Submissions
Privacy as Risk Assessment and Risk Mitigation

Privacy as Risk Assessment and Risk Mitigation

Learn how to design organizations that manage risk

How do Organizations think about Privacy?

A common approach is to extrapolate user/customer/citizen expectations on Privacy to that of the organization and expect magic. However, this is a mistake because organizations are not human beings, but are amorphous legal entities that strive to create an existence for themselves, by selling products and services in the market place. Organizations therefore view Privacy very differently.

The perspective that defines their approach is that of Risk - the probability that doing something or not doing something has an impact on their business. If Risk is the lens through which organizations view Privacy in their products and services, what are the mental models through which they manage it?

Broadly, Privacy as Risk comprises of the following:

  1. Technology - Algorithms, Products, Technology Stack signify how organizations manage Risk.
  2. Law of the Land - is a very significant driver for how organizations assess Risk. Here, State capacity, Institutions and Intent, all play a part.
  3. Internal Policies - both Technology and Law of the Land inform and nudge internal company policies to work, organize in a certain way, and implement, manage and assess Risk.
  4. Bureaucracy - while bureaucracy is typically thought of as having a negative connotation, in reality, no organization - be it the government or the private sector - can ever function without a bureaucracy. The structure of the bureaucracy plays an important role in managing risk.
  5. Budget - While individuals sustain themselves on ‘food flows’, organizations sustain themselves on ‘cash flows’. Thus, no amount of good intent is sufficient without the required structure in place supported by a budget allocation.

With the upcoming PDP bill, it becomes imperative for organizations to assess their Privacy preparedness through the prism of Risk across all the above models.

Programme: Privacy Mode will organize a series of talks, publications, group discussions, best practices on the above topics, at a regular cadence - fourth Friday of every month - showcasing the work of industry practitioners and their experiences.

Audience and speaker personas:

  1. Technology - Senior Developers, Architects, CTOs, UX Designers, DevOps architects.
  2. Law of the Land - Lawyers, Legal Counsels for Organizations.
  3. Internal Policies - Lawyers, Legal Counsels, VPs and above.
  4. Bureaucracy - Engineering Managers and above.
  5. Budget - CFO, Compliance Officers and Board.

Key takeaway for participants:
Through this programme, participants will learn how to design organizations - from top to bottom - that manage privacy risk.

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more

Supported by

Omidyar Network India invests in bold entrepreneurs who help create a meaningful life for every Indian, especially the hundreds of millions of Indians in low-income and lower-middle-income populations, ranging from the poorest among us to the existing middle class. To drive empowerment and social i… more
Deep dives into privacy and security, and understanding needs of the Indian tech ecosystem through guides, research, collaboration, events and conferences. Sponsors: Privacy Mode’s programmes are sponsored by: more

Accepting submissions

Not accepting submissions

We are accepting talks on the following topics: Technology - Algorithms, Products, Technology Stack signify how organizations manage Risk. Law of the Land - is a very significant driver for how organizations assess Risk. Here, State capacity, Institutions and Intent, all play a part. expand

We are accepting talks on the following topics:

  1. Technology - Algorithms, Products, Technology Stack signify how organizations manage Risk.
  2. Law of the Land - is a very significant driver for how organizations assess Risk. Here, State capacity, Institutions and Intent, all play a part.
  3. Internal Policies - both Technology and Law of the Land inform and nudge internal company policies to work, organize in a certain way, and implement, manage and assess Risk.
  4. Bureaucracy - while bureaucracy is typically thought of as having a negative connotation, in reality, no organization - be it the government or the private sector - can ever function without a bureaucracy. The structure of the bureaucracy plays an important role in managing risk.
  5. Budget - While individuals sustain themselves on ‘food flows’, organizations sustain themselves on ‘cash flows’. Thus, no amount of good intent is sufficient without the required structure in place supported by a budget allocation.

Content will be peer reviewed by industry practitioners.

Jan Hecking

Jan Hecking Author

Guardrails for the Data Economy

Borneo is a real-time data security and privacy observability platform for hyper-growth businesses and builds tools that empower companies to protect their customer’s data. It enables one to identify, understand, and remediate sensitive data risk at cloud scale, as well as automate governance for data warehouses. more
  • 1 comments
  • Submitted
  • 12 Mar 2022

Ashwath Kumar

Amit Mahbubani

Amit Mahbubani

Hold the Door! DDoS Mitigation at Razorpay Scale

Razorpay serves over 200K API requests per minute during peak hours on any average day. DDoS attacks on B2B APIs like ours are fairly complex to detect and mitigate. They typically lead to an extreme spike (10X-100X) in request volume thereby choking critical resources, and hence have the potential to impact our services. In order to guarantee a good quality of service to our customers, we’ve mad… more
  • 0 comments
  • Submitted
  • 08 Mar 2022

sandesh anand

Satyaki Sanyal

Answer Key Security Questions by Building an Automated Asset Inventory

We cannot protect what we don’t know exists. A key part of building security into our products is to make key security decisions based on data and not intuition or tribal knowledge alone. In Razorpay, we have hundreds of microservices deployed across multiple EKS clusters, some of which deploy multiple times each day. Any manually built inventory will be out of date within a few hours. In this ta… more
  • 0 comments
  • Submitted
  • 08 Mar 2022

Libin Babu

Suchith Narayan

SRIHARSHA ROUTHU

Responding to Lo4J RCE using Honeypots, Simulation and WAF rules

The Log4J RCE took all of us by surprise last December. The ubiquity of the library, the impact of the exploit (full server control), and ease of exploitation made it the perfect storm for DevOps and Security professionals. more
  • 0 comments
  • Submitted
  • 08 Mar 2022

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more

Supported by

Omidyar Network India invests in bold entrepreneurs who help create a meaningful life for every Indian, especially the hundreds of millions of Indians in low-income and lower-middle-income populations, ranging from the poorest among us to the existing middle class. To drive empowerment and social i… more
Deep dives into privacy and security, and understanding needs of the Indian tech ecosystem through guides, research, collaboration, events and conferences. Sponsors: Privacy Mode’s programmes are sponsored by: more