SlideShare uma empresa Scribd logo

(SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon

Priyanka Aash
Priyanka Aash

Just like in the case of Security, building Privacy at the design stage itself ensures privacy gets baked into the specific application/ process/ initiative. There is a formal Privacy By Design (PbD) framework available and it has been incorporated into several laws & regulations as well. To actually implement PbD into specific applications needs the translation and application of this framework and its principles into specific, detailed, step by step guidelines/ standards. This Hackathon endeavours to do exactly that

Tecnologia
1 de 9
SACON SACON International 2020 India | Bangalore | February 21 - 22 | Taj Yeshwantpur Privacy Hackathon
SACON 2020 Privacy Hackathon: An Introduction • Privacy Regulations are mushrooming globally, and organizations need to adhere to Privacy Principles and provide Rights to Data Subjects • All Privacy regulations, require organizations to have a certain degree of insight and control of the Personal Data they collect and store about individuals, or risk paying hefty fines. • Hence, gaining visibility and control over Personal Data is a crucial component for Privacy Compliance readiness. Background • There are a variety of challenges that are begging for solutions in the Privacy Ecosystem • Some directly relate to the technology being used • Legacy technology has not been built for enabling the Privacy aspects. • Key among these is the Identification and protection of Personal Data Elements Current Scenario Hackathon Goals • The Privacy Hackathon will attempt to find ways to break into and therefore defend the various Personal Data elements that are collected/stored/ transmitted/ accessed across the ecosystem • The Hackathon looks at new and old ways in which the applications are built and will drill down to the database level to identify the solutions
SACON 2020 Privacy Hackathon: An Introduction Mobile Apps Websites/Web Apps Databases (SQL , noSQL) ML/AI Program Personal Data is collected through various Channels, stored in a structured or unstructured manner. Derived Personal Data is also generated by an organization through AI/ML programs. The challenges we have in the hackathon today tries to identify solutions to Personal Data Identification and Tagging in each of these Channels/Platforms
SACON 2020 What is Personal Data? Any data that can – directly or indirectly - or in combination with other data – make a person ‘identifiable’ What is Personal Data? Device Identifiers Online Identifiers Social Media MarkersMetadata Data that has been processed using analytics that can identify a person Trackers & CookiesLocation Data Above – the – surface (ATS) Personal data Demographic/ Identity Data Health/ Biometric/Genetic/ Gender Data Political Affiliations/ Personal beliefs/ Criminal History/etc Financial Data Govt Ids Personal Data (PD) Below – the – surface (BTS) Personal data
SACON 2020 Challenge 1: Personal Data Access on a Mobile App • A Mobile App on a smart phone accesses a bunch of data stored on the local device. Mobile Apps, through “Dangerous Permissions” and embedded SDKs and have access to Personal Data like Contacts, Photos, Location, etc. Context • Organizations deploying Mobile Apps are at a risk of Privacy violations based on the way Personal Data is processed by the App. However, it is a challenge to identify what Personal Data is being accessed and how it being used or shared by the App Problem • We need to write scripts to look at how to access the data being used/stored on the local device; and identify if any of these can lead to Personal Data. (The app can be any, we would prefer if you use one which you have been working for. ) Goal • Techniques (could be code) to access the data and identify the Personal Data elements being used by the Mobile AppExpected Output
