• How AI system enablement differs from AI governance and why we should focus on AI as part of privacy engineering 
• Why Eric and Amalia designed an AI systems certificate course that bridges the gaps between privacy engineers and privacy attorneys
• The unique ideas and practices presented in this course and what attendees will take away 
• Frameworks, cases, and mental models that Eric and Amalia will cover in their course
• How Eric & Amalia structured the Privacy Engineering in AI Systems Certificate program's coursework 
• The importance of upskilling for privacy engineers and attorneys

Resources Mentioned:

• Enroll in the 'Privacy Engineering in AI Systems Certificate program' (Save $300 with promo code: PODCAST300 - enter this into the Inquiry Form instead of directly purchasing the course)
• Read: 'The Privacy Engineer's Manifesto'
• Take the free European Commission's course, 'Understanding Law as Code'

Guest Info: 

• Connect with Amalia on LinkedIn
• Connect with Eric on LinkedIn
• Learn about Designing Privacy

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

• What inspired Gianclaudio to research fairness and PETs
• How PETs are about power and control
• The legal / GDPR and computer science perspectives on 'fairness'
• How fairness relates to discrimination, social injustices, and market power imbalances 
• How data obfuscation techniques relate to AI / ML 
• How well the use of anonymization, pseudonymization, and synthetic data techniques address data protection challenges under the GDPR
• How the use of differential privacy techniques may led to unfairness 
• Whether the use of encrypted data processing tools and federated and distributed analytics achieve fairness 
• 3 main PET shortcomings and how to overcome them: 1) bias discovery; 2) harms to people belonging to protected groups and individuals autonomy; and 3) market imbalances.
• Areas that warrant more research and investigation 

Resources Mentioned:

• Read: "The Unfair Side of Privacy Enhancing Technologies: Addressing the Trade-offs Between PETs and Fairness"

Guest Info: 

• Connect with Gianclaudio on LinkedIn
• Learn more about Brussles Privacy Hub

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Throughout our conversation, we dive into privacy concerns in augmented reality (AR), virtual reality (VR), and the metaverse, highlighting increased data misuse and manipulation risks as technology progresses. Avi shares his insights on how product and development teams can continue to be innovative while still upholding responsible, ethical standards with clear principles and guidelines to protect users' personal data. Plus, he explains the role of eye-tracking technology and why he advocates classifying its data as health data. We also discuss the challenges of anonymizing biometric data, informed consent, and the need for ethics training in all of the tech industry. 

Topics Covered: 

• The top privacy and misinformation issues that Avi has noticed when it comes to AR, VR, and metaverse data
• Why Avi advocates for classifying eye tracking data as health data 
• The dangers of unchecked AI manipulation and why we need to be more aware and in control of our online presence 
• The ethical considerations for experimentation in highly regulated industries
• Whether it is possible to anonymize VR and AR data
• Ways these product and development teams can be innovative while maintaining ethics and avoiding harm 
• AR risks vs VR risks
• Advice and privacy principles to keep in mind for technologists who are building AR and VR systems 
• Understanding The XR Guild 

Resources Mentioned:

• Read: The Battle for Your Brain: Defending the Right to Think Freely in the Age of Neurotechnology
• Read: Our Next Reality

Guest Info: 

• Connect with Avi on LinkedIn
• Check out the XR Guild
• Learn about Avi's Consulting Services

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

• Matt’s background and how he started A/B testing and experimentation at Conductrics
• The major challenges that arise when companies run experiments and how Conductrics works to solve them 
• Breaking down A/B testing
• How being intentional about A/B testing and experimentation supports high level privacy
• The process of the data collection, testing, and experimentation 
• Collecting the data while minimizing privacy risks 
• The value of attending the USENIX Conference on Privacy Engineering Practice & Respect (PEPR24) and what to expect from Matt’s talk 

Guest Info: 

• Connect with Matt on LinkedIn
• Learn more about Conductrics
• Read about George Box's quote, "All models are wrong" 
• Learn about the PEPR Conference

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Dark patterns are interfaces that deceive or manipulate users into unintended actions by exploiting cognitive biases inherent in decision-making processes. Marie explains how dark patterns are harmful to our economic and democratic models, their negative impact on individual agency, and the ways that FairPatterns provides countermeasures and safeguards against the exploitation of people's cognitive biases. She also shares tips for designers and developers for designing and architecting fair patterns.

Topics Covered: 

• Why Marie shifted her career path from practicing law to deploying and lecturing on Legal UX design & combatting Dark Patterns at Amurabi
• The definition of ‘Dark Patterns’ and the difference between them and ‘deceptive patterns’
• What motivated Marie to found FairPatterns.com and her science-based methodology to combat dark patterns
• The importance of decision making governance 
• Why execs should care about preventing dark patterns from being coded into their websites, apps, & interfaces
• How dark patterns exploit our cognitive biases to our detriment
• What global laws say about dark patterns
• How dark patterns create structural risks for our economies & democratic models
• How "Fair Patterns" serve as countermeasures to Dark Patterns
• The 7 categories of Dark Patterns in UX design & associated countermeasures 
• Advice for designers & developers to ensure that they design & architect Fair Patterns when building products & features
• How companies can boost sales & gain trust with Fair Patterns 
• Resources to learn more about Dark Patterns & countermeasures

Guest Info: 

• Connect with Marie on LinkedIn
• Learn more about Amurabi
• Check out FairPatterns.com

Resources Mentioned:

• Learn about the 7 Stages of Action Model
• Take FairPattern's course: Dark Patterns 101 
• Read Deceptive Design Patterns
• Listen to FairPatterns' Fighting Dark P

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Topics Covered: 

• Aaron’s deep privacy and consulting background and how he ended up leading HP's Privacy Engineering Center of Excellence 
• The definition of a "Center of Excellence" (CoE) and how a Privacy Engineering CoE can drive value for an organization and shift privacy left
• What motivates a company like HP to launch a CoE for Privacy Engineering and what it's reporting line should be
• Aaron's approach to creating a Privacy Engineering CoE roadmap; his strategy for staffing this CoE; and the skills & abilities that he sought
• How HP's Privacy Engineering CoE works with the business to advise on, and select, the right PETs for each business use case
• Why it's essential to know the privacy guarantees that your organization wants to assert before selecting the right PETs to get you there
• Lessons Learned from setting up a Privacy Engineering CoE and how to get executive sponsorship
• The amount of time that Privacy teams have had to work on AI issues over the past year, and advice on preventing burnout
• Aaron's hypothesis about the value of getting an early handle on governance over the adoption of innovative technologies
• The importance of being open to continuous learning in the field of privacy engineering 

Guest Info: 

• Connect with Aaron on LinkedIn
• Learn about HP's Privacy Engineering Center of Excellence
• Review the OWASP Machine Learning Security Top 10
• Review the OWASP Top 10 for LLM Applications

