The first edition of the Data Privacy Conference was held between 23 and 29 April 2021.
The conference featured talks and discussions around:
Speakers from LinkedIn, Whatsapp, Hotstar, Mozilla, Zerodha, ThoughtWorks, Appsecco, Gojek and other organizations shared their experiences, and demonstrated how the combination of ‘intent, process, resources and technology’ come together to help companies build privacy-respecting products.
Watch the talks on https://hasgeek.com/rootconf/data-privacy-conference/videos
Participants in the conference included:
Contact information: Join the Rootconf Telegram group on https://t.me/rootconf or follow @rootconf on Twitter.
For inquiries, contact Rootconf on rootconf.editorial@hasgeek.com or call 7676332020.
Hosted by
Supported by
Promoted
Accepting submissions till 18 Oct 2021, 01:20 PM
Not accepting submissions
We are accepting case study talks on the following topics:
Engineering and operations processes, including DevOps, and hand-off points from check-in to release; multiple processes that every functional team has to follow for compliance.
Design and UX - if you are doing privacy-first development, how are you doing design, in terms of:
Apart from large-scale internet organizations, we encourage fintech and next generation startups to submit case studies.
Content can be submitted in the form of:
All content will be peer-reviewed by practitioners from industry.
Accepting submissions till 18 Oct 2021, 01:20 PM
The life of personal data in heavily regulated environmentsThe mainstream focus on personal and sensitive data generally tends to be on social media and communications platforms. The public understanding of how personal data flows through heavily regulated organisations such as banks and stock brokers is limited. In fact, such organisations are mandated by laws and regulations to share data with more parties than their unregulated counterparts. This talk… more
|
End-to-end encryption: State of the Technical and Policy DebateOver the past decade, end-to-end encryption (E2EE) has been widely deployed in electronic messaging applications, including WhatsApp, Signal, Apple iMessage and others. This form of messaging ensures that information is encrypted from an end-user device (such as a phone) and remains encrypted until it reaches the destination. A key benefit of E2EE is that it protects messages from server-side hac… more
|
|
Paul Vixie Closing keynote: Is NetworkOps Dead in the Age of Cloud?It’s been said that the number of clues remains constant even as some field of expertise expands. This may sometimes be the outgoing generation accusing the incoming generation of being soft or lazy, and indeed it has also been said that progress in most fields occurs one obituary at a time. What we know for certain is that skills for which demand is not growing, become less common. Maybe some ma… more
|
Netbanking failsSecurity is hard. Designing user experience (UX) around security is harder. Yet almost everyday, we are forced to make security related decisions across multiple connected devices we own. Sometimes we make these choices for ourselves, and sometime we impose our choices subtly on others with whom we share these devices. Proliferation of personal IoT devices exacerbates this problem, and in some ca… more
|
Case study of CalyxOSCalyxOS is an open source Android-based Operating System, sponsored by the Calyx Institute, a 501(c) non-profit dedicated to making privacy and security available for all. more
|
Data Governance at IntuitThere is an increased focus on data privacy and governance across the world. Intuit, offering products and services in the Financial Industry, operates worldwide in multiple countries. We needed to provide data privacy and compliance across multiple geographies. As part of enabling data privacy capabilities to our customers, we navigated through a number of challenges and built systems to support… more
|
Our approach to PII/SPDI redactionAbstract By regulation and more so by a moral obligation, Jupiter is required to safeguard the privacy of its customers. As providers of financial services, we are often entrusted with information that could be extremely private to users, of a sensitive nature and at the same time can be used to personally identify them by a single data element. Dealing with an engineering stack that builds upon … more
|
Masking Sensitive Data in Logs with LogStashElasticSearch, LogStash and Kibana together create one of the most popular log ingestion and indexing solution. However, the logs being indexed and made available can potentially contain sensitive information such as PII. The talk will explain how to setup masking for such sensitive information(s) present in the logs in LogStash. This would enable any principal who wants to look at the logs to be… more
|
Security practices for mobile app developmentThis submission is a summary of the Birds of Feather (BOF) session held on 28 April, 2021 with Chirayu Desai (CalyxOS), Madhusudhan Sambojhu (Able.do) and Apurva Jaiswal (Zeta) on security practices that individual developers and teams can undertake to ensure better data privacy. more
