S2E18: Making Digital Contact Cards Private, Shareable & Updatable with Brad Dominy (Neucards)

In this week's episode, I sat down with Jake Ottenwaelder,  Principal Privacy Engineer at Integrative Privacy LLC. Throughout our conversation, we discuss Jake’s holistic approach to privacy implementation that considers business, engineering, and personal objectives, as well as the role of anonymization, consent management, and DSAR processes for greater privacy. 

Jake believes privacy implementation must account for the interconnectedness of privacy technologies and human interactions. He highlights what a successful implementation looks like and the negative consequences when done poorly. We also dive into the challenges of implementing privacy in fast-paced, engineering-driven organizations. We talk about the complexities of anonymizing data (a very high bar) and he offers valuable suggestions and strategies for achieving anonymity while making the necessary resources more accessible. Plus, Jake shares his advice for organizational leaders to see themselves as servant-leaders, leaving a positive legacy in the field of privacy. 

Topics Covered: 

• What inspired Jake’s initial shift from security engineering to privacy engineering, with a focus on privacy implementation
• How Jake's previous role at Axon helped him shift his mindset to privacy
• Jake’s holistic approach to implementing privacy 
• The qualities of a successful implementation and the consequences of an unsuccessful implementation
• The challenges of implementing privacy in large organizations 
• Common blockers to the deployment of anonymization
• Jake’s perspective on using differential privacy techniques to achieve anonymity
• Common blockers to implementing consent management capabilities
• The importance of understanding data flow & lineage, and auditing data deletion 
• Holistic approaches to implementing a streamlined and compliant DSAR process with minimal business disruption 
• Why Jake believes it's important to maintain a servant-leader mindset in privacy

Guest Info: 

• Connect with Jake on LinkedIn
• Integrative Privacy LLC

Privado.ai
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.

TRU Staffing Partners
Top privacy talent - when you need it, where you need it.

Shifting Privacy Left Media
Where privacy engineers gather, share, & learn

Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Copyright © 2022 - 2023 Principled LLC. All rights reserved.

In this week's episode, I am joined by Steve Tout, Practice Lead at Integrated Solutions Group (ISG) and Host of The Nonconformist Innovation Podcast to discuss the intersection of privacy and identity. Steve has 18+ years of experience in global Identity & Access Management (IAM) and is currently completing his MBA from Santa Clara University. Throughout our conversation, Steve shares his journey as a reformed technologist and advocate for 'Nonconformist Innovation' & 'Tipping Point Leadership.'

Steve's approach to identity involves breaking it down into 4 components: 1) philosophy, 2) politics, 3) economics & 4)technology, highlighting their interconnectedness. We also discuss his work with Washington State and its efforts to modernize Consumer Identity Access Management (IAM). We address concerns around AI, biometrics & mobile driver's licenses. Plus, Steve offers his perspective on tipping point leadership and the challenges organizations face in achieving privacy change at scale.

Topics Covered: 

• Steve's origin story; his accidental entry into identity & access management (IAM)
• Steve's perspective as a 'Nonconformist Innovator' and why he launched 'The Nonconformist Innovation Podcast'
• The intersection of privacy & identity
• How to address organizational resistance to change, especially with lean resources
• Benefits gained from 'Tipping Point Leadership'
• 4 common hurdles to tipping point leadership 
• How to be a successful tipping point leader within a very bottom-up focused organization
• 'Consumer IAM' & the driving need for modernizing identity in Washington State
• How Steve has approached the challenges related to privacy, ethics & equity 
• Differences between the mobile driver's license (mDL) & verified credentials (VC) standards & technology
• How States are approaching the implementation of  mDL in different ways and the privacy benefits of 'selective disclosure'
• Steve's advice for privacy technologists to best position them and their orgs at the forefront of privacy and security innovation
• Steve recommended books for learning more about tipping point leadership

Guest Info: 

• Connect with Steve on LinkedIn
• Listen to The Nonconformist Innovation Podcast 

Resources Mentioned: 

• Steve's Interview with Tom Kemp
• Tipping Point Leadership books:
  • On Change Management 
  • Organizational Behavior
  • Ethics in the Age of Disruptive Technologies: An Operational Roadmap

Privado.ai
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.