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

• How Amaka's compliance-focused experience at Microsoft helped prepare her for her Privacy Engineering role at Cruise
• Where privacy overlaps with the development of AI 
• Advice for shifting privacy left to make privacy stretch beyond a compliance exercise
• What works well and what doesn't when building a 'Culture of Privacy'
• Privacy by Design approaches that make privacy & innovation a win-win rather than zero-sum game
• Privacy Engineering trends that Amaka sees; and, the PETs about which she's most excited
• Amaka's Privacy Engineering resource recommendations, including: 
  • Hoepman's "Privacy Design Strategies" book;
  • The LINDDUN Privacy Threat Modeling Framework; and
  • The PLOT4AI Framework
• "The PALS Parlor Podcast," focused on Privacy Engineering, AI Governance, Leadership, & Security
  • Why Amaka launched the podcast;
  • Her intended audience; and
  • Topics that she plans to cover this year
• The importance of collaboration; building a community of passionate privacy engineers, and addressing the systemic issue of privacy 

Guest Info & Resources:

• Follow Amaka on LinkedIn
• Listen to The PALS Parlor Podcast
• Read Jaap-Henk Hoepman's "Privacy Design Strategies (The Little Blue Book)"
• Read Jason Cronk's "Strategic Privacy by Design, 2nd Edition"
• Check out The LINDDUN Privacy Threat Modeling Framework
• Check out The Privacy Library of Threats for Artificial Intelligence (PLO

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

• Heidi’s journey into privacy law and advocacy for privacy by design and default
• How the FTC brings enforcement actions, the effect of their settlements, and why privacy engineers should pay closer attention
• Case 1: FTC v. InMarket Media - Heidi explains the implication of the decision: where data that are linked to a mobile advertising identifier (MAID) or an individual's home are not considered de-identified
• Case 2: FTC v. X-Mode Social / OutLogic - Heidi explains the implication of the decision, focused on: affirmative express consent for location data collection; definition of a 'data product assessment' and audit programs; and data retention & deletion requirements
• Case 3: FTC v. Avast - Heidi explains the implication of the decision: 'browsing data' is considered 'sensitive data'
• Case 4: The People (CA) v. DoorDash - Heidi explains the implications of the decision, based on CalOPPA: where companies that share personal data with one another as part of a 'marketing cooperative' are, in fact, selling of data
• Heidi discusses recent State Enforcement Sweeps for privacy, specifically in Colorado and Connecticut and clarity around breach reporting timelines
• The need to prioritize independent third-party audits for privacy
• Case 5: FTC v. Kroger - Heidi explains why the FTC's blocking of Kroger's merger with Albertson's was based on antitrust and privacy harms given the sheer amount of personal data that they process
• Tools and resources for keeping up with FTC cases and connecting with your privacy community 

Guest Info: 

• Follow Heidi on LinkedIn
• Read (book):  'Means of Control: How the Hidden Alliance of Tech and Government is Creating a New American Surveillance State'

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Chris shares his journey as a privacy-focused entrepreneur and his mission to prioritize privacy and decentralization in managing personal data. He also explains the digital minimalist movement and why its teachings reach beyond the industry. Chris touches on Yorba's collaboration with Consumer Reports to implement Permission Slip and creating a Data Rights Protocol ecosystem that automates data deletion for consumers. Chris also emphasizes the benefits of decentralized identity and storage solutions in improving personal privacy and security. Finally, he gives you a sneak peek at what's next in store for Yorba.

Topics Covered: 

• How Yorba was designed as a privacy-1st consumer CRM platform; the problems that Yorba solves; and key product functionality & privacy features
• Why Chris decided to bring a consumer product to market for privacy rather than a B2B product
• Why Chris incorporated Yorba as a 'Public Benefit Corporation' (PBC) and sought B Corp status
• Exploring 'Digital Minimalism' 
• How Yorba's is working with Consumer Reports to advance the CR Data Rights Protocol, leveraging 'Permission Slip' - an authorized agent for consumers to submit data deletion requests
• The architectural design decisions behind Yorba’s personal CRM system 
• The benefits to using Matomo Analytics or Fathom Analytics for greater privacy vs. using Google Analytics 
• The privacy benefits to deploying 'Decentralized Identity' & 'Decentralized Storage' architectures
• Chris' vision for the next stage of the Internet; and, the future of Yorba

Guest Info: 

• Follow/Connect with Chris on LinkedIn
• Check out Yorba's website 

Resources Mentioned: 

• Read: TechCrunch's review of Yorba
• Read: 'Digital Minimalism - Choosing a Focused Life In a Noisy World' by Cal Newport
• Subscribe to the Bullet Journal (AKA Bujo) on Digital Minimalism by Ryder Carroll
• Learn  about Consumer Reports' Permission Slip Protocol 
• Check out Matomo Analytics  and Fathom  for privacy-first analy

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Topics Covered: 

• What inspired Jake’s initial shift from security engineering to privacy engineering, with a focus on privacy implementation
• How Jake's previous role at Axon helped him shift his mindset to privacy
• Jake’s holistic approach to implementing privacy 
• The qualities of a successful implementation and the consequences of an unsuccessful implementation
• The challenges of implementing privacy in large organizations 
• Common blockers to the deployment of anonymization
• Jake’s perspective on using differential privacy techniques to achieve anonymity
• Common blockers to implementing consent management capabilities
• The importance of understanding data flow & lineage, and auditing data deletion 
• Holistic approaches to implementing a streamlined and compliant DSAR process with minimal business disruption 
• Why Jake believes it's important to maintain a servant-leader mindset in privacy

Guest Info: 

• Connect with Jake on LinkedIn
• Integrative Privacy LLC

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

• Steve's origin story; his accidental entry into identity & access management (IAM)
• Steve's perspective as a 'Nonconformist Innovator' and why he launched 'The Nonconformist Innovation Podcast'
• The intersection of privacy & identity
• How to address organizational resistance to change, especially with lean resources
• Benefits gained from 'Tipping Point Leadership'
• 4 common hurdles to tipping point leadership 
• How to be a successful tipping point leader within a very bottom-up focused organization
• 'Consumer IAM' & the driving need for modernizing identity in Washington State
• How Steve has approached the challenges related to privacy, ethics & equity 
• Differences between the mobile driver's license (mDL) & verified credentials (VC) standards & technology
• How States are approaching the implementation of  mDL in different ways and the privacy benefits of 'selective disclosure'
• Steve's advice for privacy technologists to best position them and their orgs at the forefront of privacy and security innovation
• Steve recommended books for learning more about tipping point leadership

Guest Info: 

• Connect with Steve on LinkedIn
• Listen to The Nonconformist Innovation Podcast 

Resources Mentioned: 

• Steve's Interview with Tom Kemp
• Tipping Point Leadership books:
  • On Change Management 
  • Organizational Behavior
  • Ethics in the Age of Disruptive Technologies: An Operational Roadm

