book

Data Privacy

by Nishant Bhajaria

February 2022

Intermediate to advanced

384 pages

12h 55m

English

Manning Publications

Read now

Unlock full access

forewordprefaceacknowledgmentsabout this bookWho should read this bookHow this book is organized: A roadmapAbout the codeliveBook discussion forumabout the authorabout the cover illustration
1.1 What is privacy?1.2 How data flows into and within your company1.3 Why privacy matters1.3.1 The fines are real1.3.2 Early-stage efficiency wins can cause late-stage privacy headaches1.3.3 Privacy investigations could be more than a speed bump1.3.4 Privacy process can unlock business opportunities: A real-life example1.4 Privacy: A mental model1.5 How privacy affects your business at a macro level1.5.1 Privacy and safety: The COVID edition1.5.2 Privacy and regulations: A cyclical process1.6 Privacy tech and tooling: Your options and your choices1.6.1 The “build vs. buy” question1.6.2 Third-party privacy tools: Do they really work and scale?1.6.3 The risks in buying third-party privacy tools1.7 What this book will not do1.8 How the role of engineers has changed, and how that has affected privacySummary
2.1 Privacy and what it entails2.1.1 Why privacy is hard2.1.2 Privacy engineering on the ground: What you have to accomplish2.1.3 Privacy, data systems, and policy enforcement2.2 This could be your company2.3 Data, your business growth strategy, and privacy2.4 Examples: When privacy is violated2.4.1 Equifax2.4.2 The Office of Personnel Management (OPM) breach2.4.3 LabCorp and Quest Diagnostics2.5 Privacy and the regulatory landscape2.5.1 How regulations impact your product and their users2.5.2 How your program should help prepare for changing privacy law2.6 Privacy and the user2.6.1 Becoming an American, and privacy2.6.2 Today’s users and their privacy concerns2.7 After building the tools comes the hard part: Building a program2.8 As you build a program, build a privacy-first cultureSummary