TRU Staffing Partners
Top privacy talent - when you need it, where you need it.

Shifting Privacy Left Media
Where privacy engineers gather, share, & learn

Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Copyright © 2022 - 2023 Principled LLC. All rights reserved.

This week, I chat with Jake Ward, the Co-Founder and CEO of Data Protocol, to discuss how the Data Protocol platform supports developers' accountability for privacy by giving developers the relevant information in the way that they want it. Throughout the episode, we cover the Privacy Engineering course offerings and certification program; how to improve communication with  developers; and trends that Jake sees across his customers after 2 years of offering these courses to engineers.

In our conversation, we dive into the topics covered in the Privacy Engineering Certification Program course offering , led by instructor Nishant Bhajaria, and the impact that engineers can make in their organization after completing it. Jake shares why he's so passionate about  empowering developers, enabling them to build safer products. We  talk about the effects of privacy engineering on large tech companies and how to bridge the gap between developers and the support they need with collaboration and accountability. Plus, Jake reflects on his own career path as the Press Secretary for a U.S. Senator and the experiences that shaped his perspectives and brought him to where he is now.

Topics Covered: 

• Jake’s career journey and why he landed on supporting software developers 
• How Jake build Data Protocol and it’s community 
• What 'shifting privacy left' means to Jake
• Data Protocol's Privacy Engineering Courses, Labs, & Certification Program and what developers will take away
• The difference between Data Protocol's free Privacy Courses and paid Certification
• Feedback from customers and & trends observed
• Whether tech companies have seen improvement in engineers' ability to embed privacy into the development of products & services after completing the Privacy Engineering courses and labs 
• Other privacy-related courses available on Data Protocol, and privacy courses  on the roadmap
• Ways to leverage communications to surmount current challenges
• How organizations can make their developers accountable for privacy, and the importance of aligning responsibility, accountability & business processes
• How Debra would operationalize this accountability into an organization
• How you can use the PrivacyCode.ai privacy tech platform to enable the operationalization of privacy accountability for developers

Resources Mentioned: 

• Check out Data Protocol's courses, based on topic
• Enroll in The Privacy Engineering Certification Program (courses are free)
• Check out S3E2: 'My Top 20 Privacy Engineering Resources for 2024' 

Guest Info: 

• Connect with Jake on LinkedIn

Privado.ai
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.

Shifting Privacy Left Media
Where privacy engineers gather, share, & learn

TRU Staffing Partners
Top privacy talent - when you need it, where you need it.

Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Copyright © 2022 - 2023 Principled LLC. All rights reserved.

My guest this week is Jay Averitt, Senior Privacy Product Manager and Privacy Engineer at Microsoft, where he transitioned his career from Technology Attorney to Privacy Counsel, and most recently to Privacy Engineer.

In this episode, we hear from Jay about: his professional path from a degree in Management Information Systems to Privacy Engineer; how Twitter and Microsoft navigated a privacy setup, and how to determine privacy program maturity; multiple of his Privacy Engineering community projects; and tips on how to spread privacy awareness and stay active within the industry. 

