My slide deck used in People Management Association of the Philippines' (PMAP) Data Privacy Act Forum held last 18 SEP 2017 at Ace Hotel & Suites, Pasig City.

1. Challenges &
Opportunities the
Data Privacy Act
Brings
Robert “Bob” Reyes
www.bobreyes.com
bob@bobreyes.com
@bobreyes

2. About Me
 GM & CTO of TurfSite Web Services.
 Mozilla Representative to the PHL.
 Tech News Columnist at the Manila Bulletin.
 Hobby Blogger, Photographer.
 Dad of Xeon & Haswell.

4. Being an Open Source Dev

5. What is
Mozilla?

6. History of Mozilla
On 23 Feb 1998,
Netscape Communications Corp.
created a project called
Mozilla (Mosaic + Godzilla).
Mozilla was launched 31 Mar 1998.

7. Mozilla’s Mission
To ensure the Internet
is a global public
resource, open &
accessible to all.

8. Mozilla
Data Privacy
Principles

9. Data Privacy Principles
The following five principles stem from the Mozilla Manifesto
& inform how we:
 Develop our products & services
 Manage user data we collect
 Select & interact with partners
 Shape our public policy & advocacy work

10. Data Privacy Principles
1. No Surprises
 Use & share information in a way that is transparent & benefits the user.
2. User Control
 Develop products & advocate for best practices that put users in control of their
data & online experiences.
3. Limited Data
 Collect what we need, de-identify where we can & delete when no longer
necessary.
4. Sensible Settings
 Design for a thoughtful balance of safety & user experience.
5. Defense in Depth
 Maintain multi-layered security controls & practices, many of which are publicly
verifiable.

11. Get Smart on the Web

12. Lightbeam for Firefox

13. Lightbeam for Firefox
https://www.mozilla.org/en-US/lightbeam/

14. Lightbeam for Firefox
https://www.mozilla.org/en-US/lightbeam/

15. Tracking
& Privacy

16. Tracking & Privacy
 Not all tracking is bad.
 Many services rely on user data to provide relevant
content & enhance your online experience.
 But tracking can happen without the user’s knowledge.
 That’s not okay for some.
 It should be you who decides when, how & if you want
your browsing data to be shared.
 We recognize the importance of transparency & our
mission is all about empowering users — both with
tools & information.

17. Tracking & Privacy
https://www.mozilla.org/en-US/lightbeam/

18. Lightbeam for Firefox
https://www.mozilla.org/en-US/lightbeam/

19. Challenges in
Data Privacy

20. Challenges in Data Privacy
It is essential for IT & business leaders to understand the full
risk potential of data privacy threats & how to address these
issues:
1. Data Privacy is more than compliance.
2. A strategic investment, not a cost.
3. Build it, deploy it, test it, modernize it.
4. Technology usage trends increase vulnerabilities.

21. Challenge 1:
Data Privacy is more
than compliance.

22. Challenge 1:
More Than Compliance
 Compliance is a critical factor driving interest in, & adoption
of, data privacy solutions.
 Building data privacy defenses simply to pass an annual
audit by a regulatory body is just the beginning when it
comes to protecting data privacy.
 Data privacy must be ensured every day, because privacy
threats are fluid & ever evolving.
 The incidence of zero-day attacks (security breaches for
which IT professionals had no time to prepare a prior
defense) for Internet Explorer doubled in 2014 from the
year prior.

23. Challenge 1:
More Than Compliance
 There’s also the impact of highly-negative publicity & loss of
consumer confidence of privacy breaches that may occur
without notice.
 A recent study indicated that 226 million personal records
about Europeans have been compromised in the past
decade.
 In addition, a number of data privacy breaches aren’t
covered under compliance statutes, such as theft of
intellectual property including new product diagrams,
competitive analysis documents & marketing campaigns.

24. Solution 1:
Data Privacy is more
than compliance.

25. Solution 1:
More Than Compliance
 Data privacy must be protected on a continuous, ongoing
basis, far beyond the requirements of simply passing
external or internal compliance audits.
 Protecting data privacy must be part of a comprehensive
corporate strategy that embraces the three P’s of Privacy:
 People
 Products
 Processes

26. Solution 1:
More Than Compliance
 Not only do organizations need to ensure that data privacy
reports to a senior corporate executive, but the organization
must take steps to ensure that all employees & virtual staff
(partners, contractors, etc.) use smart privacy protection
techniques.
 Organizations must be committed to investing in solutions
that help ensure data privacy beyond the basics, including
malware detection & identity management.
 Privacy should be embedded into all business processes,
from onboarding new employees to sharing data over
unsecured networks.