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

• Jake’s career journey and why he landed on supporting software developers 
• How Jake build Data Protocol and it’s community 
• What 'shifting privacy left' means to Jake
• Data Protocol's Privacy Engineering Courses, Labs, & Certification Program and what developers will take away
• The difference between Data Protocol's free Privacy Courses and paid Certification
• Feedback from customers and & trends observed
• Whether tech companies have seen improvement in engineers' ability to embed privacy into the development of products & services after completing the Privacy Engineering courses and labs 
• Other privacy-related courses available on Data Protocol, and privacy courses  on the roadmap
• Ways to leverage communications to surmount current challenges
• How organizations can make their developers accountable for privacy, and the importance of aligning responsibility, accountability & business processes
• How Debra would operationalize this accountability into an organization
• How you can use the PrivacyCode.ai privacy tech platform to enable the operationalization of privacy accountability for developers

Resources Mentioned: 

• Check out Data Protocol's courses, based on topic
• Enroll in The Privacy Engineering Certification Program (courses are free)
• Check out S3E2: 'My Top 20 Privacy Engineering Resources for 2024' 

Guest Info: 

• Connect with Jake on LinkedIn

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Topics Covered:

• Jay’s unique professional journey from Attorney to Privacy Engineer
• Jay’s big mindset shift from serving as Privacy Counsel to Privacy Engineer, from a day-to-day and internal perspective
• Why constant learning is essential in the field of privacy engineering, requiring us to keep up with ever-changing laws, standards, and technologies
• Jay’s comparison of what it's like to work for Twitter vs. Microsoft when it comes to how each company focuses on privacy and data protection 
• Two ways to determine Privacy Program Maturity, according to Jay
• How engineering-focused organizations can unify around a corporate privacy strategy and how privacy pros can connect to people beyond their siloed teams
• Why building and maintaining relationships is the key for privacy engineers to be seen as enablers instead of blockers 
• A detailed look at the 'Technical Privacy Review' process
• A peak into Privacy Quest’s gamified privacy engineering platform and the events that Jay & Debra are leading as part of its DPD'24 Festival Village month-long puzzles and events
• Debra's & Jay's experiences at the USENIX PEPR'23; why it provided so much value for them both; and, why you should consider attending PEPR'24  
• Ways to utilize online Slack communities, LinkedIn, and other tools to stay active in the privacy engineering world

Resources Mentioned:

• Review talks from the University of Illinois 'Privacy Everywhere Conference 2024'
• Join the Privacy Quest Village's 'Data Privacy Day’24 Festival' (through Feb 18th)
• Submit a Proposal / Register for the USENIX PEPR ‘24 Conference

Guest Info:

• Connect with Jay on LinkedIn

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

1. Privado's Free Course: 'Technical Privacy Masterclass'
2. OpenMined's Free Course: 'Our Privacy Opportunity' 
3. Data Protocol's Privacy Engineering Certification Program
4. The Privacy Quest Platform & Games; Bonus: The Hitchhiker's Guide to Privacy Engineering
5. 'Data Privacy: a runbook for engineers by Nishant Bhajaria
6. 'Privacy Engineering, a Data Flow and Ontological Approach' by Ian Oliver
7. 'Practical Data Privacy: enhancing privacy and security in data' by Katharine Jarmul
8. Strategic Privacy by Design, 2nd Edition by R. Jason Cronk
9. 'The Privacy Engineer's Manifesto: getting from policy to code to QA to value' by Michelle Finneran-Dennedy, Jonathan Fox and Thomas R. Dennedy 
10. USENIX Conference on Privacy Engineering Practice and Respect (PEPR)
11. IEEE's The International Workshop on Privacy Engineering (IWPE)
12. Institute of Operational Privacy Design (IOPD)
13. 'The Shifting Privacy Left Podcast,' produced and hosted by Debra J Farber and sponsored by Privado
14. Monitaur's 'The AI Fundamentalists Podcast' hosted by Andrew Clark & Sid Mangalik
15. Skyflow's 'Partially Redacted Podcast' with Sean Falconer
16. The LINDDUN Privacy Threat Model Framework & LINDDUN GO Card Game
17. The Privacy Library Of Threats 4 Artificial Intelligence (PLOT4ai) Framework & PLOT4ai Card Game
18. The IAPP Privacy Engineering Section
19. The NIST Privacy Engineering Program Collaboration Space
20. The EDPS Internet Privacy Engineering Network (IPEN)

Read “Top 20 Privacy Engineering Resources” on Privado’s Blog.

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

• Patricia’s professional journey from starting a Ph.D. in Acoustic Forensics to co-founding an AI company
• Why Private AI’s mission is to solve privacy problems and create a platform for developers to modularly and flexibly integrate it anywhere you want in your software pipeline, including  model ingress & egress
• How companies can avoid mishandling personal information when leveraging AI / machine learning; and Patricia’s advice to companies to avoid mishandling personal information 
• Why keeping track of ever-changing data collection and regulations make it hard to find personal information
• Private AI's privacy-enabling architectural approach to finding personal data to prevent it from being used by or stored in an AI model
• The approach that Privacy AI took to design their software
• Private AI's extremely high matching rate, and how they aim for 99%+ accuracy
• Private AI's roadmap & R&D efforts
• Debra & Patricia discuss AI Regulation and Patricia's insights from her article 'Thoughts on AI Regulation'
• A foreshadowing of AI’s copyright risk problem and whether regulations or licenses can help
• ChatGPT’s popularity, copyright, and the need for embedding privacy, security, and safety by design from the beginning (in the MVP)
• How to reach out to Patricia to connect, collaborate, or access a demo
• How thinking about the fundamentals gets you a good way on your way to ensuring privacy & security

Resources Mentioned:

• Read: Yoshua Bengio’s blog post: "How Rogue AI's May Arise"
• Read: Microsoft's Digital Defense Report 2023
• Read Patricia’s article, “Thoughts on AI Regulation” 

Guest Info:

• Connect with Patricia on LinkedIn
• Check out

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Topics Covered:

• Kevin’s origin story, from serving in the Navy to founding AHvos
• How Kevin thinks about privacy and the architectural approach he took when building AHvos
• The challenges of processing personal data, 'security for privacy,' and the applicability of the GDPR when using AHvos
• Kevin explains the benefits of Contextually Responsive Intelligence (CRI): which abstracts out raw data to protect privacy; finds & creates relevant data in response to a query; and identifies & corrects inaccurate dataset labels
• How human-created algorithms and oversight influence AI parameters and model bias; and, why transparency is so important
• How customer data is ingested into models via AHvos
• Why it is important to remove bias from Testing Data, not only Training Data; and, how AHvos ensures accuracy 
• How AHvos' Data Crucible identifies & corrects inaccurate data set labels
• Kevin's advice for privacy engineers as they tackle AI challenges in their own organizations
• The impact of technical debt on companies and the importance of building slowly & correctly rather than racing to market with insecure and biased AI models
• The importance of baking security and privacy into your minimum viable product (MVP), even for products that are still in 'beta' 