Topics Covered:

• Jay’s unique professional journey from Attorney to Privacy Engineer
• Jay’s big mindset shift from serving as Privacy Counsel to Privacy Engineer, from a day-to-day and internal perspective
• Why constant learning is essential in the field of privacy engineering, requiring us to keep up with ever-changing laws, standards, and technologies
• Jay’s comparison of what it's like to work for Twitter vs. Microsoft when it comes to how each company focuses on privacy and data protection 
• Two ways to determine Privacy Program Maturity, according to Jay
• How engineering-focused organizations can unify around a corporate privacy strategy and how privacy pros can connect to people beyond their siloed teams
• Why building and maintaining relationships is the key for privacy engineers to be seen as enablers instead of blockers 
• A detailed look at the 'Technical Privacy Review' process
• A peak into Privacy Quest’s gamified privacy engineering platform and the events that Jay & Debra are leading as part of its DPD'24 Festival Village month-long puzzles and events
• Debra's & Jay's experiences at the USENIX PEPR'23; why it provided so much value for them both; and, why you should consider attending PEPR'24  
• Ways to utilize online Slack communities, LinkedIn, and other tools to stay active in the privacy engineering world

Resources Mentioned:

• Review talks from the University of Illinois 'Privacy Everywhere Conference 2024'
• Join the Privacy Quest Village's 'Data Privacy Day’24 Festival' (through Feb 18th)
• Submit a Proposal / Register for the USENIX PEPR ‘24 Conference

Guest Info:

• Connect with Jay on LinkedIn

Privado.ai
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.

Shifting Privacy Left Media
Where privacy engineers gather, share, & learn

TRU Staffing Partners
Top privacy talent - when you need it, where you need it.

Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Copyright © 2022 - 2023 Principled LLC. All rights reserved.

In Honor of Data Privacy Week 2024, we're publishing a special episode. Instead of interviewing a guest, Debra shares her 'Top 20 Privacy Engineering Resources' and why. Check out her favorite free privacy engineering courses, books, podcasts, creative learning platforms, privacy threat modeling frameworks, conferences, government resources, and more.

DEBRA's TOP 20 PRIVACY ENGINEERING RESOURCES (in no particular order)

1. Privado's Free Course: 'Technical Privacy Masterclass'
2. OpenMined's Free Course: 'Our Privacy Opportunity' 
3. Data Protocol's Privacy Engineering Certification Program
4. The Privacy Quest Platform & Games; Bonus: The Hitchhiker's Guide to Privacy Engineering
5. 'Data Privacy: a runbook for engineers by Nishant Bhajaria
6. 'Privacy Engineering, a Data Flow and Ontological Approach' by Ian Oliver
7. 'Practical Data Privacy: enhancing privacy and security in data' by Katharine Jarmul
8. Strategic Privacy by Design, 2nd Edition by R. Jason Cronk
9. 'The Privacy Engineer's Manifesto: getting from policy to code to QA to value' by Michelle Finneran-Dennedy, Jonathan Fox and Thomas R. Dennedy 
10. USENIX Conference on Privacy Engineering Practice and Respect (PEPR)
11. IEEE's The International Workshop on Privacy Engineering (IWPE)
12. Institute of Operational Privacy Design (IOPD)
13. 'The Shifting Privacy Left Podcast,' produced and hosted by Debra J Farber and sponsored by Privado
14. Monitaur's 'The AI Fundamentalists Podcast' hosted by Andrew Clark & Sid Mangalik
15. Skyflow's 'Partially Redacted Podcast' with Sean Falconer
16. The LINDDUN Privacy Threat Model Framework & LINDDUN GO Card Game
17. The Privacy Library Of Threats 4 Artificial Intelligence (PLOT4ai) Framework & PLOT4ai Card Game
18. The IAPP Privacy Engineering Section
19. The NIST Privacy Engineering Program Collaboration Space
20. The EDPS Internet Privacy Engineering Network (IPEN)

Read “Top 20 Privacy Engineering Resources” on Privado’s Blog.

Privado.ai
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.

Shifting Privacy Left Media
Where privacy engineers gather, share, & learn

TRU Staffing Partners
Top privacy talent - when you need it, where you need it.

Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Copyright © 2022 - 2023 Principled LLC. All rights reserved.

