My slide deck used in People Management Association of the Philippines' (PMAP) Data Privacy Act Forum held last 18 SEP 2017 at Ace Hotel & Suites, Pasig City.
2. About Me
GM & CTO of TurfSite Web Services.
Mozilla Representative to the PHL.
Tech News Columnist at the Manila Bulletin.
Hobby Blogger, Photographer.
Dad of Xeon & Haswell.
6. History of Mozilla
On 23 Feb 1998,
Netscape Communications Corp.
created a project called
Mozilla (Mosaic + Godzilla).
Mozilla was launched 31 Mar 1998.
9. Data Privacy Principles
The following five principles stem from the Mozilla Manifesto
& inform how we:
Develop our products & services
Manage user data we collect
Select & interact with partners
Shape our public policy & advocacy work
10. Data Privacy Principles
1. No Surprises
Use & share information in a way that is transparent & benefits the user.
2. User Control
Develop products & advocate for best practices that put users in control of their
data & online experiences.
3. Limited Data
Collect what we need, de-identify where we can & delete when no longer
necessary.
4. Sensible Settings
Design for a thoughtful balance of safety & user experience.
5. Defense in Depth
Maintain multi-layered security controls & practices, many of which are publicly
verifiable.
16. Tracking & Privacy
Not all tracking is bad.
Many services rely on user data to provide relevant
content & enhance your online experience.
But tracking can happen without the user’s knowledge.
That’s not okay for some.
It should be you who decides when, how & if you want
your browsing data to be shared.
We recognize the importance of transparency & our
mission is all about empowering users — both with
tools & information.
20. Challenges in Data Privacy
It is essential for IT & business leaders to understand the full
risk potential of data privacy threats & how to address these
issues:
1. Data Privacy is more than compliance.
2. A strategic investment, not a cost.
3. Build it, deploy it, test it, modernize it.
4. Technology usage trends increase vulnerabilities.
22. Challenge 1:
More Than Compliance
Compliance is a critical factor driving interest in, & adoption
of, data privacy solutions.
Building data privacy defenses simply to pass an annual
audit by a regulatory body is just the beginning when it
comes to protecting data privacy.
Data privacy must be ensured every day, because privacy
threats are fluid & ever evolving.
The incidence of zero-day attacks (security breaches for
which IT professionals had no time to prepare a prior
defense) for Internet Explorer doubled in 2014 from the
year prior.
23. Challenge 1:
More Than Compliance
There’s also the impact of highly-negative publicity & loss of
consumer confidence of privacy breaches that may occur
without notice.
A recent study indicated that 226 million personal records
about Europeans have been compromised in the past
decade.
In addition, a number of data privacy breaches aren’t
covered under compliance statutes, such as theft of
intellectual property including new product diagrams,
competitive analysis documents & marketing campaigns.
25. Solution 1:
More Than Compliance
Data privacy must be protected on a continuous, ongoing
basis, far beyond the requirements of simply passing
external or internal compliance audits.
Protecting data privacy must be part of a comprehensive
corporate strategy that embraces the three P’s of Privacy:
People
Products
Processes
26. Solution 1:
More Than Compliance
Not only do organizations need to ensure that data privacy
reports to a senior corporate executive, but the organization
must take steps to ensure that all employees & virtual staff
(partners, contractors, etc.) use smart privacy protection
techniques.
Organizations must be committed to investing in solutions
that help ensure data privacy beyond the basics, including
malware detection & identity management.
Privacy should be embedded into all business processes,
from onboarding new employees to sharing data over
unsecured networks.
28. Challenge 2:
Strategic Investment, Not a Cost
Measuring the economic impact of a breach goes far
beyond regulatory penalties or the cost of securing
defenses.
What is the cost of negative headlines about Social
Security numbers, user IDs, passwords, & other identities
being hacked?
It’s important to recognize the financial risk of not
pursuing… data protection processes. The status quo isn’t
free. Ignoring those measures will incur a cost.
You must understand the potential catastrophic impact of
competitors gaining access to proprietary information such
as customer lists, specially negotiated discount pricing, &
product launch timelines.
30. Solution 2:
Strategic Investment, Not a Cost
Organizations need to make well-thought-out investments
in technologies to ensure that data defenses are as resilient
as possible & that data can be recovered, restored,
retained, & reclaimed as circumstances require.
Key technologies that should be a part of any organization’s
data privacy defense include snapshotting, high availability
infrastructure, backup & archiving.
32. Challenge 3:
Build it, Deploy it, Test it, Modernize it
Most companies have some sort of data privacy plan, but
it’s usually a component in a broader disaster recovery or
business continuity strategy.
It may be a dedicated chapter or a few isolated passages in
that plan document.
It needs to be embedded in all aspects of business
continuity in real-world practice.
Sadly, business continuity plan documents often act as
shelfware that is rarely tested & updated to reflect changes
in business conditions.
34. Solution 3:
Build it, Deploy it, Test it, Modernize it
Organizations need a dynamic planning, testing, &
deployment strategy for data privacy
One that is developed & supported by senior executives &
business stakeholders, not just the IT department or even a
chief information security officer.
While internal IT staff & business leaders have the
advantage of understanding the ins & outs of how data is
captured, stored, & used within their organization, it’s not
unusual for internal staff to become insulated to both
external threats & to new ideas on how to ensure higher
levels of data privacy.
36. Challenge 4:
Technology Usage Trends Increase Vulnerabilities
Industry trends such as Bring Your Own Device (BYOD),
the impact of social media, increased adoption of affordable
cloud computing services, & widespread use of sync-and-
store services for data storage have raised new &
potentially damaging data privacy vulnerabilities.
Many of the latest identity thefts & cyber attacks have
occurred as a result of delivering malware as advertising
through tablets & smartphones.
“Consumerization of IT” increases employee productivity,
but many of those end-user devices operate without
sufficient IT oversight & security frameworks.
38. Solution 4:
Technology Usage Trends Increase Vulnerabilities
IT departments & business stakeholders shouldn’t
necessarily restrict usage of consumer devices,
applications, & services, but should develop smart policies
that reflect both their benefits to employees & their threats
to data privacy.
Make employees aware of best practices to ensure data
privacy, & to do continuous vulnerability testing to surface
unexpected problems.
Organizations to take pains to ensure all relevant parties
understand that new uses of technology often increase
data privacy risks & must be accounted for.
40. Opportunities
in Data Privacy
DATA is the new BLACK GOLD.
Technology innovation & the power of data analytics
present tremendous value.
New job opportunities related to Data Privacy compliance.
2016-2017 Data Scientists
2017-2018 Data Protection Officers (DPO)
41. Job Opportunities
in Data Privacy
Data Protection Officer (DPO)
Counsel – Compliance & Privacy
Security Engineer
Security Analyst
InfoSec Engineer
IT Specialist (InfoSec)
Health Records Privacy Director
Staff Information Security Engineer
Product Security Analyst
Hackers and governments using the web browser as vectors to steal data from users.
Huge numbers of these (exploits) released every year.
Mozilla addressed this issue by creating a new programming language.