$30 off During Our Annual Pro Sale. View Details »

Privacy by Design and Default

Privacy by Design and Default

Start safeguarding personal information of your users at the earliest beginning in a project and make it default.

In this talk I will go over the concepts of privacy by design and default where I will go deeper into the why and how of safeguarding your user's personal information.

DragonBe

April 12, 2023
Tweet

More Decks by DragonBe

Other Decks in Programming

Transcript

  1. Privacy by
    design & default

    View Slide

  2. This presentation is cookie free
    It does not track you, nor does it require any
    personal preferences to keep.
    No cookies need to be accepted since there are
    none to give.

    View Slide

  3. Hi 👋
    I care about your privacy… not you
    Michelangelo van Dam

    View Slide

  4. In recent news
    Latitude Financial vows not to pay ransom to
    hackers in wake of massive data breach
    The Guardian|15 hours ago
    Yum Brands Discloses Data Breach
    Following Ransomware Attack
    SecurityWeek|8 hours ago
    University of Hawaii Maui Reveals February
    Data Breach
    Government Technology|22 hours ago
    Dutch National Railway data breach impacts
    780,000 customers
    Bitdefender|7 days ago
    Millions affected by Dutch data breach:
    Here's what we know
    IamExpat|1 week ago
    VodafoneZiggo caught in Dutch data breach
    TelcoTitans|2 weeks ago

    View Slide

  5. Assume data breach
    Prove me wrong, I dare you 😈

    View Slide

  6. GDPR Article 25
    Privacy by Design and Default

    View Slide

  7. 7 principles to remember
    1. Proactive not Reactive
    2. Privacy as the Default Setting
    3. Privacy Embedded into Design
    4. Full Functionality
    5. End-to-End Security
    6. Visibility and Transparency
    7. Respect for User Privacy

    View Slide

  8. Refreshing your memory
    1. Less is more: request only the minimum amount of personal
    information for your services or products
    2. Protect it: apply strong encryption on your storages, preferably
    in a way that you can not access it
    3. No longer as needed: remove personal information the
    moment you no longer need it or are obliged to keep it
    4. Monitor access: know who accessed this personal information,
    when they accessed it, and for what purpose
    5. Don’t share: your customers are doing business with you, not
    your partners

    View Slide

  9. Less is more

    View Slide

  10. Online retail primary target

    View Slide

  11. Protect it

    View Slide

  12. Unauthorized account takeover & identity theft

    View Slide

  13. No longer as needed

    View Slide

  14. 15 years of data disrupts performance

    View Slide

  15. Monitor access

    View Slide

  16. GGD Covid patient info sold by insider

    View Slide

  17. Do not share!!!

    View Slide

  18. Share success stories, not customer data

    View Slide

  19. I have a
    business to
    run, stop
    selling me this
    BS!!!

    View Slide

  20. Privacy Driven Development
    It’s just another way of looking at the problem

    View Slide

  21. Cross functional team
    Business
    Legal
    Security
    Development
    Organizational goals
    and objectives

    View Slide

  22. Customer decides when to use their information
    Customer
    Long term data
    Transactional
    data
    Encrypted
    storage
    Encrypted
    storage
    Org
    Key
    User
    Key
    User key unlocks information
    for transactions
    Hard
    copy
    Data is destroyed after
    transaction is completed
    1
    2

    View Slide

  23. Pseudonymization in user interfaces
    Customer #
    FCA59AB
    78B8A102
    FD87CC81
    Name
    A. Adams
    B. Bakers
    C. Custers
    Location
    Antwerp (BE)
    Bonn (DE)
    Rotterdam (NL)
    Email
    Send email
    Send email
    Send email
    Phone
    Make call
    Make call
    Make call
    UUID Limited info City & Country
    Internal System
    knows, not user
    Internal System
    knows, not user

    View Slide

  24. Code samples

    View Slide

  25. User and UserShield classes
    User
    string userId (UUID)
    bool anonymous
    string userName
    string password
    string privateKey
    getUserId(): string
    isAnonymous(): bool
    getUserName(): string
    getPassword(): string
    getPrivateKey(): string
    UserShield
    string privateKey
    encrypt(string $clearText): string
    decrypt(string $cipherText): string
    ::encryptIt(string $privateKey, string $clearText): string
    ::decryptIt(string $privateKey, string $cipherText): string
    ::generatePrivateKey(int $length): string
    UserShield Source Code: in2.se/UserShield