My guest this week is Patricia Thaine, Co-founder and CEO of Private AI, where she leads a team of experts in developing cutting-edge solutions using AI to identify, reduce, and remove Personally Identifiable Information (PII) in 52 languages across text, audio, images, and documents.

In this episode, we hear from Patricia about: her transition from starting a Ph.D. to co-founding an AI company; how Private AI set out to solve fundamental privacy problems to provide control and understanding of data collection; misunderstandings about how best to leverage AI regarding privacy-preserving machine learning; Private AI’s intention when designing their software, plus newly deployed features; and whether global AI regulations can help with current risks around privacy, rogue AI and copyright.

Topics Covered:

• Patricia’s professional journey from starting a Ph.D. in Acoustic Forensics to co-founding an AI company
• Why Private AI’s mission is to solve privacy problems and create a platform for developers to modularly and flexibly integrate it anywhere you want in your software pipeline, including  model ingress & egress
• How companies can avoid mishandling personal information when leveraging AI / machine learning; and Patricia’s advice to companies to avoid mishandling personal information 
• Why keeping track of ever-changing data collection and regulations make it hard to find personal information
• Private AI's privacy-enabling architectural approach to finding personal data to prevent it from being used by or stored in an AI model
• The approach that Privacy AI took to design their software
• Private AI's extremely high matching rate, and how they aim for 99%+ accuracy
• Private AI's roadmap & R&D efforts
• Debra & Patricia discuss AI Regulation and Patricia's insights from her article 'Thoughts on AI Regulation'
• A foreshadowing of AI’s copyright risk problem and whether regulations or licenses can help
• ChatGPT’s popularity, copyright, and the need for embedding privacy, security, and safety by design from the beginning (in the MVP)
• How to reach out to Patricia to connect, collaborate, or access a demo
• How thinking about the fundamentals gets you a good way on your way to ensuring privacy & security

Resources Mentioned:

• Read: Yoshua Bengio’s blog post: "How Rogue AI's May Arise"
• Read: Microsoft's Digital Defense Report 2023
• Read Patricia’s article, “Thoughts on AI Regulation” 

Guest Info:

• Connect with Patricia on LinkedIn
• Check out Private AI 
• Demo PrivateG

Privado.ai
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.

Shifting Privacy Left Media
Where privacy engineers gather, share, & learn

TRU Staffing Partners
Top privacy talent - when you need it, where you need it.

Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Copyright © 2022 - 2023 Principled LLC. All rights reserved.

My guest this week is Kevin Killens, CEO of AHvos, a technology service that provides AI solutions for data-heavy businesses using a proprietary technology called Contextually Responsive Intelligence (CRI), which can act upon a business's private data and produce results without storing that data.

In this episode, we delve into this technology and learn more from Kevin about: his transition from serving in the Navy to founding an AI-focused company; AHvos’ architectural approach in support of data minimization and reduced attack surface; AHvos' CRI technology and its ability to provide accurate answers based on private data sets; and how AHvos’ Data Crucible product helps AI teams to identify and correct inaccurate dataset labels.  

Topics Covered:

• Kevin’s origin story, from serving in the Navy to founding AHvos
• How Kevin thinks about privacy and the architectural approach he took when building AHvos
• The challenges of processing personal data, 'security for privacy,' and the applicability of the GDPR when using AHvos
• Kevin explains the benefits of Contextually Responsive Intelligence (CRI): which abstracts out raw data to protect privacy; finds & creates relevant data in response to a query; and identifies & corrects inaccurate dataset labels
• How human-created algorithms and oversight influence AI parameters and model bias; and, why transparency is so important
• How customer data is ingested into models via AHvos
• Why it is important to remove bias from Testing Data, not only Training Data; and, how AHvos ensures accuracy 
• How AHvos' Data Crucible identifies & corrects inaccurate data set labels
• Kevin's advice for privacy engineers as they tackle AI challenges in their own organizations
• The impact of technical debt on companies and the importance of building slowly & correctly rather than racing to market with insecure and biased AI models
• The importance of baking security and privacy into your minimum viable product (MVP), even for products that are still in 'beta' 

Guest Info:

• Connect with Kevin on LinkedIn
• Check out AHvos
• Check out Trinsic Technologies

Privado.ai
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.

