Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Privacy by Design and Default

Privacy by Design and Default

Start safeguarding personal information of your users at the earliest beginning in a project and make it default.

In this talk I will go over the concepts of privacy by design and default where I will go deeper into the why and how of safeguarding your user's personal information.


April 12, 2023

More Decks by DragonBe

Other Decks in Programming


  1. This presentation is cookie free It does not track you,

    nor does it require any personal preferences to keep. No cookies need to be accepted since there are none to give.
  2. In recent news Latitude Financial vows not to pay ransom

    to hackers in wake of massive data breach The Guardian|15 hours ago Yum Brands Discloses Data Breach Following Ransomware Attack SecurityWeek|8 hours ago University of Hawaii Maui Reveals February Data Breach Government Technology|22 hours ago Dutch National Railway data breach impacts 780,000 customers Bitdefender|7 days ago Millions affected by Dutch data breach: Here's what we know IamExpat|1 week ago VodafoneZiggo caught in Dutch data breach TelcoTitans|2 weeks ago
  3. 7 principles to remember 1. Proactive not Reactive 2. Privacy

    as the Default Setting 3. Privacy Embedded into Design 4. Full Functionality 5. End-to-End Security 6. Visibility and Transparency 7. Respect for User Privacy
  4. Refreshing your memory 1. Less is more: request only the

    minimum amount of personal information for your services or products 2. Protect it: apply strong encryption on your storages, preferably in a way that you can not access it 3. No longer as needed: remove personal information the moment you no longer need it or are obliged to keep it 4. Monitor access: know who accessed this personal information, when they accessed it, and for what purpose 5. Don’t share: your customers are doing business with you, not your partners
  5. Customer decides when to use their information Customer Long term

    data Transactional data Encrypted storage Encrypted storage Org Key User Key User key unlocks information for transactions Hard copy Data is destroyed after transaction is completed 1 2
  6. Pseudonymization in user interfaces Customer # FCA59AB 78B8A102 FD87CC81 Name

    A. Adams B. Bakers C. Custers Location Antwerp (BE) Bonn (DE) Rotterdam (NL) Email Send email Send email Send email Phone Make call Make call Make call UUID Limited info City & Country Internal System knows, not user Internal System knows, not user
  7. User and UserShield classes User string userId (UUID) bool anonymous

    string userName string password string privateKey getUserId(): string isAnonymous(): bool getUserName(): string getPassword(): string getPrivateKey(): string UserShield string privateKey encrypt(string $clearText): string decrypt(string $cipherText): string ::encryptIt(string $privateKey, string $clearText): string ::decryptIt(string $privateKey, string $cipherText): string ::generatePrivateKey(int $length): string UserShield Source Code: in2.se/UserShield
  8. Default user is anonymous <?php declare(strict_types=1); final class User {

    private string $userId; private bool $anonymous; private string $userName; private string $password; private string $privateKey; public function __construct( string $userId = '', string $userName = '', string $password = '', string $privateKey = '' ) { $this->userId = $userId; $this->anonymous = ('' === $userName); $this->userName = $userName; $this->password = $password; $this->privateKey = $privateKey; } } <?php declare(strict_types=1); $user = new User(); if (!$user->isAnonymous()) { echo 'Hello ' . $user->getUserName(); } else { echo 'Hello dear visitor'; } // Output: Hello dear visitor
  9. User enabled encryption for data 1/2 <?php declare(strict_types=1); // Registration

    form data $userName = 'DragonBe'; $password = 'Can I haz c00kies?' ; // Generated by the system for a new registration // Otherwise data comes from database $userId = 'FF4AF873-F2EB-458D-9981-7070617FE7DB' ; $encryptionKey = UserShield::generatePrivateKey(); // Registered User model $user = new User($userId, $userName, $password, $encryptionKey);
  10. User enabled encryption for data 2/2 // Registration of email

    address and shipping address via web form $emailAddress = '[email protected]'; $shippingAddres = new Address( street: 'Kerkstraat', number: '123', postalCode: '2000', city: 'Antwerp', countryCode: 'BE' ); $userMeta = new UserMeta($user->getUserId(), $emailAddress, $shippingAddres); $repository = new Repository(); // Keep records for transactions for a limited time // Can be encrypted by a universal encryption key $repository->storeTransactionMeta($userMeta); // Keep records for longer time period, securely encrypting the data // using the user's own encryption key $repository->persistUserMeta($userMeta, $user);
  11. Encrypted storage object(stdClass)#6 (7) { ["userId"]=> string(36) "FF4AF873-F2EB-458D-9981-7070617FE7DB" ["emailAddress"]=> string(84)

    "Vm5RODBab3NJa3BsMnZyK1h5ZGw2UTg4cUpaT0hCRWQ4ekIxdTdhUnN5MD06Oq5ZkUcTR+KqzNJRR0SnpVk=" ["street"]=> string(56) "M05xOUdxbjBYeXp4VVF6MG52d0JyQT09OjqXVO/pYUm2st8vbieNvwK7" ["number"]=> string(56) "NXFiSWp2U3Q3dGtPVFl2c2wwWGVkQT09OjryDqbwJsClOK9OHDeP7j4U" ["postalCode"]=> string(56) "TzVoRUNiYWpTOUQ2NUxSNmY5YTB6dz09OjqaX5GA9agIJS/eRKAlYZ3w" ["city"]=> string(56) "MHh5b2NyN0xaK1pCQVdUZDk2dGg5QT09OjrkTWwA0iq0DhoHxD18ZrJm" ["countryCode"]=> string(56) "Qm5McVFuejhmc1F5dWx4TytCZjFCdz09Ojof2uJfoh7FzEPr3+jxs1Af" }
  12. What about CRM and helpdesk support? You can create a

    separate table with pseudonymized data. Searches will occur on these pseudonymized records, referencing the ID of the user with generic information like city and country. In case of third-party solutions, be vigilant on how they protect your customer data and especially how they handle data removal. Be transparent in your privacy statement that you use this vendor and give your users the default option not to be included.
  13. Pseudonymized information object(stdClass)#7 (4) { ["userId"]=> string(8) "FF4AF873" ["name"]=> string(8)

    "DragonBe" ["emailAddress"]=> string(26) "[email protected]" ["location"]=> string(11) "Antwerp(BE)" }
  14. Data breach impact: Identity theft Terrorists stole Olympic medallists identity

    The Olympic silver medallist swimmer Pieter Timmers has reacted with shock to the news that the terrorists involved in last March’s attacks used his identity when signing a contract with a utilities company. The three terrorists stole Timmers’ identity to arrange a power supply contract with the utilities company Lampiris for their safe house in the Brussels municipality of Schaarbeek. VRT | Sun 12 Mar 2017 - Link
  15. Recap 1. Privacy must be by design and default 2.

    Privacy is an organizational mindset to meet business needs 3. Encrypt data in transit and in rest using individual keys 4. Use pseudonymization when necessary (CRM, helpdesk)