What/How Does Privacy Affect My Job?
Posted on

Change is constant in the technology sector, and professionals working in tech are continuously called on to integrate new processes and ways of thinking to stay abreast of their field. A case in point is privacy. If you entered the workforce a decade ago in any number of tech-related tracks, privacy and processes to protect may have been a topic of passing interest. But with the emergence of the GDPR, the CCPA, and other landmark pieces of legislation, privacy concerns have become a pivotal part of development space and beyond. This article provides a quick-hit synopsis of how different roles in technology organizations are impacted by renewed focus on user privacy in jurisdictions all over the world.

DevOps:

Teams must now incorporate privacy considerations into the development process while trying to balance ongoing pressures for speed and agility. The SANS institute suggests a number of best practices that DevOps teams can use to stay privacy compliant while working efficiently. Here are the most crucial:

  • Streamlined Access Control: Business processes and systems must ensure only authorized users can access sensitive information. Session management tools like tokens and timeouts should be used to protect against unwanted access.
  • Error Handling and logging: DevOps teams must store data logs securely and track all administrative activity, plus all inbound and outbound data processing activities.
  • Continuous Integration: DevOps teams should build authentication, password management and other security features into code, and incorporate automated security scanning into the delivery process.

UX:

The key principle that has emerged in the UX space is “privacy by design.” this principle was developed in the 1990s by Dr. Ann Cavoukian, and contains seven principles that set out the way that privacy features can be embedded into the very fabric of a software product. The framers of the GDPR had such regard for Dr. Cavoukian’s work that they made “privacy by design” a key tenet of their legislation. Below are the seven principles of privacy by design that UX professionals most now incorporate into their work:

  • Proactive not reactive: preventative not remedial
  • Privacy as the default setting
  • Privacy embedded into design
  • Full functionality: positive-sum, not zero-sum
  • End-to-end security: full lifecycle protection
  • Visibility and transparency: keep it open
  • Respect for user privacy: keep it user-centric

Product:

Product managers have more responsibility than most for ensuring that their organization heeds new privacy regulation. They’re ultimately responsible for product quality, and if that product is running in a non-compliant way, it’s in essence a defective product. Fortunately, product managers have resources across the organization to help ensure that they’re staying up-to-date with privacy reform. In her guide to GDPR mastery for Product Managers, Karen Cohen runs through a set of organizational processes that should be employed to protect from privacy violations:

  • Work closely with legal teams: it’s their responsibility to understand the regulations and how they might impact your product. It’s the product manager’s job to translate their opinions into actionable steps for different stakeholders in the business.
  • Research and Compare: domain knowledge is important. So is competitor research. How are other businesses in your sector handling information access requests? What do their opt-in and opt-outs look like on site? These are breadcrumbs your business can follow on a path to privacy success.
  • Establish clear ownership: If you have a big complicated product, it’s impossible for a single person to have granular privacy oversight throughout the system. That’s why it’s important for product managers to establish clear roles and areas of ownership, including a structure of command to help support the activities of the GDPR-mandated Data Protection Officer. Building this company infrastructure from scratch is undoubtedly a challenge, but in the long-term this purposeful delegation will beat ad-hoc process every time, and leave your business less vulnerable to breaches and violations.

This Article is Republished from our Privacy Magazine – To read more, visit Privacy.dev

Trust in Data & Technology
Posted on

We’re extremely excited to share Ethyca with the world (well, those reading this). Over a year ago, we started to work quietly on an engineering problem that is painful for developer teams everywhere and at the same time vital for the safety of every user of internet and data powered businesses.

Everyone is talking about data privacy, breaches, system safety/integrity and regulation. Mostly this is articulated by businesses as a fear of fines with the knee jerk reaction being to find a quick ‘bandaid’ to avoid the risk. We found this disappointing on two fronts:

  1. As developers, the friction introduced in CI/CD and the additional human overhead needed to manage data privacy is Sisyphean without any tangible improvement in the end user’s data safety. 
  2. As people who work in technology, we found it disappointing that our talented industry, particularly those companies that have seen ‘hockey stick’ growth curves on their user bases and untold financial gain are not taking their users needs more directly to heart.

We believe there has to be a better way. One that minimizes friction for developer and product teams while maximizing the privacy controls in place around user data. We also believe the solution to better user privacy is not just regulations but code. 

Our mission at Ethyca is to increase trust in internet and data-driven businesses. Benefiting developer teams and end users equally.

Our team of engineers, product designers and data privacy specialists have been working for over a year to disassemble and interpret privacy regulations in Europe (GDPR), for California (CCPA), Brazil (LGPD) and the many draft privacy regulations that are in review globally, to create infrastructure and elegant abstractions that manage privacy requirements as code that easily integrates with your existing tech stack.

We’re excited to invite our first Beta Developer teams and Pilot Customers to trial two version of our infrastructure and eager to get your collective feedback. We’re confident we already have the most comprehensive technology solution to data privacy but we’ll continue to iterate and improve rapidly in the coming months and years.

With Ethyca, you can trust in data.

– Team Ethyca

A guide to CCPA, aka California Privacy Law
Posted on
A guide to CCPA, aka California Privacy Law

INTRODUCTION: WHAT IS THE CCPA?

The California Consumer Privacy Act will come into effect on January 1, 2020, and this fact may have a big impact on your business. California is the crown jewel in the United States economy – if it were a standalone country its $2.7 trillion GDP would be the fifth largest in the world, sitting ahead of the United Kingdom. This, combined with the state’s status as an incubator for tech innovation and consumer culture, gives it an outsized importance for all kinds of businesses operating at local, national, and multinational levels.

Put simply, any enterprise that reaches a certain scale will now be forced to contend with the CCPA, and it’s likely other states will soon follow suit with similar legislative pieces of their own- California has long been a bellwether for US-wide tech legislation. This article is a piece-by-piece examination of the CCPA and an analysis of its business impact, with particular attention given to the consequences for Small-to-Medium Enterprise (SME)’s data management, systems, and practices. By conclusion it should be clear that the CCPA is nothing to fear for management and development teams that are proactive and thoughtful in adapting to its prescriptions. For those that don’t use the appropriate amount of care, the consequences can be severe.

Continue reading “A guide to CCPA, aka California Privacy Law”