this is your presentation title€¦ · 4 massive data production idc data age 2025 report o 175...

PrivacyProtecting Data and the Individual

Peter CressePartner, RedChip Ventures

www.redchipventures.com 2

Privacy in the digital age

Privacy is the empowered act of boundary-setting that allows people and organizations to decide who can access which data about me and for what purpose.

We have become the data we own and create.

Most of your data is on your phone


We are now virtual humans, working remotely and managing large sets of data from the internet, storage on the pc, and on our mobile devices.

We use open, semi-secure and secure transport to shift and represent our digital selves; to create personal brand and value.

We ultimately balance three areas all at once – speed, access and privacy – over our domain.

Now. To consider privacy, we must first decide on what we most value.

Peter CressePartner, RedChip Ventures

What is the best way to balancespeed and access to our own data?


Massive Data Production

IDC Data Age 2025 Reporto 175 zettabytes (175 trillion gigabytes)

o 10 times the 2016 amounto IoT devices: 90 zettabyteso 25B devices

Examples (data/day)o Smart factory: 5 petabytes of videoo Smart city: 200 petabyteso Facial recognition: 1 petabyte in systemo Autonomous vehicle: 4 terabytes per AV (200M vehicles)o Aircraft engine hour: 20 terabytes (25,000 flights/day)o 5G: 1/3 of globe coverage in 2025

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwiFo7eWpvbTAhUHs1QKHcOxAlgQjRwIBw&url=http://www.whitingcorp.com/&psig=AFQjCNGNQmo4fp7R5Yda6L7ssTxZ3b8urQ&ust=1495088834479369




Core and Edge

EDGEDecentralized: Low latency, device diversity, closer to user

Sensors/Actuators

Private

AWS

Azure

CORECentralized: compute, storage, and governance. Resources on demand.

Private

AWS

Azure

Company Data Assets Core

www.redchipventures.com





Privacy Goals

Private

AWS

Azure

Sensors/Actuators

PrivacyData must be found, managed, and shown to be compliant

• Data center

• Teleport

• Gateway

• Edge Server

• Fog

• MEC

Network

Core






Privacy: Personal Data is Massive

Private

AWS

Azure

Sensors/Actuators

Personal Data

• Data center

• Teleport

• Gateway

• Edge Server

• Fog

• MEC

Network

Core






Privacy: Where is the Data?

Data is all over the place

• Data center

• Cloud

• Transit



Privacy: Three Stakeholders

You

• Data center

• Cloud

• Transit


Organization

Government


Privacy: Business Opportunity

• Data center

• Cloud

• Transit


OrganizationHelp them comply to avoid cost and fines


Privacy: What is the Most Difficult Part?

Answer:Finding the data.

Using automation to find where personal data exists.

Providing audit and logs to prove.

CloverDX


Client Engagement - Privacy



ISO 27001

13

Client Engagement – Business Approach

Consultant runs engagement.

Against a compliance use case

Software Tool finds the data


Privacy at the Edge

www.CloverDX.com

Protect the dataPseudonymize and limit access to the data to prevent its abuse.

Control the dataMonitor and execute individual’s rights requests.

DocumentAudit and report

noncompliance and breaches.

Map the dataUnderstand where the

sensitive data is stored and how it flows between

locations.

www.redchipventures.com 15www.CloverDX.com

• A centerpiece of the ability to comply with new individual rights

• Catalogue of the knowledge of sensitive data

• Expected places for potential occurrence in the future

• Value lookup with immediate answers

• Source data for the individual rights requests execution

• Audit for request execution

DB CSVFile

Source systems

Legal Processes

Laws

Data map Audit log

GDPR requirements

Analyze data contents

Retention and purposes

Data Map


Additional Information


www.redchipventures.com 17www.redchipventures.com

Sovereign Data and GDPR

GDPR. European Union’s GDPR (General Data Protection Regulation)is driving a deeper need to sort out how to manage personal data.Strategies are evolving, especially in the financial technology sector,to ensure the security of data, but also the management of business.

