How to Build Privacy By Design into Web and Mobile
-
Upload
personalinc -
Category
Technology
-
view
1.495 -
download
4
description
Transcript of How to Build Privacy By Design into Web and Mobile
![Page 1: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/1.jpg)
#privacy360 | @tariktech
How to Build “Privacy by Design” into Web and Mobile
#privacy360 | @tariktech
![Page 2: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/2.jpg)
#privacy360 | @tariktech
Privacy by Design
To build privacy and data protection up front, into the design
specifications and architecture of information and communication
systems, technologies and business practices.
![Page 3: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/3.jpg)
#privacy360 | @tariktech
NOT (Privacy by Design)
![Page 4: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/4.jpg)
#privacy360 | @tariktech
Why Should You Care?
Want to do the right thing
Competitive differentiation
Anticipate regulation
Users will be users
![Page 5: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/5.jpg)
#privacy360 | @tariktech
Big Data Platform + “Privacy by Design”
Small Data Is Better
![Page 6: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/6.jpg)
#privacy360 | @tariktech
Key Privacy Principles
Transparency
Data portability
Right to be forgotten
Anonymity
Control
![Page 7: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/7.jpg)
#privacy360 | @tariktech
It Starts with Company Culture
Everyone is a Chief Privacy/Security Officer
Train key staff
Think of your customers as Owners – not users
Background checks where appropriate
![Page 8: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/8.jpg)
#privacy360 | @tariktech
Legal / Policy
User-centric legal model – not CYA
Owner Data Agreement
Always opt-in
Mind towards regulation to come
![Page 9: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/9.jpg)
#privacy360 | @tariktech
Business Partners and Vendors
Do not give any 3rd parties access to customer
Require HTTPS for login, data exchange and APIs
Do not give any 3rd parties access to customer
Do not sell customer data
Do not co-mingle data between clients
Do not provide analytics except as a service to you
Do not have any privacy/security incidents
Do background checks on employees
![Page 10: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/10.jpg)
#privacy360 | @tariktech
Marketing
Responsible performance tracking
Try Open Source
Avoid free stuff with strings attached
Minimize Owner exposure to 3rd parties
![Page 11: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/11.jpg)
#privacy360 | @tariktech
Platform Architecture Considerations
‣ Hosting Provider
‣ Hardware / Cloud
‣ Networking
‣ Security
‣ CDNs
‣ Web Servers
‣ Reverse Proxies
‣ Caching
‣ Database(s)
‣ Backups
‣ Languages / Framework(s)
‣ Mobile Applications
‣ APIs
‣ Message Queues
‣ Notifications / Alerts
‣ Search Servers
‣ Logs
‣ Analytics / Reports
‣ Exports (Download my data)
‣ Admin accounts (superpowers?)
‣ Password Management
‣ Session Management
![Page 12: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/12.jpg)
#privacy360 | @tariktech
Simplified Platform Architecture
HTTPS Encryption
Load Balancers / Proxies
Web Servers
App Servers
Database ServersBackups
Cache Servers
Search
Queue
Alerts
Browser Mobile App
Firewalls
![Page 13: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/13.jpg)
#privacy360 | @tariktech
Potential Data Traps!
Database ServersBackups
Log
Log
Log
Cache + History + BookmarksOfflineData
Index
EmailSMS
ServerCache
Log
Messages
3rd Party Social Plugins Widgets / Analytics
Load Balancers / Proxies
Web Servers
App ServersCache Servers
Search
Queue
Alerts
HTTPS Encryption
Firewalls
Browser Mobile App
![Page 14: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/14.jpg)
#privacy360 | @tariktech
Don’t Take Candy From Strangers
https://www.youtube.com/watch?v=Ouof1OzhL8k
![Page 15: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/15.jpg)
#privacy360 | @tariktech
…Or At Least Cut The Strings
<iframe src="//www.facebook.com/plugins/like.php?href=http%3A%2F%2Fblog.personal.com&send=false&layout=standard&width=450&show_faces=false&action=like&colorscheme=light&font&height=35" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:450px; height:35px;" allowTransparency="true"></iframe>
<a href="https://www.facebook.com/sharer.php?u=http%3A%2F%2Fblog.personal.com"><img src="/pathtoimage/facebook.gif"></a>
Phones Home on Load
No Strings Attached
![Page 16: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/16.jpg)
#privacy360 | @tariktech
Data-driven Platform
Log
EmailSMS
Load Balancers / Proxies
Web Servers
App ServersAlerts
HTTPS Encryption
Firewalls
Browser Mobile App
![Page 17: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/17.jpg)
#privacy360 | @tariktech
A InstanceNameAlreadyExistsException occurred in info#create:
* URL : https://www.personal.com/owner/info
* IP address: 127.0.0.1
* Parameters: {"authenticity_token"=>"43w3oYPUAOU4eFhUdCHV1obgIaeSIO1Yk68ajcR1TOE=",
"template_id"=>"0040", "card_nickname”"[FILTERED]", "card_type”"[FILTERED]",
"card_type_otherP3”"[FILTERED]", "card_network”"[FILTERED]", "credit_name_on_card”,
"credit_card_number”"[FILTERED]", "expiration_date”"[FILTERED]", "security_code”,
"credit_website_address”"[FILTERED]", "card_contact_number”"[FILTERED]",
"credit_card_auto_pay”"[FILTERED]",
"credit_card_account_debited_during_auto_pay”"[FILTERED]", "credit_notes”"[FILTERED]",
"password”"[FILTERED]", "owner_id"=>"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"}
• data: {:session_id=>"c3c5c361c1e89…[omitted]", :_csrf_token=>"43w3oYPUAOU4…
[omitted]", :expires_at=>Mon Jan 02 14:46:56 -0500 2012}
Supporting True Portability and Deletion
![Page 18: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/18.jpg)
#privacy360 | @tariktech
What About Mobile?
Secure API (HTTPS only)
Don’t take data without the Owner’s consent
Understand offline data storage/encryption options
Understand platform leakage potential
![Page 19: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/19.jpg)
#privacy360 | @tariktech
Mobile Pitfalls
![Page 20: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/20.jpg)
#privacy360 | @tariktech
Mobile Pitfalls
![Page 21: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/21.jpg)
#privacy360 | @tariktech
Mobile Pitfalls
![Page 22: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/22.jpg)
#privacy360 | @tariktech
Mobile PitfallsImage Cache
![Page 23: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/23.jpg)
#privacy360 | @tariktech
Mobile Pitfalls
![Page 24: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/24.jpg)
#privacy360 | @tariktech
Mobile Pitfalls
![Page 25: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/25.jpg)
#privacy360 | @tariktech
Mobile PitfallsImage Cache
![Page 26: How to Build Privacy By Design into Web and Mobile](https://reader036.fdocuments.net/reader036/viewer/2022062708/5589009cd8b42a29708b4602/html5/thumbnails/26.jpg)
#privacy360 | @tariktech
Thank You.
Please send questions or comments to @TarikTech