this is your presentation title€¦ · 4 massive data production idc data age 2025 report o 175...
TRANSCRIPT
PrivacyProtecting Data and the Individual
Peter CressePartner, RedChip Ventures
www.redchipventures.com 2
Privacy in the digital age
Privacy is the empowered act of boundary-setting that allows people and organizations to decide who can access which data about me and for what purpose.
We have become the data we own and create.
Most of your data is on your phone
www.redchipventures.com 3
We are now virtual humans, working remotely and managing large sets of data from the internet, storage on the pc, and on our mobile devices.
We use open, semi-secure and secure transport to shift and represent our digital selves; to create personal brand and value.
We ultimately balance three areas all at once – speed, access and privacy – over our domain.
Now. To consider privacy, we must first decide on what we most value.
Peter CressePartner, RedChip Ventures
What is the best way to balancespeed and access to our own data?
www.redchipventures.com 4
Massive Data Production
IDC Data Age 2025 Reporto 175 zettabytes (175 trillion gigabytes)
o 10 times the 2016 amounto IoT devices: 90 zettabyteso 25B devices
Examples (data/day)o Smart factory: 5 petabytes of videoo Smart city: 200 petabyteso Facial recognition: 1 petabyte in systemo Autonomous vehicle: 4 terabytes per AV (200M vehicles)o Aircraft engine hour: 20 terabytes (25,000 flights/day)o 5G: 1/3 of globe coverage in 2025
www.redchipventures.com 5
Core and Edge
EDGEDecentralized: Low latency, device diversity, closer to user
Sensors/Actuators
Private
AWS
Azure
CORECentralized: compute, storage, and governance. Resources on demand.
Private
AWS
Azure
Company Data Assets Core
www.redchipventures.com
www.redchipventures.com 6
Privacy Goals
Private
AWS
Azure
Sensors/Actuators
PrivacyData must be found, managed, and shown to be compliant
• Data center
• Teleport
• Gateway
• Edge Server
• Fog
• MEC
Network
Core
www.redchipventures.com
www.redchipventures.com 7
Privacy: Personal Data is Massive
Private
AWS
Azure
Sensors/Actuators
Personal Data
• Data center
• Teleport
• Gateway
• Edge Server
• Fog
• MEC
Network
Core
www.redchipventures.com
www.redchipventures.com 8
Privacy: Where is the Data?
Data is all over the place
• Data center
• Cloud
• Transit
www.redchipventures.com
www.redchipventures.com 9
Privacy: Three Stakeholders
You
• Data center
• Cloud
• Transit
www.redchipventures.com
Organization
Government
www.redchipventures.com 10
Privacy: Business Opportunity
• Data center
• Cloud
• Transit
www.redchipventures.com
OrganizationHelp them comply to avoid cost and fines
www.redchipventures.com 11
Privacy: What is the Most Difficult Part?
Answer:Finding the data.
Using automation to find where personal data exists.
Providing audit and logs to prove.
CloverDX
www.redchipventures.com 12
Client Engagement - Privacy
www.redchipventures.com
www.redchipventures.com
ISO 27001
13
Client Engagement – Business Approach
Consultant runs engagement.
Against a compliance use case
Software Tool finds the data
www.redchipventures.com 14
Privacy at the Edge
www.CloverDX.com
Protect the dataPseudonymize and limit access to the data to prevent its abuse.
Control the dataMonitor and execute individual’s rights requests.
DocumentAudit and report
noncompliance and breaches.
Map the dataUnderstand where the
sensitive data is stored and how it flows between
locations.
www.redchipventures.com 15www.CloverDX.com
• A centerpiece of the ability to comply with new individual rights
• Catalogue of the knowledge of sensitive data
• Expected places for potential occurrence in the future
• Value lookup with immediate answers
• Source data for the individual rights requests execution
• Audit for request execution
DB CSVFile
Source systems
Legal Processes
Laws
Data map Audit log
GDPR requirements
Analyze data contents
Retention and purposes
Data Map
www.redchipventures.com 16
Additional Information
www.redchipventures.com
www.redchipventures.com 17www.redchipventures.com
Sovereign Data and GDPR
GDPR. European Union’s GDPR (General Data Protection Regulation)is driving a deeper need to sort out how to manage personal data.Strategies are evolving, especially in the financial technology sector,to ensure the security of data, but also the management of business.