Guest Info:

• Connect with Kevin on LinkedIn
• Check out AHvos
• Check out Trinsic Technologies

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

• Nabanita’s origin story, from conducting AI research at Microsoft as an intern all the way to founding Privacy License
• How Privacy License supports enterprises entering the global market while protecting privacy as a human right
• A comparison between Nabanita's experience as a corporate role as Privacy Engineering Manager at Remitly versus her entrepreneurial role as Founder-in-Residence at Antler
• How PrivacyGPT, a Chrome browser plugin, empowers people to use ChatGPT with added privacy protections and without compromising data privacy standards by redacting sensitive and personal data before sending to ChatGPT
• NLP techniques that Nabanita leveraged to build out PrivacyGPT, including: 'regular expressions,' 'parts of speech tagging,' & 'name entity recognition'
• How PrivacyGPT can be used to protect privacy across nearly all languages, even where a user has no Internet connection
• How to use Product Hunt to gain visibility around a newly-launched product; and whether it's easier to raise a financial round in the AI space right now
• Nabanita’s advice for software engineers who might found a privacy or AI startup in the near future
• Why Nabanita created a Privacy Champions Program; and how it provides (non)-privacy folks with recommendations to prioritize privacy within their organizations
• How to sign up for PrivacyGPT’s paid pilot app, connect with Nabanita to collaborate, or subscribe to "Nabanita's Moonshots Newsletter" on LinkedIn

Resources Mentioned:

• Check out Privacy License
• Learn more about PrivacyGPT
• Install the PrivacyGPT Chrome Extension
• Learn about Data Privacy Week 2024

Guest Info:

• Connect with Nabanita on LinkedIn
• Subscribe to the Nabanita's Moonshots Newsletter
• Learn more about The Nabinita De Foundation 
• Learn more about Covid Help for India
• Learn more about Project FiB

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Topics Covered:

• Introducing Luke Beckley (DPO, Privacy & Governance Manager at Correla) and Yusra Ahmed (CEO of Acuity Data); who are here to talk about their data ethics work at The RED Foundation
• How the scope, sophistication, & connectivity of data is increasing exponentially in the real estate industry
• Why ESG, workplace experience, & smart city development are drivers of data collection; and the need for data ethics reform within the real estate industry
• Discussion of types of personal data these real estate companies collect & use across stakeholders: owners, operators, occupiers, employees, residents, etc.
• Current approaches that retailers take to protect location data, when collected; and why it's important to simplify language,  increase transparency, & make  consumers aware of tracking in in-store WIFi privacy notices
• Overview of The RED Foundation & mission: to ensure the real estate sector benefits from an increased use of data, avoids some of the risks that this presents, and is better placed to serve society
• Some ethical questions with which the real estate sector needs to still align, along with examples
• Why there’s a need to educate the real estate industry on privacy-enhancing tech
• The need for privacy engineers and PETs in real estate; and why this will build trust with the different stakeholders
• Guidance for privacy engineers who want to work in the real estate sector.
• Ways to collaborate with The RED Foundation to standardize data ethics practices across the real estate industry
• Why there's great opportunity to embed privacy into real estate; and why its current challenges are really obstacles, rather than blockers.

Resources Mentioned:

• Check out The RED Foundation

Guest Info:

• Follow Yusra on LinkedIn
• Follow Luke on LinkedIn

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Topics Covered:

• How the privacy contracting market compares and contrasts to the full-time hiring market; and, why we currently see a steep rise in privacy contracting
• Why full-time hiring for privacy engineers won't likely rebound until Q4 2024; and, how hiring for privacy typically follows a 2-year cycle
• Why companies & employees benefit from fractional contracts; and, the differences between contracting types: 'Part-Time - Impact,' 'Part-Time - Perpetual,' and 'Secondee'
• How hiring managers typically find privacy engineering candidates
• Why it's far more difficult to hire privacy engineers for contracts; and, how a staffing partner like TRU can supercharge your hiring efforts and avoid the pitfalls of a "do-it-yourself" approach
• How contract work benefits privacy engineers financially, while also providing them with project diversity
• How salaries are calculated for privacy engineers; and, the driving forces behind pay discrepancies across privacy roles
• Jared's advice to 2024 job seekers, based on his market predictions; and, why privacy contracting increases 'speed to hire' compared to hiring FTEs
• Why privacy engineers can earn more money by changing jobs in 2024 than they could by seeking raises in their current companies; and discussion of 2024 salary ranges across industry segments
• Jared's advice on how privacy engineers can best position themselves to contract hiring managers in 2024
• Recommended resources for privacy engineering employers and job seekers

Resources Mentioned:

• Read: "State of the Privacy Job Market Q3 2023”
• Subscribe to TRU Insights

Guest Info:

• Connect with Jared on LinkedIn
• Learn more about TRU Staffing Partners
• Engineering Managers: Check out TRU Staffing Data Privacy Staffing solutions
• PE Candidates: Apply to

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

TOPICS COVERED:

• What inspired Mat & Alja to co-found Tethix and the company's core mission
• What the 'Intent to Action Gap' is and how Tethix address it
• Overview of Tethix's Elemental Ethics framework; and how it empowers product development teams to 'close the 'Intent to Action Gap' and move orgs from a state of 'Agile Firefighting' to 'Responsible Firekeeping'
• Why Agile is an insufficient process for embedding ethics into software and product development; and how you can turn to Elemental Ethics and Responsible Firekeeping to embed 'Ethics-by-Design' into your Agile workflows
• The definition of 'Responsible Firekeeping' and its benefits; and how Ethical Firekeeping transitions Agile teams from a reactive posture to a proactive one
• Why you should choose Elemental Ethics over conventional ethics frameworks
• Tethix's suite of apps called ETHOS: The Ethical Tension and Health Operating System apps, which help teams embed ethics into their collaboration tech stack (e.g., JIRA, Slack, Figma, Zoom, etc.)
• How you can become a Responsible Firekeeper
• The level of effort required to implement Elemental Ethics & Responsible Firekeeping into Product Development based on org size and level of maturity
• Alja's contribution to the ResponsibleTech.Work, an open source Responsible Product Development Framework, core elements of the Framework, and why we need it
• Where to learn more about Responsible Firekeeping

RESOURCES MENTIONED:

• Read: "Day in the Life of a Responsible Firekeeper"
• Review the ResponsibleTech.Work Framework
• Subscribe to the Pathfinders Newmoonsletter

GUEST INFO:

• Connect with Mat on LinkedIn
• Connect with Alja on LinkedIn
• Check out Tethix’s Website 

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Topics Covered:

• How Isabel became interested in privacy engineering, data protection, privacy by design, threat modeling, and trustworthy AI
• How companies are thinking (or not) about incorporating privacy-by-design strategies & tactics and privacy engineering approaches within their orgs today
• What steps can be taken so companies start investing in privacy engineering approaches; and whether AI has become a driver for such approaches.
• Background on Isabel’s company, Rhite, and its mission to build responsible solutions for society and its individuals using a technical mindset. 
• What “Responsible & Trustworthy AI” means to Isabel 
• The 5 core values that make up the acronym, R-H-I-T-E, and why they’re important for designing and building products & services.
• Isabel's advice for organizations as they approach AI risk assessments, analysis, & remediation 
• The steps orgs can take in order to  build responsible AI products & services
• What Isabel hopes to accomplish through Rhite's new framework: SARAI® (for AI maturity), an open source AI Self-Assessment Tool and Framework, and an extension the Privacy Library Of Threats 4 Artificial Intelligence (PLOT4ai) Framework (i.e., a library of AI risks)
• What motivated Isabel to focus on threat modeling for privacy
• How PLOT4ai builds on LINDDUN (which focuses on software development) and extends threat modeling to the AI lifecycle stages: Design, Input, Modeling, & Output
• How Isabel’s experience with the LINDDUN Go card game inspired her to develop of a PLOT4ai card game to make it more accessible to teams.
• Isabel calls for collaborators to contribute to the PLOT4ai open source database of AI threats as the community grows.

Resources Mentioned:

• Privacy Library Of Threats 4 Artificial Intelligence (PLOT4ai)
• PLOT4ai's Github Threat Repository
• "Threat Modeling Generative AI Systems with PLOT4ai” 
•  Self-Assessment for Responsible AI (SARAI®)
• LINDDUN Privacy Threat Model Framework
• "S2E19: Privacy Threat Modeling - Mitigating Privacy Threats in Software with Kim Wuyts (KU Leuven)”
• "Data Privacy: a runbook for engineers"

Guest Info:

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Topics Covered:

• How Vee moved from Product Manager to Co-Founding Privado, and why he focused on bringing Privacy Code Scanning to market.
• What it means to "Bridge the Privacy Engineering Gap" and 3 reasons why Vee believes the gap exists.
• How engineers can provide visibility into personal data collected and used by applications via Privacy Code Scans.
• Why engineering teams should 'shift privacy left' into DevOps.
• How a Privacy Code Scanner differs from traditional static code analysis tools in security.
• How Privado's Privacy Code Scanning & Data Mapping capabilities (for the SDLC) differ from personal data discovery, correlation, & data mapping tools (for the data lifecycle).
• How Privacy Code Scanning helps engineering teams comply with new laws like Washington State's 'My Health My Data Act.'
• A breakdown of  Privado’s FREE "Technical Privacy Masterclass."
• Exciting features on Privado’s roadmap, which support its vision to be the platform for collaboration between privacy operations & engineering teams.
• Privacy engineering  trends and Vee’s predictions for the next two years. 

Privado Resources Mentioned:

• Free Course: "Technical Privacy Masterclass" (led by Nishant Bhajaria)
• Guide: Introduction to Privacy Code Scanning
• Guide: Code Scanning Approach to Data Mapping
• Slack: Privado's Privacy Engineering Community
• Open Source Tool: Play Store Data Safety Report Builder

Guest Info:

• Connect with Vee on LinkedIn
• Check out Privado's website

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

• How Rebecca switched from software development to a focus on privacy & adversarial privacy testing
• What motivated Debra to shift left from her legal training to privacy engineering
• What 'adversarial privacy tests' are; why they're important; and how they differ from other software development tests
• Defining 'Privacy Red Teams' (a type of adversarial privacy test) & what differentiates them from 'Security Red Teams'
• Why Privacy Red Teams are best for orgs with mature privacy programs
• The 3 steps for conducting a Privacy Red Team attack
• How a Red Team differs from other privacy tests like conducting a vulnerability analysis or managing a bug bounty program
• How 23andme's recent data leak, affecting 1 mil Ashkanazi Jews, may have been avoided via Privacy Red Team testing
• How BigTech companies are staffing up their Privacy Red Teams
• Frugal ways for small and mid-sized organizations to approach adversarial privacy testing
• The future of Privacy Red Teaming and whether we should upskill security engineers or train privacy engineers on adversarial testing
• Advice for Engineer Managers who seek to set up a Privacy Red Team for the first time
• Rebecca's Red Teaming resources for the audience

Resources Mentioned:

• Listen to: "S1E7: Privacy Engineers: The Next Generation" with Lorrie Cranor (CMU)
• Review Rebecca's Red Teaming Resources 

Guest Info:

• Connect with Rebecca on LinkedIn
• Visit Balebako Privacy Engineer's website

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Topics Covered:

• How Steve’s deep engineering background in aerospace, retail, telecom, and then a short stint at Meta, led him to found Epistimis 
• Why its been hard for companies to get privacy right at scale
• How Epistimis leverages 'semantic modeling' for rule checking and how this helps to scale privacy as part of an ontological approach
• The definition of a Privacy Ontology and Steve's belief that all should use one for common understanding at all levels of the business
• Advice for designers, architects, and developers when it comes to creating and implementing privacy ontology, taxonomies & semantic models
• How to make a Privacy Ontology usable
• How Epistimis' process design tooling work with discovery and mapping platforms like BigID & Secuvy.ai
• How Epistimis' process design tooling work along with a platform like Privado.ai, which scans a company's product code and then surfaces privacy risks in the code and detects processing activities for creating dynamic data maps
• How Epistimis' process design tooling works with PrivacyCode, which has a library of privacy objects, agile privacy implementations (e.g., success criteria & sample code), and delivers metrics on the privacy engineering process is going
• Steve calls for collaborators who are interested in POCs and/or who can provide feedback on Epistimis' PbD processing tooling
• Steve describes what's next on the Epistimis roadmap, including wargaming

Resources Mentioned:

• Read Dan Solove's article, "Data is What Data Does: Regulating Based on Harm and Risk Instead of Sensitive Data"

Guest Info:

• Connect with Steve on LinkedIn
• Reach out to Steve via Email
• Learn more about Epistimis

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

• Shashank describes his origin story, how he became interested in security, privacy, & AI while working on Wall Street; & what motivated him to found Uno
• The benefits to using "temporal knowledge graphs," and how knowledge graphs are used with LLMs to create a "causal discovery inference model" to prevent privacy problems
• The explosive growth of Generative AI, it's impact on the privacy and confidentiality of sensitive and personal data, & why a rushed approach could result in mistakes and societal harm  
• Architectural privacy and security considerations for: 1) leveraging  Generative AI, and those to avoid certain mechanisms at all costs; 2) verifying, assuring, & testing against "trustful data" rather than "derived data;" and 3) thwarting common Generative AI attack vectors
• Shashank's predictions for Enterprise adoption of Generative AI over the next several years
• Shashank's thoughts on proposed and future AI-related legislation may affect the Generative AI market overall and Enterprise adoption more specifically
• Shashank's thoughts on the development of AI standards across tech stacks
  
