book

Data Privacy

by Nishant Bhajaria

February 2022

Intermediate to advanced

384 pages

12h 55m

English

Manning Publications

Read now

Unlock full access

forewordprefaceacknowledgmentsabout this bookWho should read this bookHow this book is organized: A roadmapAbout the codeliveBook discussion forumabout the authorabout the cover illustration
1.1 What is privacy?1.2 How data flows into and within your company1.3 Why privacy matters1.3.1 The fines are real1.3.2 Early-stage efficiency wins can cause late-stage privacy headaches1.3.3 Privacy investigations could be more than a speed bump1.3.4 Privacy process can unlock business opportunities: A real-life example1.4 Privacy: A mental model1.5 How privacy affects your business at a macro level1.5.1 Privacy and safety: The COVID edition1.5.2 Privacy and regulations: A cyclical process1.6 Privacy tech and tooling: Your options and your choices1.6.1 The “build vs. buy” question1.6.2 Third-party privacy tools: Do they really work and scale?1.6.3 The risks in buying third-party privacy tools1.7 What this book will not do1.8 How the role of engineers has changed, and how that has affected privacySummary
2.1 Privacy and what it entails2.1.1 Why privacy is hard2.1.2 Privacy engineering on the ground: What you have to accomplish2.1.3 Privacy, data systems, and policy enforcement2.2 This could be your company2.3 Data, your business growth strategy, and privacy2.4 Examples: When privacy is violated2.4.1 Equifax2.4.2 The Office of Personnel Management (OPM) breach2.4.3 LabCorp and Quest Diagnostics2.5 Privacy and the regulatory landscape2.5.1 How regulations impact your product and their users2.5.2 How your program should help prepare for changing privacy law2.6 Privacy and the user2.6.1 Becoming an American, and privacy2.6.2 Today’s users and their privacy concerns2.7 After building the tools comes the hard part: Building a program2.8 As you build a program, build a privacy-first cultureSummary

3.1 Data classification and customer context3.2 Why data classification is necessary3.2.1 Data classification as part of data governance3.2.2 Data classification: How it helps align priorities3.2.3 Industry benchmarking around data classification3.2.4 Unstructured data and governance3.2.5 Data classification as part of your maturity journey3.3 How you can implement data classification to improve privacy3.3.1 Data classification and access options3.3.2 Data classification, access management, and privacy: Example 13.3.3 Data classification, access management, and privacy: Example 23.4 How to classify data with a focus on privacy laws3.4.1 Data classification as an abstraction of privacy laws3.4.2 Data classification to resolve tension between interpretations of privacy laws3.5 The data classification process3.5.1 Working with cross-functional stakeholders on your data classification3.5.2 Formalizing and refactoring your data classification3.5.3 The data classification process: A Microsoft template3.6 Data classification: An exampleSummary
4.1 Data inventory: What it is and why you need it4.2 Machine-readable tags4.2.1 What are data inventory tags?4.2.2 Data inventory tags: A specific example4.3 Creating a baseline4.4 The technical architecture4.4.1 Structured and unstructured data4.4.2 Data inventory architectural capabilities4.4.3 Data inventory workflow4.5 Understanding the data4.5.1 The metadata definition process4.5.2 The metadata discovery process4.6 When should you start the data inventory process?4.6.1 Why is the data inventory process so hard?4.6.2 Data inventory: Sooner is better than later4.7 A data inventory is not a binary process4.7.1 Data inventory level 14.7.2 Data inventory level 24.7.3 Data inventory level 34.8 What does a successful data inventory process look like?4.8.1 Data inventory objective success metrics4.8.2 Data inventory subjective success metricsSummary
5.1 Data sharing: Why companies need to share data5.1.1 Data sharing: Taxicab companies5.1.2 Data sharing: Online advertising5.1.3 Privacy in advertising5.2 How to share data safely: Security as an ally of privacy5.2.1 Tracking President Trump5.2.2 Protecting data in motion5.2.3 Protecting data at rest5.3 Obfuscation techniques for privacy-safe data sharing5.3.1 Data sharing and US national security5.3.2 Data anonymization: The relationship between precision and retention5.3.3 Data anonymization: The relationship between precision and access5.3.4 Data anonymization: Mapping universal IDs to internal IDs5.4 Sharing internal IDs with third parties5.4.1 Use case 1: Minimal session (no linking of user activity is needed)5.4.2 Use case 2: Single session per dataset (linking of the same user’s activity within a dataset)5.4.3 Use case 3: Session spanning datasets (linking across datasets)5.4.4 Recovering pseudonymized values5.5 Measuring privacy impact5.5.1 K-anonymity5.5.2 L-diversity5.6 Privacy harms: This is not a drill5.6.1 Facebook and Cambridge Analytica5.6.2 Sharing data and weaknessesSummary
6.1 What are privacy reviews?6.1.1 The privacy impact assessment (PIA)6.1.2 The data protection impact assessment (DPIA)6.2 Implementing the legal privacy review process6.3 Making the case for a technical privacy review6.3.1 Timing and scope6.3.2 What the technical review covers that the legal review does not6.4 Integrating technical privacy reviews into the innovation pipeline6.4.1 Where does the technical privacy review belong?6.4.2 How to implement a technical privacy intake?6.5 Scaling the technical privacy review process6.5.1 Data sharing6.5.2 Machine-learning models6.6 Sample technical privacy reviews6.6.1 Messaging apps and engagement apps: Do they connect?6.6.2 Masks and contact tracingSummary
7.1 Why must a company delete data?7.2 What does a modern data collection architecture look like?7.2.1 Distributed architecture and microservices: How companies collect data7.2.2 How real-time data is stored and accessed7.2.3 Archival data storage7.2.4 Other data storage locations7.2.5 How data storage grows from collection to archival7.3 How the data collection architecture works7.4 Deleting account-level data: A starting point7.4.1 Account deletion: Building the tooling and process7.4.2 Scaling account deletion7.5 Deleting account-level data: Automation and scaling for distributed services7.5.1 Registering services and data fields for deletion7.5.2 Scheduling data deletion7.6 Sensitive data deletion7.7 Who should own data deletion?Summary
8.1 What are DSARs?8.1.1 What rights do DSAR regulations give to users?8.1.2 An overview of the DSAR request fulfillment process8.2 Setting up the DSAR process8.2.1 The key steps in creating a DSAR system8.2.2 Building a DSAR status dashboard8.3 DSAR automation, data structures, and data flows8.3.1 DSAR components8.3.2 Cuboids: A subset of DSAR data8.3.3 DSAR templates8.3.4 Data sources for DSAR templates8.4 Internal-facing screens and dashboardsSummary
9.1 Why consent management is important9.1.1 Consent management and privacy-related regulation9.1.2 Consent management and tech industry changes9.1.3 Consent management and your business9.2 A consent management platform9.3 A data schema model for consent management9.3.1 The entity relationships that help structure a CMP9.3.2 Entity relationship schemas: A CMP database9.4 Consent code: Objects9.4.1 API to check consent status9.4.2 API to retrieve disclosures9.4.3 API to update the consent status for a disclosure9.4.4 API to process multiple disclosures9.4.5 API to register with the consents service9.4.6 Useful definitions for the consents service9.5 Other useful capabilities in a CMP9.6 Integrating consent management into product workflowSummary
10.1 Protecting privacy by reducing the attack surface10.1.1 Managing the attack surface10.1.2 How testing can cause security and privacy risks10.1.3 An enterprise risk model for security and privacy10.2 Protecting privacy by managing perimeter access10.2.1 The Target breach10.2.2 MongoDB security weaknesses10.2.3 Authorization best practices10.2.4 Why continuous monitoring of accounts and credentials is important10.2.5 Remote work and privacy risk10.3 Protecting privacy by closing access-control gaps10.3.1 How an IDOR vulnerability works10.3.2 IDOR testing and mitigationSummary
11.1 A maturity model for privacy engineering11.1.1 Identification11.1.2 Protection11.1.3 Detection11.1.4 Remediation11.2 The privacy engineering domain and skills11.3 Privacy and the regulatory climateSummary