3.1 Data classification and customer context3.2 Why data classification is necessary3.2.1 Data classification as part of data governance3.2.2 Data classification: How it helps align priorities3.2.3 Industry benchmarking around data classification3.2.4 Unstructured data and governance3.2.5 Data classification as part of your maturity journey3.3 How you can implement data classification to improve privacy3.3.1 Data classification and access options3.3.2 Data classification, access management, and privacy: Example 13.3.3 Data classification, access management, and privacy: Example 23.4 How to classify data with a focus on privacy laws3.4.1 Data classification as an abstraction of privacy laws3.4.2 Data classification to resolve tension between interpretations of privacy laws3.5 The data classification process3.5.1 Working with cross-functional stakeholders on your data classification3.5.2 Formalizing and refactoring your data classification3.5.3 The data classification process: A Microsoft template3.6 Data classification: An exampleSummary
4.1 Data inventory: What it is and why you need it4.2 Machine-readable tags4.2.1 What are data inventory tags?4.2.2 Data inventory tags: A specific example4.3 Creating a baseline4.4 The technical architecture4.4.1 Structured and unstructured data4.4.2 Data inventory architectural capabilities4.4.3 Data inventory workflow4.5 Understanding the data4.5.1 The metadata definition process4.5.2 The metadata discovery process4.6 When should you start the data inventory process?4.6.1 Why is the data inventory process so hard?4.6.2 Data inventory: Sooner is better than later4.7 A data inventory is not a binary process4.7.1 Data inventory level 14.7.2 Data inventory level 24.7.3 Data inventory level 34.8 What does a successful data inventory process look like?4.8.1 Data inventory objective success metrics4.8.2 Data inventory subjective success metricsSummary
5.1 Data sharing: Why companies need to share data5.1.1 Data sharing: Taxicab companies5.1.2 Data sharing: Online advertising5.1.3 Privacy in advertising5.2 How to share data safely: Security as an ally of privacy5.2.1 Tracking President Trump5.2.2 Protecting data in motion5.2.3 Protecting data at rest5.3 Obfuscation techniques for privacy-safe data sharing5.3.1 Data sharing and US national security5.3.2 Data anonymization: The relationship between precision and retention5.3.3 Data anonymization: The relationship between precision and access5.3.4 Data anonymization: Mapping universal IDs to internal IDs5.4 Sharing internal IDs with third parties5.4.1 Use case 1: Minimal session (no linking of user activity is needed)5.4.2 Use case 2: Single session per dataset (linking of the same user’s activity within a dataset)5.4.3 Use case 3: Session spanning datasets (linking across datasets)5.4.4 Recovering pseudonymized values5.5 Measuring privacy impact5.5.1 K-anonymity5.5.2 L-diversity5.6 Privacy harms: This is not a drill5.6.1 Facebook and Cambridge Analytica5.6.2 Sharing data and weaknessesSummary
6.1 What are privacy reviews?6.1.1 The privacy impact assessment (PIA)6.1.2 The data protection impact assessment (DPIA)6.2 Implementing the legal privacy review process6.3 Making the case for a technical privacy review6.3.1 Timing and scope6.3.2 What the technical review covers that the legal review does not6.4 Integrating technical privacy reviews into the innovation pipeline6.4.1 Where does the technical privacy review belong?6.4.2 How to implement a technical privacy intake?6.5 Scaling the technical privacy review process6.5.1 Data sharing6.5.2 Machine-learning models6.6 Sample technical privacy reviews6.6.1 Messaging apps and engagement apps: Do they connect?6.6.2 Masks and contact tracingSummary
7.1 Why must a company delete data?7.2 What does a modern data collection architecture look like?7.2.1 Distributed architecture and microservices: How companies collect data7.2.2 How real-time data is stored and accessed7.2.3 Archival data storage7.2.4 Other data storage locations7.2.5 How data storage grows from collection to archival7.3 How the data collection architecture works7.4 Deleting account-level data: A starting point7.4.1 Account deletion: Building the tooling and process7.4.2 Scaling account deletion7.5 Deleting account-level data: Automation and scaling for distributed services7.5.1 Registering services and data fields for deletion7.5.2 Scheduling data deletion7.6 Sensitive data deletion7.7 Who should own data deletion?Summary
8.1 What are DSARs?8.1.1 What rights do DSAR regulations give to users?8.1.2 An overview of the DSAR request fulfillment process8.2 Setting up the DSAR process8.2.1 The key steps in creating a DSAR system8.2.2 Building a DSAR status dashboard8.3 DSAR automation, data structures, and data flows8.3.1 DSAR components8.3.2 Cuboids: A subset of DSAR data8.3.3 DSAR templates8.3.4 Data sources for DSAR templates8.4 Internal-facing screens and dashboardsSummary
9.1 Why consent management is important9.1.1 Consent management and privacy-related regulation9.1.2 Consent management and tech industry changes9.1.3 Consent management and your business9.2 A consent management platform9.3 A data schema model for consent management9.3.1 The entity relationships that help structure a CMP9.3.2 Entity relationship schemas: A CMP database9.4 Consent code: Objects9.4.1 API to check consent status9.4.2 API to retrieve disclosures9.4.3 API to update the consent status for a disclosure9.4.4 API to process multiple disclosures9.4.5 API to register with the consents service9.4.6 Useful definitions for the consents service9.5 Other useful capabilities in a CMP9.6 Integrating consent management into product workflowSummary
10.1 Protecting privacy by reducing the attack surface10.1.1 Managing the attack surface10.1.2 How testing can cause security and privacy risks10.1.3 An enterprise risk model for security and privacy10.2 Protecting privacy by managing perimeter access10.2.1 The Target breach10.2.2 MongoDB security weaknesses10.2.3 Authorization best practices10.2.4 Why continuous monitoring of accounts and credentials is important10.2.5 Remote work and privacy risk10.3 Protecting privacy by closing access-control gaps10.3.1 How an IDOR vulnerability works10.3.2 IDOR testing and mitigationSummary
11.1 A maturity model for privacy engineering11.1.1 Identification11.1.2 Protection11.1.3 Detection11.1.4 Remediation11.2 The privacy engineering domain and skills11.3 Privacy and the regulatory climateSummary

Content preview from Data Privacy

Part 3. Building tools and processes

This part will help engineers build point solutions using the data governance capabilities discussed earlier. Privacy engineering is aimed at delivering critical verifiable capabilities to customers of a platform. Many of these capabilities are technical incarnations of expectations put in place by regulations. This part will offer hands-on skills to help engineers meet these expectations.

Chapter 6 will help engineers set up a technical privacy review process to embed privacy as a technical feature for the company’s products and services.

Chapter 7 will walk through a detailed architecture for data deletion, thereby providing a service-based framework for data erasure. It covers data deletion ranging from ...