  

Resources Mentioned:

• Check out episode S2E29: Synthetic Data in AI: Challenges, Techniques & Use Cases with Andrew Clark and Sid Mangalik (Monitaur.ai)

Guest Info:

• Connect with Shashank on LinkedIn
• Learn more about Uno.ai

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

• What inspired Andrew to found Monitaur and focus on AI governance
• Sid’s career path and his current PhD focus on NLP
• What motivated Andrew & Sid to launch their podcast, The AI Fundamentalists
• Defining 'synthetic data' & why academia takes a more rigorous approach to synthetic data than industry
• Whether the output of LLMs are synthetic data & the problem with training LLM base models with this data
• The best and worst 'synthetic data' use cases for ML/AI
• Why the 'quality' of input data is so important when training AI models 
• Thoughts on OpenAI's announcement that it will use LLM-generated synthetic data; and critique of OpenAI's approach, the AI hype machine, and the problems with 'growth hacking' corner-cutting
• The importance of diversity when training AI models; using 'multi-objective modeling' for building fair & performant systems
• Andrew unpacks the "fairness through unawareness fallacy"
• How 'randomized data' differs from 'synthetic data'
• 4 techniques for using synthetic data with ML/AI: 1) the Monte Carlo method; 2) Latin hypercube sampling; 3) gaussian copulas; & 4) random walking
• What excites Andrew & Sid about synthetic data and how it will be used with AI in the future

Resources Mentioned:

• Check out Podchaser 
• Listen to The AI Fundamentalists Podcast
• Check out Monitaur

Guest Info:

• Follow Andrew on LinkedIn
• Follow Sid on LinkedIn

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

• How Jutta’s unique transition from security engineering landed her in the privacy engineering space. 
• A comparison of privacy cultures across Google, Facebook, Twitter (now 'X'), and Reddit based on her privacy engineering experiences there.
• Two open Privacy Engineering roles at Reddit, and Jutta's advice for those wanting to transition from security engineering to privacy engineering.
• Whether Privacy Pros will be responsible for owning new regulatory obligations under the EU's Digital Services Act (DSA) & the Digital Markets Act (DMA); and the role of the Privacy Engineer when overlapping with Responsible AI issues
• Humane Intelligence,  Jutta's 'side quest,' which she co-leads with Dr. Rumman Chowdhury, and supports AI model owners seeking 'Product Readiness Reviews' at scale.
• When, during the product development life cycle, companies should perform 'AI Readiness Reviews'
• How to de-biased at scale or whether attempting to do so is 'chasing windmills'
• Who should be hunting for biases in an AI Bias Bounty challenge
• DEF CON 31's AI Village's 'Generative AI Red Teaming Challenge,' which was a bias bounty that she co-designed; lessons learned; and what Jutta & team have planned for DEF CON 32 next year
• Why it's so important for people to 'love their side quests'

Resources Mentioned:

• DEF CON Generative Red Team Challenge
• Humane Intelligence
• Bias Buccaneers Challenge

Guest Info:

• Connect with Jutta on LinkedIn

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Together, they share their privacy decision-making classification scheme and research across two dimensions: (1) the type of privacy decisions: privacy permissions, privacy preference settings, consent to processing, or rejection to processing; and (2) the level of decision automation: manual, semi-automated, or fully-automated. Each type of privacy decision plays a critical role in users' ability to control the disclosure and processing of their personal data. They emphasize the significance of tailored recommendations to help users make informed decisions and discuss the potential of on-the-fly privacy decisions. We wrap up with organizations' approaches to achieving usable and transparent privacy across various technologies, including web, mobile, and IoT. 

Topics Covered:

• Why Simone & Victor focused their research on automating privacy decisions 
• How GDPR & ePrivacy have shaped requirements for privacy automation tools
• The 'types' privacy decisions & associated 'levels of automation': privacy permissions, privacy preference settings, consent to processing, & rejection to processing
• The 'levels of automation' for each privacy decision type: manual, semi-automated & fully-automated; and the pros / cons of automating each privacy decision type
• Preferences & concerns regarding IoT Trigger Action Platforms
• Why the only privacy decisions that you should 'fully automate' are the rejection of processing: i.e., revoking consent or opting out
• Best practices for achieving informed control
• Automation challenges across web, mobile, & IoT
• Mozilla's automated cookie banner management & why it's problematic (i.e., unlawful)

Resources Mentioned:

• "Automating Privacy Decisions – where to draw the line?"
• CyberSecIT at Chalmers University of Technology
• "Tapping into Privacy: A Study of User Preferences and Concerns on Trigger-Action Platforms"
• Consent O Matic browser extension

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

1. the hallucination problem; 
2. the deliberation problem; 
3. the sleazy salesperson problem; & 
4. the problem of shared responsibility

Topics Covered:

• What motivated Reid to write his book, "Ethical Machines"
• The key differences between 'active privacy' & 'passive privacy'
• Why engineering incentives to collect more data to train AI models, especially in big tech, poses challenges to data minimization
• The importance of aligning privacy agendas with business priorities
• Why what companies infer about people can be a privacy violation; what engineers should know about 'input privacy' when training AI models; and, how that effects the output of inferred data
• Automated decision making: when it's necessary to have a 'human in the loop'
• Approaches for mitigating 'AI ethics fatigue'
• The need to backup a company's stated 'values' with actions; and why there should always be 3 - 7 guardrails put in place for each stated value
• The differences between 'Responsible AI' & 'Ethical AI,' and why companies seem reluctant to talk about ethics
• Reid's article, "Generative AI-xiety," & the 4 main risks related to generative AI
• Reid's advice for technical staff building products & services that leverage LLM's

Resources Mentioned:

• Read the book, "Ethical Machines"
• Reid's podcast, Ethical Machines

Guest Info:

• Follow Reid on LinkedIn

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Topics Covered:

• Common roadblocks privacy engineers face with anonymization techniques & how to overcome them
• How to get budgets for anonymization tools; challenges with scaling & regulatory requirements & how to overcome them
• What it means to be a 'Privacy Engineer' today; good career paths; and necessary skill sets
• How third-party data deletion tools can be integrated into a company's distributed architecture
• What Privacy Engineers should understand about vendor privacy requirements for LLMs before bringing them into their orgs
• The need to monitor code changes in data or source code via code scanning; how HERE Technologies uses Privado to monitor the compliance of its products & data lineage; and how Privado detects new assets added to your inventory & any new API endpoints
• Advice on how to deal with conflicts between engineering, legal & operations teams and hon how to get privacy issues fixed within an org
• Strategies for addressing privacy issues within orgs, including collaboration, transparency, and continuous refinement