Overview

Engineer privacy into your systems with these hands-on techniques for data governance, legal compliance, and surviving security audits.

In Data Privacy you will learn how to:

Classify data based on privacy risk
Build technical tools to catalog and discover data in your systems
Share data with technical privacy controls to measure reidentification risk
Implement technical privacy architectures to delete data
Set up technical capabilities for data export to meet legal requirements like Data Subject Asset Requests (DSAR)
Establish a technical privacy review process to help accelerate the legal Privacy Impact Assessment (PIA)
Design a Consent Management Platform (CMP) to capture user consent
Implement security tooling to help optimize privacy
Build a holistic program that will get support and funding from the C-Level and board

Data Privacy teaches you to design, develop, and measure the effectiveness of privacy programs. You’ll learn from author Nishant Bhajaria, an industry-renowned expert who has overseen privacy at Google, Netflix, and Uber. The terminology and legal requirements of privacy are all explained in clear, jargon-free language. The book’s constant awareness of business requirements will help you balance trade-offs, and ensure your user’s privacy can be improved without spiraling time and resource costs.

About the Technology
Data privacy is essential for any business. Data breaches, vague policies, and poor communication all erode a user’s trust in your applications. You may also face substantial legal consequences for failing to protect user data. Fortunately, there are clear practices and guidelines to keep your data secure and your users happy.

About the Book
Data Privacy: A runbook for engineers teaches you how to navigate the trade-offs between strict data security and real world business needs. In this practical book, you’ll learn how to design and implement privacy programs that are easy to scale and automate. There’s no bureaucratic process—just workable solutions and smart repurposing of existing security tools to help set and achieve your privacy goals.

What's Inside

Classify data based on privacy risk
Set up capabilities for data export that meet legal requirements
Establish a review process to accelerate privacy impact assessment
Design a consent management platform to capture user consent

About the Reader
For engineers and business leaders looking to deliver better privacy.

About the Author
Nishant Bhajaria leads the Technical Privacy and Strategy teams for Uber. His previous roles include head of privacy engineering at Netflix, and data security and privacy at Google.

Quotes
I wish I had had this text in 2015 or 2016 at Netflix, and it would have been very helpful in 2008–2012 in a time of significant architectural evolution of our technology.
- From the Foreword by Neil Hunt, Former CPO, Netflix

Your guide to building privacy into the fabric of your organization.
- John Tyler, JPMorgan Chase

The most comprehensive resource you can find about privacy.
- Diego Casella, InvestSuite

Offers some valuable insights and direction for enterprises looking to improve the privacy of their data.
- Peter White, Charles Sturt University