Track: Ethics, Regulation, Risk, and Compliance

Location: Pacific LMNO

Day of week: Monday

From personalized news feeds to engaging experiences that forecast demand: learn how innovators are building predictive systems in modern application development.

Track Host: Hoang Bao

Privacy and Data Governance Advisor, currently Principal at Virtual Privacy

Hoang is a privacy and data governance advisor with over a decade of industry experience. He is currently a Principal at Virtual Privacy, focusing on empowering the privacy and data protection ecosystem through pro bono services and research about businesses, consumers, and trust in the digital space.

He recently served as Director, Privacy Assurance and Engineering at Netflix, where he built a high talent team and created a strategic and comprehensive vision for Netflix privacy assurance and engineering program, inclusive of Netflix products, studio operations, employee data, marketing, and other business operations.

Prior to Netflix, he was the Director of Privacy at Walmart Global eCommerce. Before that, he was the Director of Policy, Privacy & Data Governance at Yahoo!. He was also a Senior Consultant at KPMG LLP.

Hoang received his Master of Science in Computer Science from Cal Poly, San Luis Obispo. He has the following privacy designations: CIPP/US, CIPP/E, CIPT, and CIPM.

10:35am - 11:25am

Ethics Open Space

Session details to follow.

11:50am - 12:40pm

Privacy Architecture: Technical Privacy By Design

Data-driven businesses can no longer treat privacy as strictly a legal compliance-focused discipline. In a post-GDPR world, privacy needs an engineering focus to ensure it is actionable, enforceable and scalable. 

This talk will discuss how you can set up a privacy program that has two technical arms. 

The first arm will focus on developing commonly-needed services available to disparate and siloed teams across a distributed enterprise. This will be your privacy engineering services arm with an established product roadmap to help create automation in response to imminent and medium-term needs, and will help ensure that you do not have to go through GDPR-type drills and disrupt product teams.

The second arm will be more strategic and ensure technical privacy governance across your organization. It will help create data governance to ensure you understand what you have, where you have it, how it grows risk even as it enables growth, and how you can manage this data architecture from a privacy standpoint. There will be some concrete examples, as well as tips on how to influence engineering and other teams to own their data and its usage so that privacy is a shared goal as well as a technical differentiator for your business. 

Nishant Bhajaria, Author, Privacy and Security Leader, Digital Product Architect @Uber

1:40pm - 2:30pm

Mind the Software Gap: How We Can Operationalize Privacy & Compliance

With legislation like GDPR and CCPA, it has become newly urgent for organizations to understand internal and external data flows. In the push towards compliance, software organizations have been discovering just how difficult it is to maintain an up-to-date picture of data inventory and data flows. A major challenge is that modern software teams are developing and deploying software quickly and in decentralized ways. When each code change can cause data flow changes, building a clear, up-to-date map of data flows becomes more and more elusive. The state of the art (using human processes; catching data as it flows to untrusted locations) leaves gaps.

Understanding software behavior makes up a big part of the compliance gap--and automated techniques can help. In this talk, I discuss just what it could look like to get visibility into data flows and hint at what kinds of solutions could get us there.

Jean Yang, Founder and CEO @AkitaSoftware

2:55pm - 3:45pm

Managing Privacy & Data Governance for Next Generation Architecture

Session details to follow.

Ayana Miller, Privacy & Data Protection Advisor @Pinterest

4:10pm - 5:00pm

Quantifying Risk

The FAIR methodology is an emerging standard for measuring information risks. But, it can be intimidating to get started with a risk quantification program, as people may be reluctant to to go beyond Low/Medium/High categories to real numbers. At Netflix, we have introduced risk quantification in our highest impact areas, and are gradually expanding it across the enterprise. I'll share my experience and approach to defining appropriate loss scenarios, and getting real numbers from colleagues.

Markus De Shon, Sr. Security Engineer, Detection Engineering Lead @Netflix

5:25pm - 6:15pm

Ethics, Regulation, Risk & Compliance

Session details to follow.


Monday, 11 November

Tuesday, 12 November

Wednesday, 13 November