Data sovereignty. Data stored in a specific country needs to complywith the laws of said country. Information which has been convertedand stored in binary digital form is subject to the laws of the countryin which it is located.
www.redchipventures.com 18www.CloverDX.com
Individual Rights under GDPR
• The right to be informed (why, reasons, retention)
• The right of access (free-of-charge)
• The right to rectification (within one month)
• The right to erasure (to be forgotten)
• The right to restrict processing
• The right to data portability (export in CSV, XML, JSON, …)
• The right to object (unless balancing legitimate interests)
• Rights related to automated decision making and profiling
www.redchipventures.com 19
GDPR Stakeholders
www.redchipventures.com
www.redchipventures.com 20
GDPR Tenets
www.redchipventures.com
Assess Privacy
Conduct GDPR Assessments, assess and document GDPR related
policies
Assess data subject rights to consent, access, correct, delete, and
transfer personal data
Discover and classify personal data assets and affected systems
Identify access risks, supporting Privacy by Design
Assess Security
Assess security current state, identify gaps, benchmark maturity,
establish conformance roadmaps
Identify vulnerabilities, supporting Security by Design
Discover and classify personal data assets and affected systems to
design security controls
Design Privacy
Create GDPR remediation and implementation plan
Design policies, business processes and supporting technologies
Create GDPR reference architecture
Create security remediation and implementation plan
Security by Design
Create security reference architecture
Design technical and organizational measures to risk such as encryption,
pseudonimization, access control, monitoring and more
Transform Privacy
Implement and execute policies, processes and technologies
Automate data subject access requests
Transform Security
Implement privacy enhancing controls such as encryption, tokenization,
dynamic masking
Implement security controls; mitigate access risks and security
vulnerabilities
Operate Privacy
Manage GDPR data governance practices such as information lifecycle
governance
Manage GDPR enterprise compliance programs such as data use,
consent activities, data subject requests
Monitor personal data access
Govern roles and identities
Operate Security
Manage and security program practices such as risk assessment, roles
and responsibilities, program effectiveness
Monitor security operations and Intelligence: monitor, detect, respond to
and mitigate threats
Govern data incident response and forensics practices
Conform Privacy
Record personal data access audit trail including data subject rights to
access, modify, delete, transfer data
Run data processor/controller governance including providing processor
guidance, track data processing activities, provide audit trail, preparing
for data subject access requests
Document and manage compliance program: Ongoing monitoring,
assessment, evaluation and reporting of GDPR activities
Respond to and manage breaches
Conform Security
Demonstrate technical and organizational measures to ensure security
appropriate to processing risk
Document security program: Ongoing monitoring, assessment,
evaluation and reporting of security controls and activities
Respond to and manage breaches
www.redchipventures.com 21www.redchipventures.com
CCPA
RedChip: Business and Tech Leadership
22
Daniel Sexton, Founding PartnerDan has over 15 years of experience leading large-scale, technology solutions for Fortune 500 companies, such as Genuine Parts Company, CitiGroup, and Blue Cross Blue Shield. In addition, he has worked with a number of tech startups both as a founder and advisor. Prior to founding RedChip Ventures, Dan was a Managing Partner at a private investment fund for six years where he helped lead and manage investments in technology and product companies.
Peter Cresse, Founding PartnerPeter is a technology executive who has led commercial efforts for high-tech companies. At Fortune 50 firms such as GE, GTE, Scientific-Atlanta (Cisco) and Intelsat, Peter led revenue focused programs for innovative technology offers. For startups, Peter grew business in partnership with clients – streaming for Inlet (Cisco), data integration for CloverDX, and data visualization for the Entropy platform. Peter has deep international experience, visiting and doing business in over 50 countries worldwide, with assignments in London, Frankfurt, and Tokyo. He is also former Captain, USAF, where he directed space technology program funding.
RedChip Ventures, LLC, Atlanta, Georgia www.redchipventures.com