Shifting Privacy Left Media
Where privacy engineers gather, share, & learn

Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Copyright © 2022 - 2023 Principled LLC. All rights reserved.

My guest this week is Nabanita De, Software Engineer, Serial Entrepreneur, and Founder & CEO at Privacy License where she's on a mission to transform the AI landscape. In this episode, we discuss Nabanita's transition from Engineering Manager at Remitly to startup founder; what she's learned from her experience at Antler's accelerator program, her first product to market: PrivacyGPT and her work to educate Privacy Champions. 

Topics Covered:

• Nabanita’s origin story, from conducting AI research at Microsoft as an intern all the way to founding Privacy License
• How Privacy License supports enterprises entering the global market while protecting privacy as a human right
• A comparison between Nabanita's experience as a corporate role as Privacy Engineering Manager at Remitly versus her entrepreneurial role as Founder-in-Residence at Antler
• How PrivacyGPT, a Chrome browser plugin, empowers people to use ChatGPT with added privacy protections and without compromising data privacy standards by redacting sensitive and personal data before sending to ChatGPT
• NLP techniques that Nabanita leveraged to build out PrivacyGPT, including: 'regular expressions,' 'parts of speech tagging,' & 'name entity recognition'
• How PrivacyGPT can be used to protect privacy across nearly all languages, even where a user has no Internet connection
• How to use Product Hunt to gain visibility around a newly-launched product; and whether it's easier to raise a financial round in the AI space right now
• Nabanita’s advice for software engineers who might found a privacy or AI startup in the near future
• Why Nabanita created a Privacy Champions Program; and how it provides (non)-privacy folks with recommendations to prioritize privacy within their organizations
• How to sign up for PrivacyGPT’s paid pilot app, connect with Nabanita to collaborate, or subscribe to "Nabanita's Moonshots Newsletter" on LinkedIn

Resources Mentioned:

• Check out Privacy License
• Learn more about PrivacyGPT
• Install the PrivacyGPT Chrome Extension
• Learn about Data Privacy Week 2024

Guest Info:

• Connect with Nabanita on LinkedIn
• Subscribe to the Nabanita's Moonshots Newsletter
• Learn more about The Nabinita De Foundation 
• Learn more about Covid Help for India
• Learn more about Project FiB

Privado.ai
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.

Shifting Privacy Left Media
Where privacy engineers gather, share, & learn

Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Copyright © 2022 - 2023 Principled LLC. All rights reserved.

My guests this week are Yusra Ahmad, CEO of Acuity Data, and Luke Beckley, Data Protection Officer and Privacy Governance Manager at Correla, who work with The RED (Real Estate Data) Foundation, a sector-wide alliance that enables the real estate sector to benefit from an increased use of data, while voiding some of the risks that this presents, and better serving society.

We discuss the current drivers for change within the real estate industry and the complexities of the real estate industry utilizing incredible amounts of data. You’ll learn the types of data protection, privacy, and ethical challenges The RED Foundation seeks to solve, especially now with the advent of new technologies. Yusra and Luke discuss some  ethical questions the real estate sector as it considers leveraging new technology. Yusra and Luke come to the conversation from the knowledgeable perspective as The RED Foundation’s Chair of the Data Ethics Steering Group and Chair of the Engagement and Awareness Group, respectively.