|
|
Michael W Lucas TLS in 2021Transport Layer Security: everybody needs it, but few of us understand it. TLS is not just about getting the lock icon in the browser address bar. It’s perhaps the most frequently misconfigured protocol on the Internet. more
|
Integrating privacy-preserving analytics into your applicationAnalytics is an important part of application development, and adding them in a privacy preserving manner is challenging. more
|
Identity and biometricsIndia has deployed the world’s largest national digital identity system based on biometrics. In this session we will review the suitability of biometrics based identity definition for delivery of essential services. more
|
|
Pragya Misra Mehrishi Product design and usability for privacyAs more of our conversations move online, privacy by design is becoming crucial in product development. In this session, Uzma Barlaskar, product manager at WhatsApp, will discuss “Product design and usability for privacy,” focusing on how WA features like ephemerality & live location as examples of how building e2ee into the system can be used for other things too. more
|
Data Governance - Strategies from experienceA lot of organizations have recently started taking Data Governance seriously given the different laws now coming up in countries regarding the use of data and heavy penalties on leaks which is further exacerbated by how much more data each of these orgs are now generating compared to before.With these accelerated motives a lot of Data Governance strategies are a make or break based on the toolin… more
|
How to Use Lean Data Practices to Build Trust with CustomersLean Data Practices (LDP) is a flexible framework that anyone handling personal data can use to build in privacy, security, and transparency in ways that can build trust and reduce risk. This talk is a follow up to the November 2020 LDP presentation to dive deeper into the methodology, specifically how to apply it from the product management and development lens. We will discuss how to implement … more
|
Data deletion practices @ Offline Data lakeLinkedIn works at exabyte data scale and respecting the privacy of its Members is the top most priority as part of LinkedIn culture and the core value “Members first”. This talk will briefly touch upon some of the practices, tools & technologies used in offline data lake for adherence to GDPR “Right to erasure”. Talk will also cover the lessons learned and challenges faced while talking in detail… more
|
Summary of session: Birds of Feather (BOF) discussion on investors' views of privacy and security; proactive measures and compliance for existing and future investeesDate of event: April 24, 2021 Moderators: Subhashish Bhadra (ONI), Anand V (Hasgeek) Discussants: Sharda Balaji (Novo Juris), Samuel Mani (Mani Chengappa Mathur), KK Mookhey (NII Consulting), Kailash Nadh (Zerodha) more
|
Leveraging existing Information Security practises to address data privacy requirements OR How Data Security and Data privacy can work togetherData privacy and cybersecurity practices are becoming increasingly important in view of new legislation, such as the General Data Protection Regulation (GDPR), Personal Data protection Act (PDPA) as well as increasing sophisticated cyber attacks.Many organization spends most of their cybersecurity budgets on addressing technical, financial and reputational risks and It is often noted that an insu… more
|
Synthetic data generationAt Needl, our mission is to organize and stitch your information to make it universally accessible and useful. Knowledge workers today are inundated with massive amounts of data via multiple communication apps and devices resulting in huge efforts to save, organise, retrieve, and make sense of data leading to productivity loss. Needl aims to unbundle your data across apps & devices into a single … more
|
Best practices in FOSS compliance can help improve security.Privacy and security are closely tied together in the form of legal requirements for “data protection” in laws across the world, such as under Article 32 of EU’s General Data Protection Regulation, and India’s Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. more
|
Lessons learned from the biggest data breach - Yahoo![15 minute talk] First in 2013, then in 2014 & Again in 2016 - Yahoo! suffered the biggest data breach after losing the data of billion people. more
|
Round table: Security Incident analysis and reportingHard Questions: Security Incident Analysis, Reporting and Management more
|
Can my company be Data Privacy compliant and still stay Agile?Compliance is no longer a nice to have! An organization offering a SaaS product needs to secure appropriate compliance reports (SOC2, ISO27001, GDPR, FedRamp etc.) to ensure they put in place the organization’s structure, software, people and data-handling procedures to handle and protect their customer’s data. Compliance serves as beacon of transparency and conveys confidence to your customers t… more
