Data Privacy Conference

Data Privacy Conference

On building privacy in engineering and product processes.

Make a submission

Accepting submissions till 18 Oct 2021, 01:20 PM

The first edition of the Data Privacy Conference was held between 23 and 29 April 2021.

The conference featured talks and discussions around:

  1. Processes for doing compliance and building privacy features in large and growing organizations.
  2. Case studies of compliance, mainly GDPR and related practices of data anonymization and data deletion.
  3. Using technology to handle processes for handling Personally Identifiable Information (PII); evaluation of developer tools that organizations use for governing access to PII and sensitive data - and whether to build, rent or buy these.
  4. End-to-end encryption - technology and policy debates; practical applications.
  5. Privacy preserving practices in consumer technology - netbanking and Android and mobile.
  6. Cloud security practices; multi-geography compliance with cloud.

Speakers from LinkedIn, Whatsapp, Hotstar, Mozilla, Zerodha, ThoughtWorks, Appsecco, Gojek and other organizations shared their experiences, and demonstrated how the combination of ‘intent, process, resources and technology’ come together to help companies build privacy-respecting products.

Watch the talks on https://hasgeek.com/rootconf/data-privacy-conference/videos

Participants in the conference included:

  1. SRE, DevSecOps and DevOps teams working with legal and compliance teams to heavy-lift operations around privacy and compliance.
  2. Product managers building secure and compliant systems.
  3. Business and engineering heads of organizations which deal with large volumes of consumer data on a regular basis.
  4. Representatives early to mid-stage fintech companies which are evolving systems to handle petabytes of data securely in compliance with larger governance laws.
  5. Consultants working on cloud and security; pricacy and compliance.

Contact information: Join the Rootconf Telegram group on https://t.me/rootconf or follow @rootconf on Twitter.
For inquiries, contact Rootconf on rootconf.editorial@hasgeek.com or call 7676332020.

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more

Supported by

Zeta® is in the business of providing a full-stack, cloud-native, API first neo-banking platform including a digital core and a payment engine for issuance of credit, debit and prepaid products that enable legacy banks and new-age fintech institutions to launch modern retail and corporate fintech p… more

Promoted

We’re the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. As a hyperscale cloud service provider, AWS provides access to highly advanced computing tools on rent for startups and SMEs at affordable prices. We help t… more
Omidyar Network India invests in bold entrepreneurs who help create a meaningful life for every Indian, especially the hundreds of millions of Indians in low-income and lower-middle-income populations, ranging from the poorest among us to the existing middle class. To drive empowerment and social i… more
about.facebook.com/meta
Deep dives into privacy and security, and understanding needs of the Indian tech ecosystem through guides, research, collaboration, events and conferences. Sponsors: Privacy Mode’s programmes are sponsored by: more

Vijayendran Sridharan

@vijayendransridharan

Talk: Organization, culture, security and compliance

Submitted Mar 18, 2021

https://drive.google.com/file/d/196NTurPMQ7OW4ESMHg14NMxTTZsJcPni/view?usp=sharing

Capillary Technologies

Capillary’s products help enterprises in customer retention, increased customer loyalty and repeat business, both offline and online. Capillary’s products include loyalty, rewards, campaign, and Ecommerce platform for retail, fashion and quick service restaurants, etc., Capillary products handle a huge number of consumer transaction and Personally Identifiable Info (PII) records. Capillary operates in a space highly regulated by privacy regulations worldwide. Capillary is growing rapidly, expanding to newer geographies and hence requires compliance and internal policy catchup too.

Talk: Organization, culture, security and compliance

At Capillary, Security is an equal peer to the rest of the functions and report to the CEO and periodically to the Board. Culture of transparency and collaboration are key to a results-driven security program. Priorities have to change back and forth often between business and security requirements. Both business and security have to rally behind the chosen priority. Excellence in security is not the end. Excellence in business through security is the journey. We will discuss how we do it in fast paced Capillary.

Compliance at Capillary:

At Capillary, we break up the InfoSec assessment plan usually across the year. The InfoSec team meets the different Tech teams and takes up for review. However, in 2020, as Capillary decided to go towards cloud native computing (which we call Capillary Cloud), there was no reason InfoSec had to wait for Tech to complete implementation and review for security controls. Capillary over a few years has been on to secure-by-design-&-default. Tech, Systems Engineering and InfoSec together worked out a plan to validate the relevance of the current security tools, logging, monitoring and alerting systems in the context of Capillary Cloud.

Tech, Systems Engineering and InfoSec met over three weeks to list out the security features we would want in the new platform and what were the issues we knew existed in our existing platform. Once we had the security feature requirements as a list, tool selection was not difficult.

The security tooling plan was part of the overall tooling and instrumentation of the Capillary Cloud. We had to change our tool preference to align with our feature requirements and also for ease of instrumentation and subsequent maintenance.

After the core implementation, Systems Engineering handed over the implementation to InfoSec for fine tuning security rules, alerts, etc.,

The InfoSec team manages and operates the tools on an ongoing basis.

A perfect case of working together through the planning and implementation phase, Tech and Systems Engineering playing to their strengths in implementing, InfoSec playing to their strengths in identifying the right rules.

The objectivity and independence (which InfoSec is required to operate with) is achieved through a set of automated scripts, logging, monitoring and alerting, allowing Tech, Sys Engg and InfoSec to operate seamlessly.

Collaboration allowed iterations and flexibility to change tools to achieve results, keeping timelines intact, while preserving and prioritizing the objectives of the Capillary Cloud itself.

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Make a submission

Accepting submissions till 18 Oct 2021, 01:20 PM

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more

Supported by

Zeta® is in the business of providing a full-stack, cloud-native, API first neo-banking platform including a digital core and a payment engine for issuance of credit, debit and prepaid products that enable legacy banks and new-age fintech institutions to launch modern retail and corporate fintech p… more

Promoted

We’re the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. As a hyperscale cloud service provider, AWS provides access to highly advanced computing tools on rent for startups and SMEs at affordable prices. We help t… more
Omidyar Network India invests in bold entrepreneurs who help create a meaningful life for every Indian, especially the hundreds of millions of Indians in low-income and lower-middle-income populations, ranging from the poorest among us to the existing middle class. To drive empowerment and social i… more
about.facebook.com/meta
Deep dives into privacy and security, and understanding needs of the Indian tech ecosystem through guides, research, collaboration, events and conferences. Sponsors: Privacy Mode’s programmes are sponsored by: more