#DEVWEEK2020 Data Privacy in the Tech Stack & CI/CD Process

An Engineer’s Guide to Adding Strong Privacy
to Your Stack & CI/CD Process
WE’RE HIRING
Building Trust in
Data Driven Systems
@cillian #PrivacyAsCode

Cillian Kieran
Co-Founder & CEO at Ethyca
@cillian
medium.com/@cillian
privacy.dev

E T H I C S D A T A
(n.) [eth-ik-ah]
Developer tools and infrastructure for privacy, enabling
engineers, product and data teams to rapidly build,
deploy and maintain respectful technology.
Ethyca

Data Privacy Compliance
Why It Matters

Active & Pending Privacy Regulations
in Nearly all Major Markets
Our New Normal Is To Be Heavily Regulated Like Finance & Pharma
CCPA
PIPEDA
FED GDPR
APPI
PPB
LGPD
POPI
APP

The Privacy Spectrum
Privacy for Lawyers & Engineers vs. The Opportunity
CI/CDLegal & GRC Potential
FrictionLists, Rules & Compliance Trust & Growth

Move Purposefully & Fix Things *
(Or, Being Agile & Ethical)
* Credit: DJ Patil, Chief Data Scientist to Obama Administration and Ethyca investor.

Move Purposefully & Fix Things:
1. A Privacy Model for Engineers
2. Mapping Privacy to the SDLC
3. Five Fundamentals of Privacy
4. Implementation Methods
5. Architectural Considerations
6. CICD Considerations

The Data Privacy Model
Abstraction to form global model for Data Privacy Compliance *
Data Mapping
Inventory of data
defined as ‘personal
information’, including
sources, destinations,
system/user access,
the data use case(s)
and their TTL.
Consent & Objection
Provide mechanisms
for users to modify
which processes their
data is used in. Chiefly
for California, remove
their data from any
“data sales”.
Data Subject Rights
Provide mechanisms
for users to manage
data defined as
‘personal information’.
This includes retrieval/
access, update and
delete.
Data Entitlements
Constrain use of data
by services, systems
and internal users
based on the business
justifications or data
use cases they are
involved in.
Impact Assessments
As you build or
integrate systems,
assess the impact of
how these new data
processes will affect
your user and correct
any negative impact.
* Note: There are substantive differences between definitions and obligations for Data Privacy but
in seeking a blueprint for strong data privacy we believe these can be applied across markets.

SDLC & Data Privacy
Requirements Design Implementation
</>
Testing Deployment Maintenance Data Processing

SDLC & Data Privacy
</>
Audit / Reporting
Consider your data
processes as an auditable
trail of activity. An
expanding supply chain
like view of processes.

SDLC & Data Privacy
</>
Mapping & Notation
Continuously maintained
data flows and data
models to understand
‘what’ data is ‘where’ and
‘why’.
Audit / Reporting
Consider your data

Data Mapping
A continuously updated inventory of data flow and annotation so you can:
• Categorize all personal information.
• Understand where data is retained.
• Identify the types of users for whom data is held.
• Identify internal systems or users that have data access rights.
• Map these data transactions to approved business processes.
• Identify if consent was appropriately collected.
• Know how long data is held (ttl)

Data Mapping Methodologies
1. Aggregate schema, audit unstructured stores, document processes and map
data rights for all personal information. Establish cadence for regular review.
2. Automate with data discovery tools to identify personal information and
generate ‘map'. Ensure manual review as automation is imperfect.
3. Connect rights management, transaction analysis and system metadata to
generate map of personal information. Significant infra. & ops refactoring.

SDLC & Data Privacy
</>
Data Subject Rights
Provide services allowing
users to manage personal
information, including
access/retrieval, updates,
deletion & consent.
Mapping & Notation
data flows and data
‘why’.
Audit / Reporting
Consider your data

Data Subject Rights
Your systems should have the ability to:
• Access: retrieve, categorize, and provide to requesting user all of their data.
• Rectify: edit an attribute of personal information that may be deemed incorrect.
• Delete: delete an attribute of personal information.
• Erase: completely erase a user’s personal information.
• Portability: retrieve, categorize, and provide users data in interoperable format.

Data Subject Rights Methodologies
1. Write scripts for data retrieval against identities for each data store and prepare
a runbook to execute regularly. Unscalable, error prone, and not auditable.
2. Build service for data retrieval based on provided identities and expose across
stack for subject requests. Significant cycles to design, implement, & maintain.

