organisations are moving towards cloud adoption. While the adoption of cloud is prevailing, it has also raised challenges which includes privacy regulations. Like the adoption o… more

6 comments
Waitlisted
18 Feb 2021

Round table: Security Incident analysis and reporting

Hard Questions: Security Incident Analysis, Reporting and Management more

0 comments
Confirmed & scheduled
18 Mar 2021

Self-Sovereign Identity Technology

This talk shares key elements of an emerging set of technology tools known as Self-Sovereign Identity. The tech re-wires how people are empowered to share information about themselves when they navigate the digital world. The two core standards that have been developed by the W3C - Decentralized Identifiers and Decentralized Identifiers. New terms to support this new paradigm have emerged - Issue… more

1 comments
Waitlisted
30 Mar 2021

Handling User-data

In this talk, I place user-data at the center and explore the different considerations that need to be taken into account to keep the data safe, secure and private while giving the user control over their data. I also explore what custodians of user data can do to comply with the data regulations in effect where the user’s data resides. As I work for Google, it is natural for me to look at it fro… more

1 comments
Waitlisted
31 Mar 2021

How to Future Proof Global Data Protection

Data Protection legislation is going at warp speed globally, with new and updated legislation coming in all the time. If you aren’t careful you will either be left behind, and left with a hefty fine or annoyed end users, or you will be constantly renovating your applications and processes with every tweak and new legislation and left with a hefty bill, and annoyed employees. more

1 comments
Waitlisted
01 Apr 2021

Talk: Organization, culture, security and compliance

https://drive.google.com/file/d/196NTurPMQ7OW4ESMHg14NMxTTZsJcPni/view?usp=sharing more

0 comments
Waitlisted
18 Mar 2021

Data deletion practices @ Offline Data lake

LinkedIn works at exabyte data scale and respecting the privacy of its Members is the top most priority as part of LinkedIn culture and the core value “Members first”. This talk will briefly touch upon some of the practices, tools & technologies used in offline data lake for adherence to GDPR “Right to erasure”. Talk will also cover the lessons learned and challenges faced while talking in detail… more

3 comments
Confirmed & scheduled
01 Apr 2021

Data Anonymization @ Offline Data Lake

LinkedIn works at exabyte data scale and respecting the privacy of its Members is the top most priority as part of LinkedIn culture and the core value “Members first”. In this talk we will walk through the tools & technologies used in creating a PII-free anonymized data warehouse for allowing GDPR compliant access to data. We will look at the challenges involved in various approaches and design f… more

5 comments
Confirmed & scheduled
01 Apr 2021

Protect the pie (PII)

Core to data-security is the user’s personally identifiable information. As Disney + Hotstar grows internationally, with increasing compliance restrictions, we’ve re-architected our entire data-platform to support differing compliance & security requirements. We make the user’s personally identifiable information impossible to access unless absolutely necessary. In this talk we discuss how we use… more

3 comments
Confirmed
09 Apr 2021

How to Use Lean Data Practices to Build Trust with Customers

Lean Data Practices (LDP) is a flexible framework that anyone handling personal data can use to build in privacy, security, and transparency in ways that can build trust and reduce risk. This talk is a follow up to the November 2020 LDP presentation to dive deeper into the methodology, specifically how to apply it from the product management and development lens. We will discuss how to implement … more

0 comments
Confirmed & scheduled
13 Apr 2021

Design/Algorithms considerations to detect personal data in large scale data stores

In this talk, I will present about the design approaches used by cloud providers, data loss prevention products to detect personal data in the large scale stores ( data at rest and in motion i.e streaming data) and possible challenges/limitations. I will share the algorithms/design approaches needs to be followed/considered in order to detect personal data in large scale stores ( in petabytes sca… more

1 comments
Rejected
13 Mar 2021

Preventing big data breaches!

15 mins talk - Cloud Security (How to automate cloud security get instant alerts on threats/vulnerabilities on your cloud) [ Am i allowed to speak about multiple cloud security tools which a company can use?] - Some of the big data breaches happened due to cloud misconfigurations more

1 comments
Rejected
04 Mar 2021

Leapanalysis : Federated Querying

Leapanalysis is a patented piece of technology that lets users query disparate data sources as if they were a single unified data source. In the past, there has been an influx of technology around building massive big data clusters to which data will be replicated and then unified based on the need. This process is very expensive. Leapanalysis lets users query data across these datasources as a s… more

2 comments
Rejected
13 Mar 2021

Usage of Cryptographic Primitives for Data Sharing

Data Sharing between organisations is one of the common approaches followed by many organisations for various purposes like understanding the user behaviour, KYC activities or for identifying the Purchase/Affordability capacities etc,. more

3 comments
Rejected
15 Mar 2021

Enabling customers' security and privacy journey in the AWS/Cloud

AWS delivers its wide bouquet of services to millions of active customers in over 240 countries and territories. Our customers include financial services providers, healthcare providers, telecom and governmental agencies, who trust us with some of their most sensitive information. Over the years and through operating across data jurisdictions, we have developed a security assurance program that u… more

1 comments
Confirmed & scheduled
16 Apr 2021

AWS Security Best Practice

AWS has developed mechanisms & controls to achieve desired security posture to meet security objectives, compliance & regulations. more

0 comments
Confirmed & scheduled
21 Apr 2021

May I have my data please?

In a world where we collect as much user data to make their journey as personalized as possible, it’s also important to adhere to compliance requirements where a user can request both deletion (forget) or a dump (access) of their data. As a centralized data-platform team, this was a huge challenge for us at Disney + Hotstar. Owning the platform, while various teams owned the data meant that we ha… more

3 comments
Confirmed
09 Apr 2021

Apr 2021

19 Mon

20 Tue

21 Wed

22 Thu

23 Fri 12:00 PM – 08:45 PM IST

24 Sat 12:00 PM – 08:15 PM IST

25 Sun 02:00 PM – 05:10 PM IST

Apr 2021

26 Mon 05:15 PM – 09:30 PM IST

27 Tue 02:00 PM – 05:25 PM IST

28 Wed 12:00 PM – 06:50 PM IST

29 Thu 03:30 PM – 08:15 PM IST

30 Fri

1 Sat

2 Sun

Make a submission

Submissions are closed for this project

Hosted by

Rootconf

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more

Supported by

Zeta Suite

Zeta® is in the business of providing a full-stack, cloud-native, API first neo-banking platform including a digital core and a payment engine for issuance of credit, debit and prepaid products that enable legacy banks and new-age fintech institutions to launch modern retail and corporate fintech p… more

Promoted

AWS

We’re the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. As a hyperscale cloud service provider, AWS provides access to highly advanced computing tools on rent for startups and SMEs at affordable prices. We help t… more

Omidyar Network India

Omidyar Network India invests in bold entrepreneurs who help create a meaningful life for every Indian, especially the hundreds of millions of Indians in low-income and lower-middle-income populations, ranging from the poorest among us to the existing middle class. To drive empowerment and social i… more