|
Cryptographic Protocols for a Secure and Private IoTThe Internet of Things (IoT) suffers from critical, systemic, security and privacy flaws. Problems of Spoofable Identities, Weak Authentication and Ambient Authority are common in most deployments. more
|
|
Udit Pathak Data Privacy in cloud: “the challenges and how to address those”The adoption of cloud is likely to continue growing at a rapid pace across all industries and sectors. Due to its game changing features such as rapid elasticity, scalability, pay as you use model and access from anywhere organisations are moving towards cloud adoption. While the adoption of cloud is prevailing, it has also raised challenges which includes privacy regulations. Like the adoption o… more
|
Self-Sovereign Identity TechnologyThis talk shares key elements of an emerging set of technology tools known as Self-Sovereign Identity. The tech re-wires how people are empowered to share information about themselves when they navigate the digital world. The two core standards that have been developed by the W3C - Decentralized Identifiers and Decentralized Identifiers. New terms to support this new paradigm have emerged - Issue… more
|
Handling User-dataIn this talk, I place user-data at the center and explore the different considerations that need to be taken into account to keep the data safe, secure and private while giving the user control over their data. I also explore what custodians of user data can do to comply with the data regulations in effect where the user’s data resides. As I work for Google, it is natural for me to look at it fro… more
|
How to Future Proof Global Data ProtectionData Protection legislation is going at warp speed globally, with new and updated legislation coming in all the time. If you aren’t careful you will either be left behind, and left with a hefty fine or annoyed end users, or you will be constantly renovating your applications and processes with every tweak and new legislation and left with a hefty bill, and annoyed employees. more
|
Talk: Organization, culture, security and compliancehttps://drive.google.com/file/d/196NTurPMQ7OW4ESMHg14NMxTTZsJcPni/view?usp=sharing more
|
Data Anonymization @ Offline Data LakeLinkedIn works at exabyte data scale and respecting the privacy of its Members is the top most priority as part of LinkedIn culture and the core value “Members first”. In this talk we will walk through the tools & technologies used in creating a PII-free anonymized data warehouse for allowing GDPR compliant access to data. We will look at the challenges involved in various approaches and design f… more
|
Design/Algorithms considerations to detect personal data in large scale data storesIn this talk, I will present about the design approaches used by cloud providers, data loss prevention products to detect personal data in the large scale stores ( data at rest and in motion i.e streaming data) and possible challenges/limitations. I will share the algorithms/design approaches needs to be followed/considered in order to detect personal data in large scale stores ( in petabytes sca… more
|
Preventing big data breaches!15 mins talk - Cloud Security (How to automate cloud security get instant alerts on threats/vulnerabilities on your cloud) [ Am i allowed to speak about multiple cloud security tools which a company can use?] - Some of the big data breaches happened due to cloud misconfigurations more
|
 Leapanalysis : Federated QueryingLeapanalysis is a patented piece of technology that lets users query disparate data sources as if they were a single unified data source. In the past, there has been an influx of technology around building massive big data clusters to which data will be replicated and then unified based on the need. This process is very expensive. Leapanalysis lets users query data across these datasources as a s… more
|
Usage of Cryptographic Primitives for Data SharingData Sharing between organisations is one of the common approaches followed by many organisations for various purposes like understanding the user behaviour, KYC activities or for identifying the Purchase/Affordability capacities etc,. more
|
|
Swati Sharma Enabling customers' security and privacy journey in the AWS/CloudAWS delivers its wide bouquet of services to millions of active customers in over 240 countries and territories. Our customers include financial services providers, healthcare providers, telecom and governmental agencies, who trust us with some of their most sensitive information. Over the years and through operating across data jurisdictions, we have developed a security assurance program that u… more
|
|
Ravindra Ved AWS Security Best PracticeAWS has developed mechanisms & controls to achieve desired security posture to meet security objectives, compliance & regulations. more
|
Hosted by
Supported by
Promoted