Resources Mentioned:

• IAPP Defining Privacy Engineering Infographic
• EU AI Act
• Ethics Guidelines for Trustworthy AI
• Privacy Engineering Superheroes
• FTC Investigates OpenAI over Data Leak and ChatGPT’s Inaccuracy

Guest Info:

• Follow Engin
• Follow Stefano

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Topics Covered:

• Elias's courses at TU Berlin: "Programming Practical Privacy: Web-based Application Engineering & Data Management" & "Advanced Distributed Systems Prototyping: Cloud-native Privacy Engineering"
• Elias' 2022 paper, "Cloud Native Privacy Engineering through DevPrivOps" - his approach, findings, and framework
• The Shared Responsibilities Model for cloud and how to improve it to account for privacy goals
• Defining DevPrivOps & how it works with agile development
• How DevPrivOps can enable formal privacy-by-design (PbD) & default strategies
• Elias' June 2023 paper, "Hawk: DevOps-Driven Transparency & Accountability in Cloud Native Systems," which helps data controllers align cloud-native DevOps with regulatory requirements for transparency & accountability
• Engineering challenges when trying to determine the details of personal data processing when responding to access & deletion requests
• A deep-dive into the Hawk 3-phase approach for implementing privacy into each DevOps phase: Hawk Release; Hawk Operate; & Hawk Monitor
• How open sourced project, TOUCAN, is documenting conceptual best practices for corresponding phases in the SDLC, and a call for collaboration
• How privacy engineers can convince their management to adopt a DevPrivOps approach

Read Elias' papers, talks, & projects:

• Cloud Native Privacy Engineering through DevPrivOps
• Hawk: DevOps-driven Transparency and Accountability in Cloud Native Systems 
• CPDP Talk: Privacy Engineering for Transparency & Accountability 
• TILT: A GDPR-Aligned Transparency Information Language & Toolkit for Practical Privacy Engineering
• TOUCAN 

Guest Info:

• Connect with Elias on LinkedIn
• Contact Elias at TU Berlin

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

In this conversation, we discuss the current market climate & hiring trends for technical privacy roles; the need for higher technical capabilities across the industry;  pay ranges within different technical privacy roles; and George’s tips and tools for applicants interested in, entering, and/or transitioning into the privacy industry. 

Topics Covered:

• Whether the hiring trends are picking back up for technical privacy roles
• The three 'Privacy Engineering' roles that companies seek to hire for and core competencies: Privacy Engineer, Privacy Software Engineer, & Privacy Research Engineer
• The demand for 'Privacy Architects'
• IAPP's new Privacy Engineering infographic & if it maps with how companies approach hiring 
• Overall hiring trends for privacy engineers & technical privacy roles
• Advice technologists who want to grow into Privacy Engineer, Researcher, or Architect roles
• Capabilities that companies need or want in candidates that they can't seem to find; & whether there are roles that are harder to fill because of a lack of candidates & skill sets
• Whether a PhD is necessary to become a 'Privacy Research Engineer'
• Typical pay ranges across technical privacy roles: Privacy Engineer, Privacy Software Engineer, Privacy Researcher, Privacy Architect
• Differences in pay for a Privacy Engineering Manager vs an Independent Contributor (IC) and the web apps for crowd-sourced info about roles & salary ranges
• Whether companies seek to fill entry level positions for technical privacy roles
• How privacy technologists can stay up-to-date on hiring trends

Resources Mentioned:

• Check out episode S2E11: Lessons Learned as a Privacy Engineering Manager with Menotti Minutillo (ex-Twitter & Uber)
• IAPP Defining Privacy Engineering Infographic 
• Check out Blind and Levels for compensation benchmarking

Guest Info:

• Connect with George on LinkedIn
• Reach out to Stott & May for your privacy recruiting needs

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

• What motivated Sanjay to found companies that bring trusted systems to market and why he founded Privaini  to  focus on continuous privacy risk monitoring
• How to quantitatively analyze & monitor privacy risk throughout an entire 'business network' and what Sanjay means by 'business network'
• Which stakeholders benefit from using the Privaini platform
• The benefits to calculating a "quantified privacy risk score" for each company in your business network to effectively monitor privacy risk
• How Privaini leverages AI to discover external data about companies' privacy posture and why it must be used in a responsible and deliberate way
• Why effective privacy risk monitoring of a company's business network requires an “outside-in” approach
• The importance of continuous monitoring & the benefits to using an 'outside-in' approach
• What it takes to set up an enterprise's network with Privaini for full coverage of external privacy risks
• The recent Criteo fines and how Privaini could have helped Criteo surface privacy risks about its vendors
• Why Sanjay believes learning about the “right side” of the equation is necessary in order to "shift privacy left."

Guest Info:

• Connect with Sanjay on LinkedIn
• Learn more about Privaini

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

In this conversation, we discuss chapters within Tom’s new book, Containing Big Tech: How to Protect Our CIVIL RIGHTS, ECONOMY, and DEMOCRACY; how big tech is using AI to feed into the attention economy; what should go into a U.S. federal privacy law and how it should be enforced; and a comprehensive look at some of Tom’s privacy tech investments. 

Topics Covered:

• Tom's new book - Containing Big Tech: How to Protect Our Civil Rights, Economy and Democracy
• How and why Tom’s book is centered around data collection, artificial intelligence, and competition. 
• U.S. state privacy legislation that Tom helped get passed & what he's working on now, including: CPRA, the California Delete Act, & Texas Data Broker Registry
• Whether there will ever be a U.S. federal, omnibus privacy law; what should be included in it; and how it should be enforced
• Tom's work as a privacy tech and security tech Seed Investor with Kemp Au Ventures and what inspires him to invest in a startup or not
• What inspired Tom to invest in PrivacyCode, Secuvy & Privaini 
• Why having a team and market size is something Tom looks for when investing. 
• The importance of designing for privacy from a 'user-interface perspective' so that it’s consumer friendly
• How consumers looking to trust companies are driving a shift left movement
• Tom's advice for how companies can better shift left in their orgs & within their business networks

Resources Mentioned:

• The California Consumer Privacy Act (amended by the CPRA)
• The California Delete Act

Guest Info:

• Follow Tom on LinkedIn
• Kemp Au Ventures
• Pre-order Containing Big Tech: How to Protect Our CIVIL RIGHTS, ECONOMY, and DEMOCRACY 

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

In this conversation, we delve into current risks to location privacy; how precise location data really is; how humans can have more control over their data; and what organizations can do to protect humans’ data privacy. 

For access to a dataset of data resources and privacy podcasts, check out Jeff’s robust database — the Shifting Privacy Left podcast was recently added.