27. Challenge 2:
A Strategic
Investment,
Not a Cost

28. Challenge 2:
Strategic Investment, Not a Cost
 Measuring the economic impact of a breach goes far
beyond regulatory penalties or the cost of securing
defenses.
 What is the cost of negative headlines about Social
Security numbers, user IDs, passwords, & other identities
being hacked?
 It’s important to recognize the financial risk of not
pursuing… data protection processes. The status quo isn’t
free. Ignoring those measures will incur a cost.
 You must understand the potential catastrophic impact of
competitors gaining access to proprietary information such
as customer lists, specially negotiated discount pricing, &
product launch timelines.

29. Solution 2:
A Strategic
Investment,
Not a Cost

30. Solution 2:
Strategic Investment, Not a Cost
 Organizations need to make well-thought-out investments
in technologies to ensure that data defenses are as resilient
as possible & that data can be recovered, restored,
retained, & reclaimed as circumstances require.
 Key technologies that should be a part of any organization’s
data privacy defense include snapshotting, high availability
infrastructure, backup & archiving.

31. Challenge 3:
Build it, Deploy it,
Test it, Modernize it

32. Challenge 3:
Build it, Deploy it, Test it, Modernize it
 Most companies have some sort of data privacy plan, but
it’s usually a component in a broader disaster recovery or
business continuity strategy.
 It may be a dedicated chapter or a few isolated passages in
that plan document.
 It needs to be embedded in all aspects of business
continuity in real-world practice.
 Sadly, business continuity plan documents often act as
shelfware that is rarely tested & updated to reflect changes
in business conditions.

33. Solution 3:
Build it, Deploy it,
Test it, Modernize it

34. Solution 3:
Build it, Deploy it, Test it, Modernize it
 Organizations need a dynamic planning, testing, &
deployment strategy for data privacy
 One that is developed & supported by senior executives &
business stakeholders, not just the IT department or even a
chief information security officer.
 While internal IT staff & business leaders have the
advantage of understanding the ins & outs of how data is
captured, stored, & used within their organization, it’s not
unusual for internal staff to become insulated to both
external threats & to new ideas on how to ensure higher
levels of data privacy.

35. Challenge 4:
Technology Usage
Trends Increase
Vulnerabilities

36. Challenge 4:
Technology Usage Trends Increase Vulnerabilities
 Industry trends such as Bring Your Own Device (BYOD),
the impact of social media, increased adoption of affordable
cloud computing services, & widespread use of sync-and-
store services for data storage have raised new &
potentially damaging data privacy vulnerabilities.
 Many of the latest identity thefts & cyber attacks have
occurred as a result of delivering malware as advertising
through tablets & smartphones.
 “Consumerization of IT” increases employee productivity,
but many of those end-user devices operate without
sufficient IT oversight & security frameworks.

37. Solution 4:
Technology Usage
Trends Increase
Vulnerabilities

38. Solution 4:
Technology Usage Trends Increase Vulnerabilities
 IT departments & business stakeholders shouldn’t
necessarily restrict usage of consumer devices,
applications, & services, but should develop smart policies
that reflect both their benefits to employees & their threats
to data privacy.
 Make employees aware of best practices to ensure data
privacy, & to do continuous vulnerability testing to surface
unexpected problems.
 Organizations to take pains to ensure all relevant parties
understand that new uses of technology often increase
data privacy risks & must be accounted for.

39. Opportunities in Data
Privacy

40. Opportunities
in Data Privacy
 DATA is the new BLACK GOLD.
 Technology innovation & the power of data analytics
present tremendous value.
 New job opportunities related to Data Privacy compliance.
 2016-2017  Data Scientists
 2017-2018  Data Protection Officers (DPO)

41. Job Opportunities
in Data Privacy
 Data Protection Officer (DPO)
 Counsel – Compliance & Privacy
 Security Engineer
 Security Analyst
 InfoSec Engineer
 IT Specialist (InfoSec)
 Health Records Privacy Director
 Staff Information Security Engineer
 Product Security Analyst

42. Maraming
Salamat po!
📬 bob@bobreyes.com
📬 bob@mozillaph.org
🐦 @bobreyes