SESSION ID: HUM-R02 Privacy By Designs Lessons From Beyoncé Ayana Miller Technical Program Manager, Privacy & Data Governance Pinterest #RSA C #RSAC Agenda • To the Left, To the Left. All The Data That You Own in a Portal to the Left: The Ramifications of the Privacy Landscape for Privacy Engineers • Flawless: Mini Privacy by Design Lessons from Beyoncé – Formation – Irreplaceable – Upgrade U • Check On It: What Would Beyoncé Do? • Me, Myself, and I: What Will YOU Do? 2 #RSAC To The Left, To The Left, All The Data That You Own In The Portal To The Left The Ramifications of the Privacy Landscape for Privacy Engineers As consumers, we enjoy the democratization of technology, but we don’t always consider the costs associated with data collection and sharing. #RSAC What Does Beyoncé Have To Do With PbD? • Bake policies into the release cycle and SDLC • Encrypt, aggregate, and obfuscate • Yoyo-ing is a no • Operationalize tooling • Narrow (define clearly) or negotiate • Classify data, systems, and processes • Éxpect the unexpected 5 #RSAC Bake Policies Into Release Eng and SDLC 6 #RSAC #RSAC Encrypt & Aggregate 7 #RSAC Yo Yo-ing Is a No 8 #RSAC Operationalize 9 #RSAC Narrow 10 #RSAC Classify 11 Expect the Unexpected 12 #RSAC #RSAC Flawless Mini Privacy by Design Lessons from Beyonce #RSAC Formation The Value of Governance, Risk & Compliance Engineering Frameworks for Driving Decision-Making • Structure – Identifies commonalities between compliance areas – Drives down work costs • Re-Use – Can be used for new projects and program without the need to re-invitent each time • Common Language – Provides common language for discussion – Allows teams to focus on content rather than structure • Accountability – Enables us to have a framework for discussing roles and responsibilities – Drives clear accountability based on role & responsibility • Strategic Planning & Resourcing – Enables a high level view of resource tracking across projects – Can project future resource needs based on past program performance 14 #RSAC Formation The Value of Governance, Risk & Compliance Engineering Frameworks for Driving Decision-Making 15 #RSAC Formation The Value of Governance, Risk & Compliance Engineering Frameworks for Driving Decision-Making • Key cross-functional reps: legal, security, privacy, IT, and product • Goals: – Make progress on company-wide decision-making, re: data handling • Deal review process collaboration and WG inputs • Set agenda for H2 planning; drive company-level OKRs • Progress vendor reviews – Determine strategy and timing for processing/collection for specific data types • Non-Goals: • Reviewing details of implementations • Detailed reviews of architecture • Detailed product reviews 16 #RSAC Irreplaceable Delivering amazing experiences through champions 17 #RSAC Upgrade U Enhance Your Privacy Products & Services 18 #RSAC Check On It What Would Beyonce Do? #RSAC 20