Data Privacy Conference

On building privacy in engineering and product processes.

Up next

Our approach to PII/SPDI redaction

Submitted Mar 2, 2021

Abstract By regulation and more so by a moral obligation, Jupiter is required to safeguard the privacy of its customers. As providers of financial services, we are often entrusted with information that could be extremely private to users, of a sensitive nature and at the same time can be used to personally identify them by a single data element. Dealing with an engineering stack that builds upon a number of microserves and subsystems, reliant on an equally large number of data storage systems - brings about its own challenges when it comes to governance of customer’s private data. In this talk we would like to give a walkthrough of the solution that Jupiter implemented to solve this problem and to massively reduce the number of systems that would interact with actual, raw PII/SPDI (Personally Identifying Information/Sensitive Personal Data or Information) so that monitoring of access and data control could be achieved with a higher degree of operational confidence.

We would be talking about the basic requirements around PII/SPDI protection as an industry requirement:
1. What does the law/regulation say about PII/SPDI
2. What did our partners need from us when it came to protecting customer data

In terms of engineering:
1. How can we implement a solution that induces little to no developer friction - the aim here was not just making it easy for developers to integrate PII/SPDI redaction; having an intrusive process with multiple touchpoints would make a human error that much more likely, which could end up being a potential point of breach
2. The same code should work with PII/SPDI redaction switched off as it does with redaction switched on
3. How are we ensuring that we are still able to maintain semantics of lookup, uniqueness of certain data elements, specifically the ability to use certain data elements as primary keys for user centric data
4. How we are handling multiple partners wanting their customers data to be stored isolated from other partners, with encryption using keys that are provisioned specifically for them
5. Why we chose to work at the serialization layer to implement PII/SPDI redaction

And in terms of where we see this going:
1. What are the limitations and caveats of the current system
2. Ideas to explore - Is it possible to do this at a service mesh level? Proxy level? At a gateway, maybe - our thoughts and musings on this topic

Slide Deck https://docs.google.com/presentation/d/1Kb5AZZoEazKoRPx6N2FLe3fAb9mFlhZziU_A8z-ICbk/edit?usp=sharing

Comments