Consent & Objection
You must provide the ability for your user to:
• opt-in: opt-in with clear understanding of what you're doing with their data.
• opt-out: modify consents for each activity you undertake with their data.
• object: object to having their data processed in any way.
• manage data sales: opt out of having their data sold to third parties.
• Ensure users are notified of changes to data processes.
• Ensure user’s consent flows through all your business processes.

Consent & Objection Methodologies
1. Capture consent upfront and manually map flags across 3rd party systems with
data processes for given identities. Difficult to maintain parity across systems.
2. Implement (buy or build) consent manager to unify consent across data
processes. Good for SaaS business, less suited for owned infra.
3. Treat rights management, data processes, and consent as graph of relationships
for data privacy compliance. Significant infra. & ops refactoring to achieve.

SDLC & Data Privacy
</>
Data Subject Rights
deletion & consent.
Mapping & Notation
data flows and data
‘why’.
Audit / Reporting
Consider your data
Data Entitlements
Fine grained entitlements
constraining services,
systems, engineers and
data teams to only
necessary data access.

Data Entitlement
Support business data governance policies for minimization with respect to:
• encryption of all data in flight and at rest.
• ensure access to data is only provided for a given business activity.
• limit access to data for the duration of a given business activity.
• comprehensively log data access across business users and systems.

Data Entitlement Methodologies
1. Institute fine grained access control based on specific business activities which
reflect permitted data policies. Easiest to initiate, labor intensive to scale.
2. Map data processes, consent, and entitlements together to manage data access
controls for systems and users. Significant infra. & ops refactoring to build.

SDLC & Data Privacy
</>
Data Subject Rights
deletion & consent.
Mapping & Notation
data flows and data
‘why’.
Audit / Reporting
Consider your data
Data Entitlements
Fine grained entitlements
constraining services,
systems, engineers and
data teams to only
necessary data access.
Impact Assessments
Assess the risk of data
processes to your user as
part of system design,
implementation and
ongoing data operations.

Impact Assessment
Conduct impact assessments as part of product design and development:
• Assess impact of intended data process to your users.
• Reduce unnecessary risk wherever possible when identified.
• Provide clear documentation of ongoing assessment for any product or service
development process.
• Consider Impact Assessments part of your entire SDLC workflow.

Impact Assessment Methodologies
1. Define and maintain a manual workflow comprised of impact analysis forms,
completed by eng., product, and data teams. High friction, unscalable.
2. Implement manual workflow for data entitlements based on completion of
impact assessment requests. High friction, unscalable.
3. Build static code review for privacy risks into CICD pipeline and monitor data
transactions in applications. New toolset and pipeline with real costs.

Architectural Considerations

Manual Effort
The reality is manual data
notation, schema analysis.
Manual data rights
management supported
by comprehensive
security.
Privacy Preserving Architecture
Reality, Desired State(s) and Panacea
Passive Monitoring
Agents / instrumentation
to generate data lineage
with manual enrichment
for privacy related
classification.
PrivateSQL
Differential privacy
suitable for query/analysis
on SQL while protecting
underlying identities.
In-line Proxy
Similar to passive
instrumentation; low-
latency proxy that
monitors and actively
manages data access
based on entitlements.
Enclaves
Hardware-hardened
containers promise a
greater degree of
protection for both real-
time and batch processes.
Today Short-term Future

CICD Considerations

CICD Considerations
Reality, Desired State(s) and Panacea
Manual Effort
Manual effort requires
privacy code review,
impact assessments, edge
case planning, and more
documentation on data
processes.
Privacy by Design
Training in the 7 aspects
of privacy by design
assists product managers,
developers and teams to
build more respectful
systems.
Dev Data Behavior
Better policies on read-
replica of production data
source or general use of
production data in dev
should be minimized.
Entitlements &
Impacts
A future-state pipeline
connecting impact
assessments as code-
based workflows with
entitlements to data.
Static Code Analysis
Combining impact
assessments and data
access with analysis of
code for anomalies or
risks such as data
transposition.
Today Short-term Future

Summary

Summary
Data privacy is a fast changing, high impact issue for developers:
#1 better data models/documentation maintenance helps.
#2 develop workflow for data retrieval, whether manual or automated.
#3 privacy consideration is often corner and edge case consideration.
#4 privacy should be part of your infrastructure either in, or between services and stores.
#5 consider how privacy analysis can be built into CICD (at pull/merge request).

WE’RE HIRING

#DEVWEEK2020 Data Privacy in the Tech Stack & CI/CD Process

More Related Content

Similar to #DEVWEEK2020 Data Privacy in the Tech Stack & CI/CD Process (20)

Recently uploaded (20)

#DEVWEEK2020 Data Privacy in the Tech Stack & CI/CD Process