Sign up to save your podcasts
Or
Share VCHH11 - [LIVE] The Scary Truth About Data Privacy
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
VCHH11 - [LIVE] The Scary Truth About Data Privacy
Summary
The conversation focuses on privacy and how to protect personal and corporate data. The speakers discuss core principles for safeguarding customer and employee data, including data minimization, secure coding practices, and continuous testing of controls. They emphasize the importance of communication with the board and legal teams, as well as the need for data retention and disposition schedules. The conversation also covers privacy training for software developers and IT professionals, as well as contractual obligations for vendors regarding data privacy. The speakers highlight the need for a national privacy standard in the US. The conversation covers various aspects of privacy, including data deletion and obfuscation, mobile device management and privacy, the effectiveness of privacy controls, future trends in privacy, and the importance of policies and training.
Takeaways- Establish a process for regular data inventory and minimization to only keep business-critical information.
- Implement secure coding practices and testing to ensure the security of software and applications.
- Continuously test and validate controls to ensure they are operating effectively.
- Communicate privacy and security effectively to the board and ensure they understand the business risks.
- Automate data classification and protection processes to improve efficiency and accuracy.
- Develop data retention and disposition schedules to manage data throughout its lifecycle.
- Provide privacy training for software developers and IT professionals to ensure they understand data privacy regulations and best practices.
- Include contractual obligations for vendors regarding data privacy and ownership.
- Offer options for users to revoke consent and request data deletion to comply with privacy regulations. Organizations should be transparent about the data they collect and have a well-defined and legally compliant procedure for data deletion or obfuscation upon request.
- Mobile device management should consider whether the device is employee-owned or corporate-owned and implement controls to protect sensitive data.
- Privacy controls should be regularly evaluated and proven effective to mitigate business risks.
- Future trends in privacy include increased litigation, attestations, and certification requirements.
- Policies and training are crucial for ensuring privacy practices and procedures are followed and understood by employees.
00:00 Introduction and Overview
03:05 Core Principles for Protecting Customer and Employee Data
05:48 Real-World Examples of Implementing Privacy Controls
10:03 Implementing Secure Coding Practices and Testing
12:52 Continuous Testing and Validation of Controls
16:35 Communicating Privacy and Security to the Board
19:22 Automation for Data Classification and Protection
22:31 Data Minimization Strategies
25:18 Micro Training for DLP Policy Triggers
27:34 Working with Legal and CFOs
31:16 Data Retention and Disposition Schedules
34:28 Privacy Training for Software Developers and IT Professionals
36:25 Contractual Obligations for Vendors Regarding Data Privacy
40:18 Options for Revoking Consent and Data Deletion
48:07 Data Deletion and Obfuscation
52:12 Mobile Device Management and Privacy
58:01 Effectiveness of Privacy Controls
58:52 Future Trends in Privacy
01:01:18 Importance of Policies and Training
View all episodes
By Access Point ConsultingSummary
The conversation focuses on privacy and how to protect personal and corporate data. The speakers discuss core principles for safeguarding customer and employee data, including data minimization, secure coding practices, and continuous testing of controls. They emphasize the importance of communication with the board and legal teams, as well as the need for data retention and disposition schedules. The conversation also covers privacy training for software developers and IT professionals, as well as contractual obligations for vendors regarding data privacy. The speakers highlight the need for a national privacy standard in the US. The conversation covers various aspects of privacy, including data deletion and obfuscation, mobile device management and privacy, the effectiveness of privacy controls, future trends in privacy, and the importance of policies and training.
Takeaways- Establish a process for regular data inventory and minimization to only keep business-critical information.
- Implement secure coding practices and testing to ensure the security of software and applications.
- Continuously test and validate controls to ensure they are operating effectively.
- Communicate privacy and security effectively to the board and ensure they understand the business risks.
- Automate data classification and protection processes to improve efficiency and accuracy.
- Develop data retention and disposition schedules to manage data throughout its lifecycle.
- Provide privacy training for software developers and IT professionals to ensure they understand data privacy regulations and best practices.
- Include contractual obligations for vendors regarding data privacy and ownership.
- Offer options for users to revoke consent and request data deletion to comply with privacy regulations. Organizations should be transparent about the data they collect and have a well-defined and legally compliant procedure for data deletion or obfuscation upon request.
- Mobile device management should consider whether the device is employee-owned or corporate-owned and implement controls to protect sensitive data.
- Privacy controls should be regularly evaluated and proven effective to mitigate business risks.
- Future trends in privacy include increased litigation, attestations, and certification requirements.
- Policies and training are crucial for ensuring privacy practices and procedures are followed and understood by employees.
00:00 Introduction and Overview
03:05 Core Principles for Protecting Customer and Employee Data
05:48 Real-World Examples of Implementing Privacy Controls
10:03 Implementing Secure Coding Practices and Testing
12:52 Continuous Testing and Validation of Controls
16:35 Communicating Privacy and Security to the Board
19:22 Automation for Data Classification and Protection
22:31 Data Minimization Strategies
25:18 Micro Training for DLP Policy Triggers
27:34 Working with Legal and CFOs
31:16 Data Retention and Disposition Schedules
34:28 Privacy Training for Software Developers and IT Professionals
36:25 Contractual Obligations for Vendors Regarding Data Privacy
40:18 Options for Revoking Consent and Data Deletion
48:07 Data Deletion and Obfuscation
52:12 Mobile Device Management and Privacy
58:01 Effectiveness of Privacy Controls
58:52 Future Trends in Privacy
01:01:18 Importance of Policies and Training