Ethyca launched its privacy engineering meetup, P.x, where Fides Slack Community members met and interacted with the Fides developer team. Two of our Senior Software Engineers, Dawn and Steve, gave presentations and demos on the importance of data minimization, and how Fides can make data minimization easier for teams. Here, we’ll recap the three main points of discussion.
Our session started with an overview of data minimization from Dawn Pattison, one of Ethyca’s Senior Software Engineers. Data minimization is the practice of only collecting data that fulfills a specific business purpose. Dawn explained that data minimization is one of the best ways for organizations to proactively protect their customers from privacy risks. Simply put, you can’t mistreat users’ data if you don’t have it in the first place.
Dawn showed multiple real-life examples of businesses that have failed to abide by the principles of data minimization – it’s actually a common reason for privacy fines to be levied, particularly in Europe. These businesses ended up paying fines from hundreds of thousands, to hundreds of millions of dollars. Now that more privacy laws are being passed, like the EU’s GDPR, California’s CCPA, and other privacy laws, companies face stricter consequences if their data practices are non-compliant. Data minimization will not only protect your users’ data rights, it will also protect your business from the possibility of incurring a steep fine.
Referencing The Little Blue Book of Privacy Design Strategies, Dawn briefly described four data minimization tactics. She used an example of a bookstore’s order form to illustrate these principles:
In this example, if a business ships books to customers, it should only collect the most necessary information, like their name, address, email, and phone number, and exclude all unnecessary data, such as their social security number. Even when ingesting, the bookstore can strip all unneeded personally identifiable information (PII) for a given task, for example by masking the customers’ full address when verifying the details of their credit card. Finally, the bookstore should destroy all of the customer’s data once it becomes irrelevant, including backups.
Implementing these four data minimization principles will help your business treat user data more purposefully and intentionally. As Dawn said at the beginning, data can’t be misused if it’s not in your possession in the first place. Data minimization will help ensure that your business can treat its customers’ data with respect.
After Dawn summarized the benefits of data minimization, our other Senior Software Engineer, Steve Murphy, demonstrated how the Fides platform can help teams implement the above tactics. Steve modeled an example data warehouse in a repo to demonstrate some of the data challenges teams tend to face.
Lastly, we wanted to give our community members the opportunity to ask our engineers questions about privacy engineering and their experience with the Fides platform.
One topic that was raised during the conversation was the challenges that come with being able to accurately identify Fides data qualifiers at scale. Accurately selecting the data qualifier level can be a difficult process, especially when faced with a large database that may have a myriad of records in different states. Currently, if using the generate command, the data qualifier defaults to the “identified” end of the spectrum.
Steve and the engineering team provided some helpful suggestions to improve the community members’ ability to accurately tag data qualifiers, and raised a Github issue for further examination. It was great to be able to hear the experience of Fides users firsthand and facilitate their ability to deliver respectful experiences to users at scale!
We were delighted to meet and speak with everyone who showed up at our event! It was a great opportunity to interact with our community members and hear about their experiences implementing data minimization into their privacy programs. We’d like to give a huge thank you to all of the participants for joining, as well as extend our gratitude to our Senior Software Engineers Dawn Pattison and Steve Murphy for leading the session.
If you’d like to participate in the coming sessions, join our Fides Slack Community. We plan on hosting P.x on a monthly basis to create an opportunity for ongoing community interaction. PS: you could also win some sweet Privacy swag if you post an introduction on the Fides Slack #intros channel!
Ethyca’s VP of Engineering Neville Samuell recently spoke at the University of Texas at Austin’s Texas McCombs School of Business about privacy engineering and its role in today’s digital landscape. Read a summary of the discussion by Neville himself here.
Learn more about all of the updates in the Fides 2.24 release here.
Ethyca’s Senior Software Engineer Adam Sachs goes through the thought process of creating Fideslang, the privacy engineering taxonomy that standardizes privacy compliance in software development.
Learn more about all of the updates in the Fides 2.23 release here.
Our Senior Software Engineer Dawn Pattison walks you through implementing data minimization into your business.
Learn more about all of the updates in the Fides 2.22 release here.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!Request a Demo