Privacy by Design and Default

Privacy by
design & default

View Slide

This presentation is cookie free
It does not track you, nor does it require any
personal preferences to keep.
No cookies need to be accepted since there are
none to give.

View Slide

Hi 👋
I care about your privacy… not you
Michelangelo van Dam

View Slide

In recent news
Latitude Financial vows not to pay ransom to
hackers in wake of massive data breach
The Guardian|15 hours ago
Yum Brands Discloses Data Breach
Following Ransomware Attack
SecurityWeek|8 hours ago
University of Hawaii Maui Reveals February
Data Breach
Government Technology|22 hours ago
Dutch National Railway data breach impacts
780,000 customers
Bitdefender|7 days ago
Millions affected by Dutch data breach:
Here's what we know
IamExpat|1 week ago
VodafoneZiggo caught in Dutch data breach
TelcoTitans|2 weeks ago

View Slide

Assume data breach
Prove me wrong, I dare you 😈

View Slide

GDPR Article 25
Privacy by Design and Default

View Slide

7 principles to remember
1. Proactive not Reactive
2. Privacy as the Default Setting
3. Privacy Embedded into Design
4. Full Functionality
5. End-to-End Security
6. Visibility and Transparency
7. Respect for User Privacy

View Slide

Refreshing your memory
1. Less is more: request only the minimum amount of personal
information for your services or products
2. Protect it: apply strong encryption on your storages, preferably
in a way that you can not access it
3. No longer as needed: remove personal information the
moment you no longer need it or are obliged to keep it
4. Monitor access: know who accessed this personal information,
when they accessed it, and for what purpose
5. Don’t share: your customers are doing business with you, not
your partners

View Slide

Less is more

View Slide

Online retail primary target

View Slide

Protect it

View Slide

Unauthorized account takeover & identity theft

View Slide

No longer as needed

View Slide

15 years of data disrupts performance

View Slide

Monitor access

View Slide

GGD Covid patient info sold by insider

View Slide

Do not share!!!

View Slide

Share success stories, not customer data

View Slide

I have a
business to
run, stop
selling me this
BS!!!

View Slide

Privacy Driven Development
It’s just another way of looking at the problem

View Slide

Cross functional team
Business
Legal
Security
Development
Organizational goals
and objectives

View Slide

Customer decides when to use their information
Customer
Long term data
Transactional
data
Encrypted
storage
Encrypted
storage
Org
Key
User
Key
User key unlocks information
for transactions
Hard
copy
Data is destroyed after
transaction is completed
1
2

View Slide

Pseudonymization in user interfaces
Customer #
FCA59AB
78B8A102
FD87CC81
Name
A. Adams
B. Bakers
C. Custers
Location
Antwerp (BE)
Bonn (DE)
Rotterdam (NL)
Email
Send email
Send email
Send email
Phone
Make call
Make call
Make call
UUID Limited info City & Country
Internal System
knows, not user
Internal System
knows, not user

View Slide

Code samples

View Slide

User and UserShield classes
User
string userId (UUID)
bool anonymous
string userName
string password
string privateKey
getUserId(): string
isAnonymous(): bool
getUserName(): string
getPassword(): string
getPrivateKey(): string
UserShield
string privateKey
encrypt(string $clearText): string
decrypt(string $cipherText): string
::encryptIt(string $privateKey, string $clearText): string
::decryptIt(string $privateKey, string $cipherText): string
::generatePrivateKey(int $length): string
UserShield Source Code: in2.se/UserShield

View Slide

Default user is anonymous
declare(strict_types=1);
final class User
{
private string $userId;
private bool $anonymous;
private string $userName;
private string $password;
private string $privateKey;
public function __construct(
string $userId = '',
string $userName = '',
string $password = '',
string $privateKey = ''
) {
$this->userId = $userId;
$this->anonymous = ('' === $userName);
$this->userName = $userName;
$this->password = $password;
$this->privateKey = $privateKey;
}
}
$user = new User();
if (!$user->isAnonymous()) {
echo 'Hello ' . $user->getUserName();
} else {
echo 'Hello dear visitor';
}
// Output: Hello dear visitor