    View Slide

  26. Default user is anonymous
    declare(strict_types=1);
    final class User
    {
    private string $userId;
    private bool $anonymous;
    private string $userName;
    private string $password;
    private string $privateKey;
    public function __construct(
    string $userId = '',
    string $userName = '',
    string $password = '',
    string $privateKey = ''
    ) {
    $this->userId = $userId;
    $this->anonymous = ('' === $userName);
    $this->userName = $userName;
    $this->password = $password;
    $this->privateKey = $privateKey;
    }
    }
    declare(strict_types=1);
    $user = new User();
    if (!$user->isAnonymous()) {
    echo 'Hello ' . $user->getUserName();
    } else {
    echo 'Hello dear visitor';
    }
    // Output: Hello dear visitor

    View Slide

  27. User enabled encryption for data 1/2
    declare(strict_types=1);
    // Registration form data
    $userName = 'DragonBe';
    $password = 'Can I haz c00kies?'
    ;
    // Generated by the system for a new registration
    // Otherwise data comes from database
    $userId = 'FF4AF873-F2EB-458D-9981-7070617FE7DB'
    ;
    $encryptionKey = UserShield::generatePrivateKey();
    // Registered User model
    $user = new User($userId, $userName, $password, $encryptionKey);

    View Slide

  28. User enabled encryption for data 2/2
    // Registration of email address and shipping address via web form
    $emailAddress = '[email protected]';
    $shippingAddres = new Address(
    street: 'Kerkstraat',
    number: '123',
    postalCode: '2000',
    city: 'Antwerp',
    countryCode: 'BE'
    );
    $userMeta = new UserMeta($user->getUserId(), $emailAddress, $shippingAddres);
    $repository = new Repository();
    // Keep records for transactions for a limited time
    // Can be encrypted by a universal encryption key
    $repository->storeTransactionMeta($userMeta);
    // Keep records for longer time period, securely encrypting the data
    // using the user's own encryption key
    $repository->persistUserMeta($userMeta, $user);

    View Slide

  29. Encrypted storage
    object(stdClass)#6 (7) {
    ["userId"]=>
    string(36) "FF4AF873-F2EB-458D-9981-7070617FE7DB"
    ["emailAddress"]=>
    string(84)
    "Vm5RODBab3NJa3BsMnZyK1h5ZGw2UTg4cUpaT0hCRWQ4ekIxdTdhUnN5MD06Oq5ZkUcTR+KqzNJRR0SnpVk="
    ["street"]=>
    string(56) "M05xOUdxbjBYeXp4VVF6MG52d0JyQT09OjqXVO/pYUm2st8vbieNvwK7"
    ["number"]=>
    string(56) "NXFiSWp2U3Q3dGtPVFl2c2wwWGVkQT09OjryDqbwJsClOK9OHDeP7j4U"
    ["postalCode"]=>
    string(56) "TzVoRUNiYWpTOUQ2NUxSNmY5YTB6dz09OjqaX5GA9agIJS/eRKAlYZ3w"
    ["city"]=>
    string(56) "MHh5b2NyN0xaK1pCQVdUZDk2dGg5QT09OjrkTWwA0iq0DhoHxD18ZrJm"
    ["countryCode"]=>
    string(56) "Qm5McVFuejhmc1F5dWx4TytCZjFCdz09Ojof2uJfoh7FzEPr3+jxs1Af"
    }

    View Slide

  30. What about CRM and helpdesk support?
    You can create a separate table with pseudonymized data.
    Searches will occur on these pseudonymized records, referencing
    the ID of the user with generic information like city and country.
    In case of third-party solutions, be vigilant on how they protect your
    customer data and especially how they handle data removal. Be
    transparent in your privacy statement that you use this vendor and
    give your users the default option not to be included.

    View Slide

  31. Pseudonymized information
    object(stdClass)#7 (4) {
    ["userId"]=>
    string(8) "FF4AF873"
    ["name"]=>
    string(8) "DragonBe"
    ["emailAddress"]=>
    string(26) "[email protected]"
    ["location"]=>
    string(11) "Antwerp(BE)"
    }

    View Slide

  32. Remember: it’s NOT your data!

    View Slide

  33. Data breach impact: Identity theft
    Terrorists stole Olympic medallists identity
    The Olympic silver medallist swimmer Pieter Timmers has reacted with shock to the news that
    the terrorists involved in last March’s attacks used his identity when signing a contract with a
    utilities company. The three terrorists stole Timmers’ identity to arrange a power supply contract
    with the utilities company Lampiris for their safe house in the Brussels municipality of
    Schaarbeek.
    VRT | Sun 12 Mar 2017 - Link

    View Slide

  34. Recap
    1. Privacy must be by design and default
    2. Privacy is an organizational mindset to meet business needs
    3. Encrypt data in transit and in rest using individual keys
    4. Use pseudonymization when necessary (CRM, helpdesk)

    View Slide

  35. Thank you 🙏
    @DragonBe
    @[email protected]
    [email protected]
    Michelangelo van Dam
    in2.se/pdd-2023

    View Slide