SACON 2020 Challenge 2: Personal Data Access on a Web App/Website • A Website/Webapp/PWA stores and accesses a bunch of data from the local device. This could be in the form of cookies, trackers, embedded librariesContext • Organizations deploying Web Apps are at a risk of Privacy violations based on the way Personal Data is processed by the App. However, it is a challenge to identify what Personal Data is being accessed and how it being used or shared by the App Problem • We need to write scripts to look at how to access the data being used/stored on the local device; and identify if any of these can lead to Personal Data. (The app can be any, we would prefer if you use one which you have been working for. ) Goal • Techniques (could be code) to access the data and identify the Personal Data elements being used by the Web AppExpected Output
SACON 2020 Challenge 3: Personal Data Discovery on a SQL DB (Metadata Tagging & Personal Data Identification & Isolation) •Organizations use Databases like mySQL and Oracle to store data (including Personal Data) in a structured form. Transaction Databases use multiple referential integrity models to store and access data in the form of various data types. Context •A key challenge organizations face today is on how to identify and tag the data in the SQL DB into Personal Data elements. Unless an organization has a strong control over what Personal Data is being accessed, who accesses it, how is it being used, it is at a risk of Privacy violation. Problem •The solution needs to have a way to identify (through interface OR script-based arguments) as well as store the tag info as meta data without disrupting the actual data OR the application interfacing with the DB Goal •Techniques (could be code) to access the data and identify the Personal Data elements being used across the DB. So we identify once and map them across the DB.Expected Output
SACON 2020 Challenge 4: Personal Data Discovery on noSQL DB (Metadata Tagging & Personal Data Identification & Isolation) •NoSQL databases are used by Organizations and are especially useful for working with large sets of distributed data. The nosql db uses architectural elements to store and access data in the form of various data types.Context •A key challenge organizations face today is on how to identify and tag the data in the noSQL DB into Personal Data elements. Unless an organization has a strong control over what Personal Data is being accessed, who accesses it, how is it being used, it is at a risk of Privacy violation.Problem •The solution needs to have a way to identify Personal Data (through interface OR script-based arguments) as well as store the tag info as meta data without disrupting the actual data OR the application interfacing with the DB. • Nosql DB are also used in Analytics applications and can contain data aggregated across various data structures. Therefore we need to identify and tag them accordingly so that the tag also carries forward when performing the analytics. Goal •Techniques (could be code) to access the data and identify the Personal Data elements being used across the DB. So we identify once and map them across the DB.Expected Output
SACON 2020 Challenge 5: Techniques for trapping identified Personal Data in a ML/AI program (Metadata Tagging & Personal Data Identification & Isolation) •The ML/AI program uses various behavioural assessments as well as pre-defined responses to generate data providing behavioural insights. This generated data could also be classified as Personal Data and this is an ever-growing data set.Context •A key challenge organizations face today is on how to identify and tag the data being used and generated by the ML/AI Platform into Personal Data elements. Unless an organization has a strong control over what Personal Data is being accessed, who accesses it, how is it being used, it is at a risk of Privacy violation.Problem •The solution needs to have a way to identify Personal Data (through interface OR script-based arguments) as well as store the tag info as meta data without disrupting the actual data OR the application interfacing with the Platform. •An additional element to be checked for here is the actual purpose or functionality of the programs and whether the data use and model sets are going beyond the original specified purpose. This part is an add-on. Goal •Techniques (could be code) to access the data and identify the Personal Data elements being used and generated across the ML/AI Platform.Expected Output

