Privacy by Design and Default

Transcript

1. Privacy by design & default

2. This presentation is cookie free It does not track you,

   nor does it require any personal preferences to keep. No cookies need to be accepted since there are none to give.

3. Hi 👋 I care about your privacy… not you Michelangelo

   van Dam

4. In recent news Latitude Financial vows not to pay ransom

   to hackers in wake of massive data breach The Guardian|15 hours ago Yum Brands Discloses Data Breach Following Ransomware Attack SecurityWeek|8 hours ago University of Hawaii Maui Reveals February Data Breach Government Technology|22 hours ago Dutch National Railway data breach impacts 780,000 customers Bitdefender|7 days ago Millions affected by Dutch data breach: Here's what we know IamExpat|1 week ago VodafoneZiggo caught in Dutch data breach TelcoTitans|2 weeks ago

5. Assume data breach Prove me wrong, I dare you 😈

6. GDPR Article 25 Privacy by Design and Default

7. 7 principles to remember 1. Proactive not Reactive 2. Privacy

   as the Default Setting 3. Privacy Embedded into Design 4. Full Functionality 5. End-to-End Security 6. Visibility and Transparency 7. Respect for User Privacy

8. Refreshing your memory 1. Less is more: request only the

   minimum amount of personal information for your services or products 2. Protect it: apply strong encryption on your storages, preferably in a way that you can not access it 3. No longer as needed: remove personal information the moment you no longer need it or are obliged to keep it 4. Monitor access: know who accessed this personal information, when they accessed it, and for what purpose 5. Don’t share: your customers are doing business with you, not your partners

9. Less is more

10. Online retail primary target

11. Protect it

12. Unauthorized account takeover & identity theft

13. No longer as needed

14. 15 years of data disrupts performance

15. Monitor access

16. GGD Covid patient info sold by insider

17. Do not share!!!

18. Share success stories, not customer data

19. I have a business to run, stop selling me this

    BS!!!

20. Privacy Driven Development It’s just another way of looking at

    the problem

21. Cross functional team Business Legal Security Development Organizational goals and

    objectives

22. Customer decides when to use their information Customer Long term

    data Transactional data Encrypted storage Encrypted storage Org Key User Key User key unlocks information for transactions Hard copy Data is destroyed after transaction is completed 1 2

23. Pseudonymization in user interfaces Customer # FCA59AB 78B8A102 FD87CC81 Name

    A. Adams B. Bakers C. Custers Location Antwerp (BE) Bonn (DE) Rotterdam (NL) Email Send email Send email Send email Phone Make call Make call Make call UUID Limited info City & Country Internal System knows, not user Internal System knows, not user

24. Code samples

25. User and UserShield classes User string userId (UUID) bool anonymous

    string userName string password string privateKey getUserId(): string isAnonymous(): bool getUserName(): string getPassword(): string getPrivateKey(): string UserShield string privateKey encrypt(string $clearText): string decrypt(string $cipherText): string ::encryptIt(string $privateKey, string $clearText): string ::decryptIt(string $privateKey, string $cipherText): string ::generatePrivateKey(int $length): string UserShield Source Code: in2.se/UserShield

26. Default user is anonymous <?php declare(strict_types=1); final class User {

    private string $userId; private bool $anonymous; private string $userName; private string $password; private string $privateKey; public function __construct( string $userId = '', string $userName = '', string $password = '', string $privateKey = '' ) { $this->userId = $userId; $this->anonymous = ('' === $userName); $this->userName = $userName; $this->password = $password; $this->privateKey = $privateKey; } } <?php declare(strict_types=1); $user = new User(); if (!$user->isAnonymous()) { echo 'Hello ' . $user->getUserName(); } else { echo 'Hello dear visitor'; } // Output: Hello dear visitor

27. User enabled encryption for data 1/2 <?php declare(strict_types=1); // Registration

    form data $userName = 'DragonBe'; $password = 'Can I haz c00kies?' ; // Generated by the system for a new registration // Otherwise data comes from database $userId = 'FF4AF873-F2EB-458D-9981-7070617FE7DB' ; $encryptionKey = UserShield::generatePrivateKey(); // Registered User model $user = new User($userId, $userName, $password, $encryptionKey);

28. User enabled encryption for data 2/2 // Registration of email

    address and shipping address via web form $emailAddress = '[email protected]'; $shippingAddres = new Address( street: 'Kerkstraat', number: '123', postalCode: '2000', city: 'Antwerp', countryCode: 'BE' ); $userMeta = new UserMeta($user->getUserId(), $emailAddress, $shippingAddres); $repository = new Repository(); // Keep records for transactions for a limited time // Can be encrypted by a universal encryption key $repository->storeTransactionMeta($userMeta); // Keep records for longer time period, securely encrypting the data // using the user's own encryption key $repository->persistUserMeta($userMeta, $user);

29. Encrypted storage object(stdClass)#6 (7) { ["userId"]=> string(36) "FF4AF873-F2EB-458D-9981-7070617FE7DB" ["emailAddress"]=> string(84)

    "Vm5RODBab3NJa3BsMnZyK1h5ZGw2UTg4cUpaT0hCRWQ4ekIxdTdhUnN5MD06Oq5ZkUcTR+KqzNJRR0SnpVk=" ["street"]=> string(56) "M05xOUdxbjBYeXp4VVF6MG52d0JyQT09OjqXVO/pYUm2st8vbieNvwK7" ["number"]=> string(56) "NXFiSWp2U3Q3dGtPVFl2c2wwWGVkQT09OjryDqbwJsClOK9OHDeP7j4U" ["postalCode"]=> string(56) "TzVoRUNiYWpTOUQ2NUxSNmY5YTB6dz09OjqaX5GA9agIJS/eRKAlYZ3w" ["city"]=> string(56) "MHh5b2NyN0xaK1pCQVdUZDk2dGg5QT09OjrkTWwA0iq0DhoHxD18ZrJm" ["countryCode"]=> string(56) "Qm5McVFuejhmc1F5dWx4TytCZjFCdz09Ojof2uJfoh7FzEPr3+jxs1Af" }

30. What about CRM and helpdesk support? You can create a

    separate table with pseudonymized data. Searches will occur on these pseudonymized records, referencing the ID of the user with generic information like city and country. In case of third-party solutions, be vigilant on how they protect your customer data and especially how they handle data removal. Be transparent in your privacy statement that you use this vendor and give your users the default option not to be included.

31. Pseudonymized information object(stdClass)#7 (4) { ["userId"]=> string(8) "FF4AF873" ["name"]=> string(8)

    "DragonBe" ["emailAddress"]=> string(26) "[email protected]" ["location"]=> string(11) "Antwerp(BE)" }

32. Remember: it’s NOT your data!

33. Data breach impact: Identity theft Terrorists stole Olympic medallists identity

    The Olympic silver medallist swimmer Pieter Timmers has reacted with shock to the news that the terrorists involved in last March’s attacks used his identity when signing a contract with a utilities company. The three terrorists stole Timmers’ identity to arrange a power supply contract with the utilities company Lampiris for their safe house in the Brussels municipality of Schaarbeek. VRT | Sun 12 Mar 2017 - Link

34. Recap 1. Privacy must be by design and default 2.

    Privacy is an organizational mindset to meet business needs 3. Encrypt data in transit and in rest using individual keys 4. Use pseudonymization when necessary (CRM, helpdesk)

35. Thank you 🙏 @DragonBe @[email protected] [email protected] Michelangelo van Dam in2.se/pdd-2023