Data sovereignty. Data stored in a specific country needs to complywith the laws of said country. Information which has been convertedand stored in binary digital form is subject to the laws of the countryin which it is located.

www.redchipventures.com 18www.CloverDX.com

Individual Rights under GDPR

• The right to be informed (why, reasons, retention)

• The right of access (free-of-charge)

• The right to rectification (within one month)

• The right to erasure (to be forgotten)

• The right to restrict processing

• The right to data portability (export in CSV, XML, JSON, …)

• The right to object (unless balancing legitimate interests)

• Rights related to automated decision making and profiling


GDPR Stakeholders



GDPR Tenets


Assess Privacy

Conduct GDPR Assessments, assess and document GDPR related

policies

Assess data subject rights to consent, access, correct, delete, and

transfer personal data

Discover and classify personal data assets and affected systems

Identify access risks, supporting Privacy by Design

Assess Security

Assess security current state, identify gaps, benchmark maturity,

establish conformance roadmaps

Identify vulnerabilities, supporting Security by Design

Discover and classify personal data assets and affected systems to

design security controls

Design Privacy

Create GDPR remediation and implementation plan

Design policies, business processes and supporting technologies

Create GDPR reference architecture

Create security remediation and implementation plan

Security by Design

Create security reference architecture

Design technical and organizational measures to risk such as encryption,

pseudonimization, access control, monitoring and more

Transform Privacy

Implement and execute policies, processes and technologies

Automate data subject access requests

Transform Security

Implement privacy enhancing controls such as encryption, tokenization,

dynamic masking

Implement security controls; mitigate access risks and security

vulnerabilities

Operate Privacy

Manage GDPR data governance practices such as information lifecycle

governance

Manage GDPR enterprise compliance programs such as data use,

consent activities, data subject requests

Monitor personal data access

Govern roles and identities

Operate Security

Manage and security program practices such as risk assessment, roles

and responsibilities, program effectiveness

Monitor security operations and Intelligence: monitor, detect, respond to

and mitigate threats

Govern data incident response and forensics practices

Conform Privacy

Record personal data access audit trail including data subject rights to

access, modify, delete, transfer data

Run data processor/controller governance including providing processor

guidance, track data processing activities, provide audit trail, preparing

for data subject access requests

Document and manage compliance program: Ongoing monitoring,

assessment, evaluation and reporting of GDPR activities

Respond to and manage breaches

Conform Security

Demonstrate technical and organizational measures to ensure security

appropriate to processing risk

Document security program: Ongoing monitoring, assessment,

evaluation and reporting of security controls and activities

Respond to and manage breaches

www.redchipventures.com 21www.redchipventures.com

CCPA

RedChip: Business and Tech Leadership

22

Daniel Sexton, Founding PartnerDan has over 15 years of experience leading large-scale, technology solutions for Fortune 500 companies, such as Genuine Parts Company, CitiGroup, and Blue Cross Blue Shield. In addition, he has worked with a number of tech startups both as a founder and advisor. Prior to founding RedChip Ventures, Dan was a Managing Partner at a private investment fund for six years where he helped lead and manage investments in technology and product companies.

Peter Cresse, Founding PartnerPeter is a technology executive who has led commercial efforts for high-tech companies. At Fortune 50 firms such as GE, GTE, Scientific-Atlanta (Cisco) and Intelsat, Peter led revenue focused programs for innovative technology offers. For startups, Peter grew business in partnership with clients – streaming for Inlet (Cisco), data integration for CloverDX, and data visualization for the Entropy platform. Peter has deep international experience, visiting and doing business in over 50 countries worldwide, with assignments in London, Frankfurt, and Tokyo. He is also former Captain, USAF, where he directed space technology program funding.

RedChip Ventures, LLC, Atlanta, Georgia www.redchipventures.com

this is your presentation title€¦ · 4 massive data production idc data age 2025 report o 175...

Documents