Partially Redacted: Data Privacy, Security & Compliance
Partially Redacted brings together experts on engineering, architecture, privacy, data, and security to share knowledge, best practices, and real world experiences – all to help you better understand how to use, manage, and protect sensitive customer data. Each episode provides an in-depth conversation with an industry expert who dives into their background and experience working in data privacy. They’ll share practical advice and insights about the techniques, tools, and technologies that every company – and every technology professional – should know about. Learn from an amazing array of founders, engineers, architects, and leaders in the privacy space. Subscribe to the podcast and join the...
Engineering for Data Privacy: Navigating Infrastructure, Security, and Compliance with Skyflow’s Roshmik Saha
In this episode Roshmik Saha, Head of Engineering at Skyflow, dives into the fascinating realm of data privacy and security solutions. Whether you're considering building your own privacy solution or seeking insights into the infrastructure requirements for handling credit card data securely, this episode has you covered. One important aspect that often goes underestimated is the maintenance costs associated with data privacy solutions. Roshmik emphasizes the significance of factoring in long-term maintenance expenses, as these solutions require ongoing updates, monitoring, …
Canadian Data Privacy Regulations and History with nNovation’s Constantine Karbaliotis
In this episode, Constantine Karbaliotis from nNovation, a certified privacy professional with a wealth of experience in the field of privacy and data protection joins the show. Constantine has served as a privacy officer for two multinational corporations, and now serves multiple organizations as a privacy advisor. Constantine is well-versed in a range of privacy program management areas, including policy development, implementing PIA/PbD programs, vendor privacy management, breach management and response, addressing notice, consent, and data subject rights issues, as …
Understanding SOC-2 Compliance and Achieving It with Skyflow’s Daniel Wong
In today's digital age, data privacy and security have become critical concerns for companies of all sizes. One way for companies to demonstrate their commitment to protecting customer data is by achieving SOC-2 compliance. But what exactly is SOC-2, and how can companies achieve it? To answer these questions, Daniel Wong, Head of Security and Compliance at Skyflow, joins the show to share his insights into SOC-2 compliance and the steps companies can take to achieve it. Throughout the interview, …
Data Access Control with lakeFS’s Adi Polak
Data access control is becoming increasingly important as more and more sensitive data is being stored and processed by businesses and organizations. In this episode, the VP of Developer Experience at lakeFS, Adi Polak, joins to help define data access control and give examples of sensitive data that requires access control. Adi also talks about the concept of role-based access control (RBAC), which differs from traditional access control methods and provides several advantages. The steps involved in implementing RBAC are …
The Ever Changing Privacy Landscape with Robert Bateman
Europe has seen a significant evolution in privacy regulation over the past decade, with the introduction of the EU's General Data Protection Regulation (GDPR) in 2018 being a significant milestone. The GDPR establishes a comprehensive framework for protecting personal data and gives individuals greater control over how their data is collected, processed, and used. The impact of these privacy regulations on businesses has been significant. Companies that operate in the EU or process EU citizens' data must comply with the …
Introduction to Zero Trust Infrastructure with Hashicorp’s Rosemary Wang
Zero trust infrastructure is an approach to security that requires all users, devices, and services to be authenticated and authorized before being granted access to resources. Unlike traditional security models that assume everything inside the network is trusted, zero trust assumes that all traffic is untrusted. In today's world, where cyber threats are becoming increasingly sophisticated, Zero trust infrastructure is crucial for protecting sensitive data and preventing unauthorized access. Hashicorp is a company that provides a suite of tools for …
Data Deletion and Mapping via a Data Privacy Vault with Lisa Nee and Robert Duffy
The privacy landscape is changing. There is increasing consumer awareness and concern over the use of their personal data and there’s an ever growing list of privacy regulations that companies need to navigate. Regulations like GDPR, CCPA, and others carry stiff fines for companies that fail to comply with data deletion requests. However, actually being able to delete someone’s information from an existing system is more complicated than you might expect. Large systems have been developed over many years ignoring …
Privacy Threat Modeling with DoorDash’s Nandita Rao Narla
Privacy threat modeling is a structured approach to identifying and assessing potential privacy risks associated with a particular system, application, or process. It involves analyzing how personal data flows through a system, identifying potential vulnerabilities or weaknesses, and evaluating the potential consequences of a privacy breach. The goal of privacy threat modeling is to identify and prioritize potential privacy risks and to develop effective strategies for mitigating those risks. This process involves considering various aspects of the system or process …
Privacy-aware Data Pipelines with Skyflow’s Piper Keyes
A data analytics pipeline is important to modern businesses because it allows them to extract valuable insights from the large amounts of data they generate and collect on a daily basis. This leads to better decision making, improved efficiency, and increased ROI. However, despite your best efforts, sensitive customer data tends to find its way into our analytics pipelines, ending up in our data warehouses and metrics dashboards. Replicating customer PII to your downstream services greatly increases your compliance scope …
Ingesting and Processing Government Data with Merit’s Charlie Summers
Merit’s verified identity platform brings visibility, liquidity, and trust to people-data, giving organizations the clarity to make better-informed decisions, engage with individuals effectively, and pursue their mission efficiently. Merit works with trusted private, state, and municipal organizations to solve critical real-world problems in sectors such as workforce development, emergency services, licensing, education, and defense readiness. Merit ingests and processes highly sensitive data from a variety of government agencies. Privacy and security are of the utmost importance, but they must also …