Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2wGL7sC.
Amie Durr talks about the privacy concerns and subsequent regulations that come with much information; and how to operate a business that does the "Right" thing for the consumer, without impact the ability to innovate, personalize and grow. Filmed at qconnewyork.com.
Amie Durr is the Vice President of Product Management at SparkPost. She is responsible for delivering technologies that help businesses support and drive their messaging needs with a focus on scale, usability, engagement, and analytics.
Data, GDPR & Privacy: Doing It "Right" Without Losing It All
1. 1@SparkPost
Data, GDPR & Privacy:
Doing it Right Without Losing it All
June 2018
Amie Durr, VP Product
2. InfoQ.com: News & Community Site
• 750,000 unique visitors/month
• Published in 4 languages (English, Chinese, Japanese and Brazilian
Portuguese)
• Post content from our QCon conferences
• News 15-20 / week
• Articles 3-4 / week
• Presentations (videos) 12-15 / week
• Interviews 2-3 / week
• Books 1 / month
Watch the video with slide
synchronization on InfoQ.com!
https://www.infoq.com/presentations/
gdpr-privacy
3. Presented at QCon New York
www.qconnewyork.com
Purpose of QCon
- to empower software development by facilitating the spread of
knowledge and innovation
Strategy
- practitioner-driven conference designed for YOU: influencers of
change and innovation in your teams
- speakers and topics driving the evolution and innovation
- connecting and catalyzing the influencers and innovators
Highlights
- attended by more than 12,000 delegates since 2007
- held in 9 cities worldwide
8. 6@SparkPost
Employee Confidence is Low
63%
Not Confident Their
Company is Compliant
90%
Don’t Believe Consent Data
Is Accurate
31%
Don’t’ Feel Personally
Responsible
The
Stakes
Are High
10. 8@SparkPost
Data & Privacy Rights Regulations On The Rise
1
2
4
3
1
2
3
4
CASL
CAN-SPAM
Privacy Shield
GDPR
11. 9@SparkPost
But Wait! Demand Is On The Rise
In 2018, Demand For Data
Scientists is 50-60%
Higher Than Supply
Data Scientists Roles
Have Grown 650% Since
2012
15. 13@SparkPost
Accountability
G E T
CLEAN
S T A Y
SHOW
Audit Your Data
Inventory And Make
Necessary
Adjustments
Ensure Processes In
Place to Evaluate All New
Data Streams And
Potential Changes To
Data Policy
16. 14@SparkPost
Accountability
G E T
CLEAN
S T A Y
SHOW
Audit Your Data
Inventory And Make
Necessary
Adjustments
Ensure Processes In Place
to Evaluate All New Data
Streams And Potential
Changes To Data Policy
Make It Easy To See What
Data You Have And Easier
To Opt-Out Or Be Deleted
19. 17@SparkPost
Accountability - In Practice
How We Became Accountable:
Dropped S3 Log Storage To 30 Days
Hashed “rcpt_to” And Dropped Meta Data
Removed Unused Tracking Tags & Cookies
Educated Our Customers
20. 18@SparkPost
Accountability - In Practice
How We Became Accountable:
We Kept Stuff Too!
Suppression Lists
Support Inquiries
Compliance Data
Anonymized Data In Our Data
Lake
21. 19@SparkPost
Accountability – Doing It Right
What It Means
• Lawful, Fairness,
And Transparency
• Purpose Limitation
• Data Minimization
• Accuracy
• Storage limitation
How To Do It
1. Shared
Responsibility
2. Continuous Focus
– Not A One Time
Set Of Activities
22. 20@SparkPost
Privacy by design
• 7 Principle Elements
Noted By GDPR
• Be User Centric
• Remember What It
Took To Be
Compliant – Stay
Clean!
23. 21@SparkPost
Privacy by design – In Practice:
Engagement Message Events
Encoded In Our Links Stored In Our Redis or S3 For 1 Year
24. 22@SparkPost
Privacy by design – In Practice
Engagement Message Events
EnrichedMessageEvent
Strict PII
• rcpt_to
Possible PII
• rcpt_meta
• geo_ip
25. 23@SparkPost
Privacy By Design Is a Brand Benefit!
- Understand What Is/Is Not PII, And What May Feel Like PII To the
Individual
- Stop Storing Non-Anonymized PII, Wherever Possible
- Encode PII, Encrypt, or Hash PII You Need To Keep
- Aggregate Data Wherever Possible
- Amend R&D, User Story, Or Other Artifact Documents To Include
Callout For Data Management
- Make The DPO Your Best Friend
- Build The Ability To Self-Serve Delete Requests First!
- Better Yet, Have Data Roll-Off Within 30 Days!
Privacy by design – Doing It Right
28. 26@SparkPost
• Ran Tests On 10 Days Worth Of Data (What We Initially Stored)
To See If There Was Any Value
• Lined Up Customer Interest For Sharing and Using Service
• False-Started Backfilling Data That Wasn’t Hashed….so...
• Re-implemented Data Backfill From The Data Lake With Hashed
rcpt_to
• Deployed To Beta And Continuing To Develop New
Enhancements!
Innovation – In Practice:
Smart Send
29. 27@SparkPost
• Experiment With Shorter Windows
Of Data To Determine Value
• Communicate Early and Often
With Your DPO
• Maintain Accountability
• Ensure You’re Implementing
Privacy By Design
• Don’t Be Afraid!
Innovation – Doing it Right