You are viewing content from a past/completed QCon

Track: Ethics, Regulation, Risk, and Compliance

Location: Pacific LMNO

Day of week: Monday

From personalized news feeds to engaging experiences that forecast demand: learn how innovators are building predictive systems in modern application development.

Track Host: Hoang Bao

Privacy and Data Governance Advisor, currently Principal at Virtual Privacy

Hoang is a privacy and data governance advisor with over a decade of industry experience. He is currently a Principal at Virtual Privacy, focusing on empowering the privacy and data protection ecosystem through pro bono services and research about businesses, consumers, and trust in the digital space.

He recently served as Director, Privacy Assurance and Engineering at Netflix, where he built a high talent team and created a strategic and comprehensive vision for Netflix privacy assurance and engineering program, inclusive of Netflix products, studio operations, employee data, marketing, and other business operations.

Prior to Netflix, he was the Director of Privacy at Walmart Global eCommerce. Before that, he was the Director of Policy, Privacy & Data Governance at Yahoo!. He was also a Senior Consultant at KPMG LLP.

Hoang received his Master of Science in Computer Science from Cal Poly, San Luis Obispo. He has the following privacy designations: CIPP/US, CIPP/E, CIPT, and CIPM.

10:35am - 11:25am

Mind the Software Gap: How We Can Operationalize Privacy & Compliance

With legislation like GDPR and CCPA, it has become newly urgent for organizations to understand internal and external data flows. In the push towards compliance, software organizations have been discovering just how difficult it is to maintain an up-to-date picture of data inventory and data flows. A major challenge is that modern software teams are developing and deploying software quickly and in decentralized ways. When each code change can cause data flow changes, building a clear, up-to-date map of data flows becomes more and more elusive. The state of the art (using human processes; catching data as it flows to untrusted locations) leaves gaps.

Understanding software behavior makes up a big part of the compliance gap--and automated techniques can help. In this talk, I discuss just what it could look like to get visibility into data flows and hint at what kinds of solutions could get us there.

Jean Yang, Founder and CEO @AkitaSoftware

11:50am - 12:40pm

Ethics Landscape

For humankind, ethics is old and computers are new.  Computing fast and fervent ascent to ubiquity didn't allow the field of ethics to maintain pace and society is reaping the foul fruits.  In this talk, I'll give a fly-by survey of the vast and mature field of ethics and attempt to convince you to adopt ethical considerations into the software development lifecycle. Expect time split equally between ethics, ethics in computing, and computing in society.

Theo Schlossnagle, Founder and CEO @Circonus, Editorial board of ACM's ‘Queue’

1:40pm - 2:30pm

Managing Privacy & Data Governance for Next Generation Architecture

The number of privacy-related regulations are on the rise and more vendors than ever before are vying for the attention and validation of privacy programs. In order to advocate for resources and technological solutions, the privacy office must be accountable for vendor governance and procurement decision-making, and oversight.  How do you organize business use cases, requirements, and stakeholders to evaluate privacy and data governance vendor solutions? Who should be involved in decision-making for vendor solutions that have implications for compliance, but also require investments across the company?  

This talk will explore a governance framework for roadmapping, resourcing, and driving decision-making for next generation of architecture with privacy by design. We will walk through the key players, requirements mapping, templates, and vendor engagement models for informed decision-making.

Ayana Miller, Privacy & Data Protection Advisor @Pinterest

2:55pm - 3:45pm

Quantifying Risk

The FAIR methodology is an emerging standard for measuring information risks. But, it can be intimidating to get started with a risk quantification program, as people may be reluctant to to go beyond Low/Medium/High categories to real numbers. At Netflix, we have introduced risk quantification in our highest impact areas, and are gradually expanding it across the enterprise. I'll share my experience and approach to defining appropriate loss scenarios, and getting real numbers from colleagues.

Markus De Shon, Sr. Security Engineer, Detection Engineering Lead @Netflix

4:10pm - 5:00pm

Panel: Ethics in Software Engineering

We will explore emerging ethical issues related to software engineering, as well as how they can potentially be addressed. The panelists represent diverse set of perspectives - from professional society to industry to academics.

Ayana Miller, Privacy & Data Protection Advisor @Pinterest
Bruce Edward DeBruhl, Assistant Professor @CalPoly
Theo Schlossnagle, Founder and CEO @Circonus, Editorial board of ACM's ‘Queue’
Megan Cristina, Chief Privacy Officer @Slack

5:25pm - 6:15pm

Privacy Architecture for Data-Driven Innovation

Data-driven businesses can no longer treat privacy as strictly a legal compliance-focused discipline. In a post-GDPR world, privacy needs an engineering focus to ensure it is actionable, enforceable and scalable. 

This talk will discuss how you can set up a privacy architecture to build in “privacy by data”.

The first part of the talk will tackle privacy challenges posed by incoming data into your company. This data can be extremely sensitive in that it describes who you are, where you are and other information that can uniquely identify you.

How does an organization assess and classify the risk around the data? I will discuss how your privacy architecture team can work with privacy legal to create a multi-tiered data classification, and then with security, data science and data platform teams to set up a backend that tags your data to reflect said classification. With this investment, your employees will be able to make informed decisions around data since they will know its privacy risk.   

The second part of the talk will tackle privacy as it related to sharing data with third parties, be it vendors, partners or even governments and regulators. How do you protect data from security risk or even re-identification risk in those cases? What techniques are available and what are the trade-offs involved? Uber is at the forefront of those conversations and I will discuss what our research and case-studies have yielded. 

Nishant Bhajaria, Author, Privacy and Security Leader, Digital Product Architect @Uber

Last Year's Tracks

Monday, 11 November

Tuesday, 12 November

Wednesday, 13 November