Join our IOPD Privacy Engineering & Technology Education Discussion (PETed) Series! The format of the webinar will be a recorded 10-minute introduction followed by a 40-minute informal discussion and interaction with members of the IOPD. The goal will be a discussion on how to solve a specific privacy problem or privacy related resource topic and the latest implementation techniques for some of the biggest challenges like synthetic data, zero-knowledge proofs, homomorphic encryption, and translucent databases.
The participants will be asked to bring questions related to the topic. Come back the fourth Thursday of every month for a new discussion, new speaker, and new insights on the most cutting-edge privacy challenges!
Date & Time:
May 23, 2024 @ 12:00 PM EDT / 6:00 PM CEST
Topic:
Data Access and Deletion in the Large Scale Structured and Unstructured Datasets
Synopsis:
Many jurisdictions grant the public the rights to access and request deletion of their data. As privacy technologists, it often falls to us to create the systems for responding to these requests. While a response may seem simple on its face (grab all of the data related to this person), there are a host of both technical and organizational challenges when responding to these requests at scale, including: keeping an up to date map between people and the systems that store their data; issuing access and deleting requests without affecting production system performance; and redacting information unrelated to the subject from unstructured data. We’ll talk through these and other challenges and how privacy teams can tackle them.
Problem Statement:
Privacy technologists struggle to efficiently handle large-scale requests for data access and deletion due to challenges in mapping data across systems, avoiding production disruptions, and redacting unrelated information from unstructured data. This requires scalable solutions to ensure regulatory compliance and protect data rights without compromising system performance.
Related PETs (Privacy-Enhancing Technologies):
There are a variety of PETs potentially involved, most notably tools for anonymization/pseudonymization. There are also a large number of data and ML-related engineering technical topics to be discussed.
Pre-Discussion Resources:
-
- Lea Kissner writing for the IAPP about considerations for data retention/deletion: https://iapp.org/news/a/data-retention-in-a-distributed-system/
- Katharina Koerner speaking at PEPR 2023 about legal standards for anonymization/deidentification, which are critical to understand in the context of determining what needs to be deleted: https://www.youtube.com/watch?v=m5u3AM5PaD4
- Nandita Rao Narla at PEPR 2021 about data deletion: https://www.youtube.com/watch?v=f6-EUEmBuPw&list=PL_cjZ5iVWe7n0sU5g0o8zTZSMLAvfl4nL&index=8
- UK ICO FAQ on responding to employee access request, with some really helpful examples detailing just how much sifting through of documents needs to be done: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/employment/subject-access-request-q-and-as-for-employers/
Speaker:
Josh Schwartz
Josh Schwartz is the CEO and cofounder of Phaselab, a startup that helps privacy teams manage their unstructured data. Prior to founding Phaselab he served as CTO and Data Protection Officer of Chartbeat, a leading analytics company, where he led the operation of petabyte-scale data infrastructure. He studied machine learning as a PhD student at MIT’s Computer Science and Artificial Intelligence lab.
Moderator:
Nicole Nguyen
Nicole Nguyen is an enthusiastic privacy professional, deftly bridging technology, business, and law. Beginning in intellectual property and patent prosecution, she gained practical legal insights and technical acumen, which she later applied to data privacy across various regulated industries. She honed her skills across operations, regulatory analysis, and engineering, to streamline data handling, shape privacy policies, and drive privacy-by-design principles. Recognized for her leadership and technical prowess, Nicole guides strategic decisions, resolves complex issues, and bolsters business resilience. Her passion lies in crafting comprehensive data governance programs, weaving security, privacy, and risk disciplines into robust frameworks that safeguard business value and promote a future-ready, privacy-conscious culture. B.S. Chemical and Electrical Engineering and M.S. Information Systems, Cybersecurity and Business Intelligence.
The IOPD Privacy Engineering & Technology Education Discussion (PETed) Series is a members-only event. Join as an Ambassador before the 1st of each month to get invited to this month’s event! Please reach out to a current member to be invited as a guest. If you are already a member, subscribe to our PETed Mailing List for announcements and monthly invitations!