Topics Covered:

• Introducing Luke Beckley (DPO, Privacy & Governance Manager at Correla) and Yusra Ahmed (CEO of Acuity Data); who are here to talk about their data ethics work at The RED Foundation
• How the scope, sophistication, & connectivity of data is increasing exponentially in the real estate industry
• Why ESG, workplace experience, & smart city development are drivers of data collection; and the need for data ethics reform within the real estate industry
• Discussion of types of personal data these real estate companies collect & use across stakeholders: owners, operators, occupiers, employees, residents, etc.
• Current approaches that retailers take to protect location data, when collected; and why it's important to simplify language,  increase transparency, & make  consumers aware of tracking in in-store WIFi privacy notices
• Overview of The RED Foundation & mission: to ensure the real estate sector benefits from an increased use of data, avoids some of the risks that this presents, and is better placed to serve society
• Some ethical questions with which the real estate sector needs to still align, along with examples
• Why there’s a need to educate the real estate industry on privacy-enhancing tech
• The need for privacy engineers and PETs in real estate; and why this will build trust with the different stakeholders
• Guidance for privacy engineers who want to work in the real estate sector.
• Ways to collaborate with The RED Foundation to standardize data ethics practices across the real estate industry
• Why there's great opportunity to embed privacy into real estate; and why its current challenges are really obstacles, rather than blockers.

Resources Mentioned:

• Check out The RED Foundation

Guest Info:

• Follow Yusra on LinkedIn
• Follow Luke on LinkedIn

Privado.ai
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.

Shifting Privacy Left Media
Where privacy engineers gather, share, & learn

Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Copyright © 2022 - 2023 Principled LLC. All rights reserved.

This week, I welcome Jared Coseglia, co-founder and CEO at TRU Staffing Partners, a contract staffing & executive placement search firm that represents talent across 3 core industry verticals: data privacy, eDiscovery, & cybersecurity. We discuss the current and future state of the contracting market for privacy engineering rols and the market drivers that affect hiring. You’ll learn about the hiring trends and the allure of 'part-time impact,' 'part-time perpetual,' and 'secondee' contract work. Jared illustrates the challenges that hiring managers face with a 'Do-it-Yourself' staffing process; and he shares his predictions about the job market for privacy engineers over the next 2 years. Jared comes to the conversation with a lot of data that supports his predictions and sage advice for privacy engineering hiring managers and job seekers. 

Topics Covered:

• How the privacy contracting market compares and contrasts to the full-time hiring market; and, why we currently see a steep rise in privacy contracting
• Why full-time hiring for privacy engineers won't likely rebound until Q4 2024; and, how hiring for privacy typically follows a 2-year cycle
• Why companies & employees benefit from fractional contracts; and, the differences between contracting types: 'Part-Time - Impact,' 'Part-Time - Perpetual,' and 'Secondee'
• How hiring managers typically find privacy engineering candidates
• Why it's far more difficult to hire privacy engineers for contracts; and, how a staffing partner like TRU can supercharge your hiring efforts and avoid the pitfalls of a "do-it-yourself" approach
• How contract work benefits privacy engineers financially, while also providing them with project diversity
• How salaries are calculated for privacy engineers; and, the driving forces behind pay discrepancies across privacy roles
• Jared's advice to 2024 job seekers, based on his market predictions; and, why privacy contracting increases 'speed to hire' compared to hiring FTEs
• Why privacy engineers can earn more money by changing jobs in 2024 than they could by seeking raises in their current companies; and discussion of 2024 salary ranges across industry segments
• Jared's advice on how privacy engineers can best position themselves to contract hiring managers in 2024
• Recommended resources for privacy engineering employers and job seekers

Resources Mentioned:

• Read: "State of the Privacy Job Market Q3 2023”
• Subscribe to TRU Insights

Guest Info:

• Connect with Jared on LinkedIn
• Learn more about TRU Staffing Partners
• Engineering Managers: Check out TRU Staffing Data Privacy Staffing solutions
• PE Candidates: Apply to Open Privacy Positions

Privado.ai
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.

Shifting Privacy Left Media
Where privacy engineers gather, share, & learn

Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Copyright © 2022 - 2023 Principled LLC. All rights reserved.