Recomendados

(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...
(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...
(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...
Priyanka Aash
 
(SACON) Gauri Vishwas - Implementing a Privacy Program in a large Conglomerat...
(SACON) Gauri Vishwas - Implementing a Privacy Program in a large Conglomerat...(SACON) Gauri Vishwas - Implementing a Privacy Program in a large Conglomerat...
(SACON) Gauri Vishwas - Implementing a Privacy Program in a large Conglomerat...
Priyanka Aash
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
Priyanka Aash
 
(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...
(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...
(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...
Priyanka Aash
 
(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...
(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...
(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...
Priyanka Aash
 
(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...
(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...
(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...
Priyanka Aash
 
(SACON) Vandana Verma - Living In A World of Zero Trust
(SACON) Vandana Verma - Living In A World of Zero Trust(SACON) Vandana Verma - Living In A World of Zero Trust
(SACON) Vandana Verma - Living In A World of Zero Trust
Priyanka Aash
 
G05.2013 gartner top security trends
G05.2013 gartner top security trendsG05.2013 gartner top security trends
G05.2013 gartner top security trends
Satya Harish
 

Recomendados

(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...
(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...
(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...
Priyanka Aash
 
(SACON) Gauri Vishwas - Implementing a Privacy Program in a large Conglomerat...
(SACON) Gauri Vishwas - Implementing a Privacy Program in a large Conglomerat...(SACON) Gauri Vishwas - Implementing a Privacy Program in a large Conglomerat...
(SACON) Gauri Vishwas - Implementing a Privacy Program in a large Conglomerat...
Priyanka Aash
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
Priyanka Aash
 
(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...
(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...
(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...
Priyanka Aash
 
(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...
(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...
(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...
Priyanka Aash
 
(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...
(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...
(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...
Priyanka Aash
 
(SACON) Vandana Verma - Living In A World of Zero Trust
(SACON) Vandana Verma - Living In A World of Zero Trust(SACON) Vandana Verma - Living In A World of Zero Trust
(SACON) Vandana Verma - Living In A World of Zero Trust
Priyanka Aash
 
G05.2013 gartner top security trends
G05.2013 gartner top security trendsG05.2013 gartner top security trends
G05.2013 gartner top security trends
Satya Harish
 
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
IJCNCJournal
 
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
Priyanka Aash
 
Zero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeZero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at Adobe
Vishwas Manral
 
Identity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyIdentity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust Strategy
Okta-Inc
 
Data Security by AES Advanced Encryption Standard
Data Security by AES Advanced Encryption StandardData Security by AES Advanced Encryption Standard
Data Security by AES Advanced Encryption Standard
YogeshIJTSRD
 
The day when role based access control disappears
The day when role based access control disappearsThe day when role based access control disappears
The day when role based access control disappears
Ulf Mattsson
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
Okta-Inc
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Ignyte Assurance Platform
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016
Ulf Mattsson
 
How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016
Ulf Mattsson
 
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
Micro Focus
 
Cloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorizationCloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorization
Pvrtechnologies Nellore
 
Cybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaCybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabia
Faysal Ghauri
 
Symantec 2011 Social Media Protection Flash Poll Global Results
Symantec 2011 Social Media Protection Flash Poll Global ResultsSymantec 2011 Social Media Protection Flash Poll Global Results
Symantec 2011 Social Media Protection Flash Poll Global Results
Symantec
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
Denise Bailey
 
Zscaler mondi webinar
Zscaler mondi webinarZscaler mondi webinar
Zscaler mondi webinar
Zscaler
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
Peter Wood
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Ulf Mattsson
 
(SACON) Apurva Mankad - Implementing a Privacy Program in an SME Organization...
(SACON) Apurva Mankad - Implementing a Privacy Program in an SME Organization...(SACON) Apurva Mankad - Implementing a Privacy Program in an SME Organization...
(SACON) Apurva Mankad - Implementing a Privacy Program in an SME Organization...
Priyanka Aash
 
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Ulf Mattsson
 
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Steven Meister
 
DBAs - Is Your Company’s Personal and Sensitive Data Safe?
DBAs - Is Your Company’s Personal and Sensitive Data Safe?DBAs - Is Your Company’s Personal and Sensitive Data Safe?
DBAs - Is Your Company’s Personal and Sensitive Data Safe?
DevOps.com
 

Mais conteúdo relacionado

Mais procurados

MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
IJCNCJournal
 
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
Priyanka Aash
 
Data Security by AES Advanced Encryption Standard
Data Security by AES Advanced Encryption StandardData Security by AES Advanced Encryption Standard
Data Security by AES Advanced Encryption Standard
YogeshIJTSRD
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Ignyte Assurance Platform
 
How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016
Ulf Mattsson
 
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Ulf Mattsson
 

Mais procurados (20)

MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
 
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
 
Zero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeZero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at Adobe
 
Identity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyIdentity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust Strategy
 
Data Security by AES Advanced Encryption Standard
Data Security by AES Advanced Encryption StandardData Security by AES Advanced Encryption Standard
Data Security by AES Advanced Encryption Standard
 
The day when role based access control disappears
The day when role based access control disappearsThe day when role based access control disappears
The day when role based access control disappears
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016
 
How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016
 
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
 
Cloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorizationCloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorization
 
Cybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaCybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabia
 
Symantec 2011 Social Media Protection Flash Poll Global Results
Symantec 2011 Social Media Protection Flash Poll Global ResultsSymantec 2011 Social Media Protection Flash Poll Global Results
Symantec 2011 Social Media Protection Flash Poll Global Results
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
 
Zscaler mondi webinar
Zscaler mondi webinarZscaler mondi webinar
Zscaler mondi webinar
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
(SACON) Apurva Mankad - Implementing a Privacy Program in an SME Organization...
(SACON) Apurva Mankad - Implementing a Privacy Program in an SME Organization...(SACON) Apurva Mankad - Implementing a Privacy Program in an SME Organization...
(SACON) Apurva Mankad - Implementing a Privacy Program in an SME Organization...
 
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
 

Semelhante a (SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon

Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Steven Meister
 
DBAs - Is Your Company’s Personal and Sensitive Data Safe?
DBAs - Is Your Company’s Personal and Sensitive Data Safe?DBAs - Is Your Company’s Personal and Sensitive Data Safe?
DBAs - Is Your Company’s Personal and Sensitive Data Safe?
DevOps.com
 
Final review m score
Final review m scoreFinal review m score
Final review m score
azhar4010
 
Security Framework for Multitenant Architecture
Security Framework for Multitenant ArchitectureSecurity Framework for Multitenant Architecture
Security Framework for Multitenant Architecture
DataWorks Summit
 
Trends in Data Modeling
Trends in Data ModelingTrends in Data Modeling
Trends in Data Modeling
DATAVERSITY
 
Metadata Strategies
Metadata StrategiesMetadata Strategies
Metadata Strategies
DATAVERSITY
 
These Are The Data You Are Looking For
These Are The Data You Are Looking ForThese Are The Data You Are Looking For
These Are The Data You Are Looking For
Embarcadero Technologies
 
GDPR Compliance Made Easy with Data Virtualization
GDPR Compliance Made Easy with Data VirtualizationGDPR Compliance Made Easy with Data Virtualization
GDPR Compliance Made Easy with Data Virtualization
Denodo
 
Data-Ed: Trends in Data Modeling
Data-Ed: Trends in Data ModelingData-Ed: Trends in Data Modeling
Data-Ed: Trends in Data Modeling
Data Blueprint
 
Data-Ed Online: Trends in Data Modeling
Data-Ed Online: Trends in Data ModelingData-Ed Online: Trends in Data Modeling
Data-Ed Online: Trends in Data Modeling
DATAVERSITY
 
Data Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint Webinar
Concept Searching, Inc
 

Semelhante a (SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon (20)

Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
 
DBAs - Is Your Company’s Personal and Sensitive Data Safe?
DBAs - Is Your Company’s Personal and Sensitive Data Safe?DBAs - Is Your Company’s Personal and Sensitive Data Safe?
DBAs - Is Your Company’s Personal and Sensitive Data Safe?
 
GDPR BigDataRevealed Readiness Requirements and Evaluation
GDPR BigDataRevealed Readiness Requirements and EvaluationGDPR BigDataRevealed Readiness Requirements and Evaluation
GDPR BigDataRevealed Readiness Requirements and Evaluation
 
Final review m score
Final review m scoreFinal review m score
Final review m score
 
eBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceeBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data Governance
 
Business Intelligence and Analytics Unit-2 part-A .pptx
Business Intelligence and Analytics Unit-2 part-A .pptxBusiness Intelligence and Analytics Unit-2 part-A .pptx
Business Intelligence and Analytics Unit-2 part-A .pptx
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 
Security Framework for Multitenant Architecture
Security Framework for Multitenant ArchitectureSecurity Framework for Multitenant Architecture
Security Framework for Multitenant Architecture
 
Trends in Data Modeling
Trends in Data ModelingTrends in Data Modeling
Trends in Data Modeling
 
Metadata Strategies
Metadata StrategiesMetadata Strategies
Metadata Strategies
 
These Are The Data You Are Looking For
These Are The Data You Are Looking ForThese Are The Data You Are Looking For
These Are The Data You Are Looking For
 