View Slide

User enabled encryption for data 1/2
// Registration form data
$userName = 'DragonBe';
$password = 'Can I haz c00kies?'
;
// Generated by the system for a new registration
// Otherwise data comes from database
$userId = 'FF4AF873-F2EB-458D-9981-7070617FE7DB'
;
$encryptionKey = UserShield::generatePrivateKey();
// Registered User model
$user = new User($userId, $userName, $password, $encryptionKey);

View Slide

User enabled encryption for data 2/2
// Registration of email address and shipping address via web form
$emailAddress = '[email protected]';
$shippingAddres = new Address(
street: 'Kerkstraat',
number: '123',
postalCode: '2000',
city: 'Antwerp',
countryCode: 'BE'
);
$userMeta = new UserMeta($user->getUserId(), $emailAddress, $shippingAddres);
$repository = new Repository();
// Keep records for transactions for a limited time
// Can be encrypted by a universal encryption key
$repository->storeTransactionMeta($userMeta);
// Keep records for longer time period, securely encrypting the data
// using the user's own encryption key
$repository->persistUserMeta($userMeta, $user);

View Slide

Encrypted storage
object(stdClass)#6 (7) {
["userId"]=>
string(36) "FF4AF873-F2EB-458D-9981-7070617FE7DB"
["emailAddress"]=>
string(84)
"Vm5RODBab3NJa3BsMnZyK1h5ZGw2UTg4cUpaT0hCRWQ4ekIxdTdhUnN5MD06Oq5ZkUcTR+KqzNJRR0SnpVk="
["street"]=>
string(56) "M05xOUdxbjBYeXp4VVF6MG52d0JyQT09OjqXVO/pYUm2st8vbieNvwK7"
["number"]=>
string(56) "NXFiSWp2U3Q3dGtPVFl2c2wwWGVkQT09OjryDqbwJsClOK9OHDeP7j4U"
["postalCode"]=>
string(56) "TzVoRUNiYWpTOUQ2NUxSNmY5YTB6dz09OjqaX5GA9agIJS/eRKAlYZ3w"
["city"]=>
string(56) "MHh5b2NyN0xaK1pCQVdUZDk2dGg5QT09OjrkTWwA0iq0DhoHxD18ZrJm"
["countryCode"]=>
string(56) "Qm5McVFuejhmc1F5dWx4TytCZjFCdz09Ojof2uJfoh7FzEPr3+jxs1Af"
}

View Slide

What about CRM and helpdesk support?
You can create a separate table with pseudonymized data.
Searches will occur on these pseudonymized records, referencing
the ID of the user with generic information like city and country.
In case of third-party solutions, be vigilant on how they protect your
customer data and especially how they handle data removal. Be
transparent in your privacy statement that you use this vendor and
give your users the default option not to be included.

View Slide

Pseudonymized information
object(stdClass)#7 (4) {
["userId"]=>
string(8) "FF4AF873"
["name"]=>
string(8) "DragonBe"
["emailAddress"]=>
string(26) "[email protected]"
["location"]=>
string(11) "Antwerp(BE)"
}

View Slide

Remember: it’s NOT your data!

View Slide

Data breach impact: Identity theft
Terrorists stole Olympic medallists identity
The Olympic silver medallist swimmer Pieter Timmers has reacted with shock to the news that
the terrorists involved in last March’s attacks used his identity when signing a contract with a
utilities company. The three terrorists stole Timmers’ identity to arrange a power supply contract
with the utilities company Lampiris for their safe house in the Brussels municipality of
Schaarbeek.
VRT | Sun 12 Mar 2017 - Link

View Slide

Recap
1. Privacy must be by design and default
2. Privacy is an organizational mindset to meet business needs
3. Encrypt data in transit and in rest using individual keys
4. Use pseudonymization when necessary (CRM, helpdesk)

View Slide

Thank you 🙏
@DragonBe
@[email protected]
[email protected]
Michelangelo van Dam
in2.se/pdd-2023

View Slide

Privacy by Design and Default

Privacy by Design and Default

DragonBe

More Decks by DragonBe

Other Decks in Programming

Featured

Transcript