The value of big data analytics
The value of big data analyticsThe value of big data analytics
The value of big data analytics
 
GDPR Compliance Made Easy with Data Virtualization
GDPR Compliance Made Easy with Data VirtualizationGDPR Compliance Made Easy with Data Virtualization
GDPR Compliance Made Easy with Data Virtualization
 
Driving Business Value Through Agile Data Assets
Driving Business Value Through Agile Data AssetsDriving Business Value Through Agile Data Assets
Driving Business Value Through Agile Data Assets
 
Data-Ed: Trends in Data Modeling
Data-Ed: Trends in Data ModelingData-Ed: Trends in Data Modeling
Data-Ed: Trends in Data Modeling
 
Data-Ed Online: Trends in Data Modeling
Data-Ed Online: Trends in Data ModelingData-Ed Online: Trends in Data Modeling
Data-Ed Online: Trends in Data Modeling
 
How to Consume Your Data for AI
How to Consume Your Data for AIHow to Consume Your Data for AI
How to Consume Your Data for AI
 
DRM Evolution 2005 03 17
DRM Evolution 2005 03 17DRM Evolution 2005 03 17
DRM Evolution 2005 03 17
 
Data Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint Webinar
 
Data, AI and Tokens: A Glimpse of What is to Come
Data, AI and Tokens: A Glimpse of What is to ComeData, AI and Tokens: A Glimpse of What is to Come
Data, AI and Tokens: A Glimpse of What is to Come
 

Mais de Priyanka Aash

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Priyanka Aash
 

Mais de Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Último

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Último (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

(SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon

  • 1. SACON SACON International 2020 India | Bangalore | February 21 - 22 | Taj Yeshwantpur Privacy Hackathon
  • 2. SACON 2020 Privacy Hackathon: An Introduction • Privacy Regulations are mushrooming globally, and organizations need to adhere to Privacy Principles and provide Rights to Data Subjects • All Privacy regulations, require organizations to have a certain degree of insight and control of the Personal Data they collect and store about individuals, or risk paying hefty fines. • Hence, gaining visibility and control over Personal Data is a crucial component for Privacy Compliance readiness. Background • There are a variety of challenges that are begging for solutions in the Privacy Ecosystem • Some directly relate to the technology being used • Legacy technology has not been built for enabling the Privacy aspects. • Key among these is the Identification and protection of Personal Data Elements Current Scenario Hackathon Goals • The Privacy Hackathon will attempt to find ways to break into and therefore defend the various Personal Data elements that are collected/stored/ transmitted/ accessed across the ecosystem • The Hackathon looks at new and old ways in which the applications are built and will drill down to the database level to identify the solutions
  • 3. SACON 2020 Privacy Hackathon: An Introduction Mobile Apps Websites/Web Apps Databases (SQL , noSQL) ML/AI Program Personal Data is collected through various Channels, stored in a structured or unstructured manner. Derived Personal Data is also generated by an organization through AI/ML programs. The challenges we have in the hackathon today tries to identify solutions to Personal Data Identification and Tagging in each of these Channels/Platforms
  • 4. SACON 2020 What is Personal Data? Any data that can – directly or indirectly - or in combination with other data – make a person ‘identifiable’ What is Personal Data? Device Identifiers Online Identifiers Social Media MarkersMetadata Data that has been processed using analytics that can identify a person Trackers & CookiesLocation Data Above – the – surface (ATS) Personal data Demographic/ Identity Data Health/ Biometric/Genetic/ Gender Data Political Affiliations/ Personal beliefs/ Criminal History/etc Financial Data Govt Ids Personal Data (PD) Below – the – surface (BTS) Personal data
  • 5. SACON 2020 Challenge 1: Personal Data Access on a Mobile App • A Mobile App on a smart phone accesses a bunch of data stored on the local device. Mobile Apps, through “Dangerous Permissions” and embedded SDKs and have access to Personal Data like Contacts, Photos, Location, etc. Context • Organizations deploying Mobile Apps are at a risk of Privacy violations based on the way Personal Data is processed by the App. However, it is a challenge to identify what Personal Data is being accessed and how it being used or shared by the App Problem • We need to write scripts to look at how to access the data being used/stored on the local device; and identify if any of these can lead to Personal Data. (The app can be any, we would prefer if you use one which you have been working for. ) Goal • Techniques (could be code) to access the data and identify the Personal Data elements being used by the Mobile AppExpected Output
  • 6. SACON 2020 Challenge 2: Personal Data Access on a Web App/Website • A Website/Webapp/PWA stores and accesses a bunch of data from the local device. This could be in the form of cookies, trackers, embedded librariesContext • Organizations deploying Web Apps are at a risk of Privacy violations based on the way Personal Data is processed by the App. However, it is a challenge to identify what Personal Data is being accessed and how it being used or shared by the App Problem • We need to write scripts to look at how to access the data being used/stored on the local device; and identify if any of these can lead to Personal Data. (The app can be any, we would prefer if you use one which you have been working for. ) Goal • Techniques (could be code) to access the data and identify the Personal Data elements being used by the Web AppExpected Output
  • 7. SACON 2020 Challenge 3: Personal Data Discovery on a SQL DB (Metadata Tagging & Personal Data Identification & Isolation) •Organizations use Databases like mySQL and Oracle to store data (including Personal Data) in a structured form. Transaction Databases use multiple referential integrity models to store and access data in the form of various data types. Context •A key challenge organizations face today is on how to identify and tag the data in the SQL DB into Personal Data elements. Unless an organization has a strong control over what Personal Data is being accessed, who accesses it, how is it being used, it is at a risk of Privacy violation. Problem •The solution needs to have a way to identify (through interface OR script-based arguments) as well as store the tag info as meta data without disrupting the actual data OR the application interfacing with the DB Goal •Techniques (could be code) to access the data and identify the Personal Data elements being used across the DB. So we identify once and map them across the DB.Expected Output
  • 8. SACON 2020 Challenge 4: Personal Data Discovery on noSQL DB (Metadata Tagging & Personal Data Identification & Isolation) •NoSQL databases are used by Organizations and are especially useful for working with large sets of distributed data. The nosql db uses architectural elements to store and access data in the form of various data types.Context •A key challenge organizations face today is on how to identify and tag the data in the noSQL DB into Personal Data elements. Unless an organization has a strong control over what Personal Data is being accessed, who accesses it, how is it being used, it is at a risk of Privacy violation.Problem •The solution needs to have a way to identify Personal Data (through interface OR script-based arguments) as well as store the tag info as meta data without disrupting the actual data OR the application interfacing with the DB. • Nosql DB are also used in Analytics applications and can contain data aggregated across various data structures. Therefore we need to identify and tag them accordingly so that the tag also carries forward when performing the analytics. Goal •Techniques (could be code) to access the data and identify the Personal Data elements being used across the DB. So we identify once and map them across the DB.Expected Output
  • 9. SACON 2020 Challenge 5: Techniques for trapping identified Personal Data in a ML/AI program (Metadata Tagging & Personal Data Identification & Isolation) •The ML/AI program uses various behavioural assessments as well as pre-defined responses to generate data providing behavioural insights. This generated data could also be classified as Personal Data and this is an ever-growing data set.Context •A key challenge organizations face today is on how to identify and tag the data being used and generated by the ML/AI Platform into Personal Data elements. Unless an organization has a strong control over what Personal Data is being accessed, who accesses it, how is it being used, it is at a risk of Privacy violation.Problem •The solution needs to have a way to identify Personal Data (through interface OR script-based arguments) as well as store the tag info as meta data without disrupting the actual data OR the application interfacing with the Platform. •An additional element to be checked for here is the actual purpose or functionality of the programs and whether the data use and model sets are going beyond the original specified purpose. This part is an add-on. Goal •Techniques (could be code) to access the data and identify the Personal Data elements being used and generated across the ML/AI Platform.Expected Output