Topics Covered:

• Jeff’s approach to creating privacy data sets and what “gaining insight into the privacy landscape” means.
• How law enforcement can be a threat actor to someone’s privacy, using the example of Texas' abortion law
• Whether data brokers are getting exact location information or are inferring someone’s location.
• Why geolocation brokers had not considered themselves data brokers.
• Why anonymization is insufficient for location privacy. 
• How 'consent theater' coupled with location leakage is an existential threat to our privacy.
• How people can protect themselves from having data collected and sold by data and location brokers.
• Why apps permissions should be more specific when notifying users about personal data collection and use. 
• How Apple and Android devices treat Mobile Ad ID (MAID) differently and how that affects your historical location data.
• How companies can protect data by using broader geolocation information instead of precise geolocation information. 
• More information about Jeff's LinkedIn Live show, Your Bytes = Your Rights.

Resources Mentioned:

• Avantis Privacy
• Privacy Plan
• Threat modeling episode with Kim Wuyts
• "Your Bytes = Your Rights" LinkedIn Live
• The California Delete Act
• Privacy Podcast Database
• Containing Big Tech 

Guest Info:

• Follow Jeff on LinkedIn

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Topics Covered:

• Kim's career journey & why she moved into threat modeling.
• The definition of 'threat modeling,' who should threat model, and what's included in her "Threat Modeling Manifesto."
• The connection between threat modeling & a 'shift left' mindset / strategy.
• Design patterns that benefit threat modeling & anti-patterns that inhibit.
• Benefits to using the LINDDUN Privacy Threat Modeling framework for mitigating privacy threats in software, including the 7 'privacy threat types,' associated 'privacy threat trees,' and examples.
• How "privacy threat trees' refine each threat type into concrete threat characteristics, examples, criteria & impact info.
• Benefits & differences between LINDDUN GO and LINDDUN PRO.
• How orgs can combine threat modeling approaches with PETs to address privacy risk.
• Kim's work as Program Chair for the International Workshop on Privacy Engineering (IWPE), highlighting some anticipated talks.
• The overlap of privacy & AI threats, and Kim's recommendation of The Privacy Library of Threats 4 AI ("PLOT4AI") Threat Modeling Card Deck
• Recommended resources for privacy threat modeling, privacy engineering & PETs.
• How the LINDDUN model & methodologies have been adopted by global orgs.
• How to bridge the gap between the academic & commercial world to advance & deploy PETs.
  
  

Resources Mentioned:

• The Threat Modeling Manifesto
• LINDDUN Privacy Threat Model  
• STRIDE threat model
• Threat Modeling Connect Community
• Elevation of Privilege card game
• Plot4AI (privacy & AI threat modeling) card deck
• International Workshop on Privacy Engineering (IWPE)

Guest Info:

• Follow Kim on LinkedIn

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Contacts have always been the “junk drawer” of digital data, where people have information that they want to keep up-to-date, but are rarely able to based on current technology. The vCard standard is outdated, but is the only standard that works across iOS, Android, and Microsoft. It is still the most commonly used contact format, but lacks any capacity for updating contacts. Once someone exchanges their contact information with you, it then falls on you to keep that up-to-date. This is why Brad created Neucards: to gain the benefits of sharing information easily, privately (with E2EE) and receiving updates across all platforms.

Topics Covered:

• Why it is difficult to keep our digital contacts up-to-date across devices and platforms.
• Brad describes his career journey that inspired him to invent Neucards; the problems Neucards solves for; and why this became his passion project for over a decade
• Why companies haven’t innovated more in the digital contacts space
• The 3 main features that make Neucards different from other contact apps
• How Neucards enables you to share digital contacts data easily & securely
• Neucards' privacy by design and default approach to sharing and updating digital contacts
• How you can use NFC tap tags with Neucards to make the process of sharing digital contacts much easier
• Whether Neucards can solve the "New phone, who dis?" problem
• Whether we will see an update to the vCard standard or new standards for digital contacts
• Neucards' roadmap, including a 'mask communications' feature
• The importance of language; the difference between 'privacy-preserving' vs. 'privacy-enabling' architectural approaches

Resources Mentioned:

• Learn about Neucards
• Download the Neucards iOS app

Guest Info:

• Follow Brad on LinkedIn

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Tumult Labs’ platform makes differential privacy useful by making it easy to create innovative privacy and enabling data products that can be safely shared and used widely. In this conversation, we focus our discussion on Differential Privacy techniques, including what’s next in its evolution, common vulnerabilities, and how to implement differential privacy into your platform.

When it comes to protecting personal data, Tumult Labs has three stages in their approach. These are Assess, Design, and Deploy. Damien takes us on a deep dive into each with use cases provided.

Topics Covered:

• Why there's such a gap between the academia and the corporate world
• How differential privacy's strong privacy guarantees are a result of strong assumptions; and why the biggest blockers to DP deployments have been eduction & usability
• When to use "local" vs "central" differential privacy techniques
• Advancements in technology that enable the private collection of data
• Tumult Labs' Assessment approach to deploying differential privacy, where a customer defines its 'data publication' problem or question
• How the Tumult Analytics platform can help you build different privacy algorithms that satisfies 'fitness for use' requirements
• Why using gold standard techniques like differential privacy to safely release, publish, or share data has value far beyond compliance
• How data scientists can make the analysis & design more robust to better preserve privacy; and the tradeoff between utility on very specific tasks & number of tasks that you can possibly answer
• Damien's work assisting the IRS & DOE deploy differential privacy to safely publish and share data publicly via the College Scorecards project
• How to address security vulnerabilities (i.e. potential attacks) to differentially private datasets
• Where you can learn more about differential privacy
• How Damien sees this space evolving over the next several years

Resources Mentioned:

• Join the Tumult Labs Slack
• Learn about Tumult Labs

Guest Info:

• Connect with Damien on LinkedIn
• Learn more on Damien’s website
• Follow 'Ted' on Twitter

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Topics Covered:

• Melanie's career journey and how she leveraged her experience in shark science to help executives get over their initial fears of the unknown in security & privacy
• How Melanie guides and supports technical teams at Discernible on effective communications
• How to prevent 'Privacy Outrage'
• The value of preventing privacy snafus rather than focusing only on crisis comms
• How companies can use technical communication strategies & tactics to earn trust with the public
• The problem with incentives - why most social media metrics have been bullshit for far too long
• Why Melanie decided to leave big tech to start Discernible
• Insight into the 7 Arthur W. Page Society Principles, a 'code of ethics' for communications professionals
• What makes for a good PR story that the media would want to cover
• Why press releases are mostly ineffective except for announcing funding raises
• The importance of educating the community for which you're building
• Melanie's advice to Elon Musk, who does not invest in a comms team
• What OpenAI could have done differently, and whether their go-to-market strategy was effective
• The importance of elevating Compliance teams to Business Advisors in the eyes of stakeholders

Resources Mentioned:

• Subscribe to the Discernible newsletter
• Discover Github's ReadMe Newsletter
• Learn about the Arthur W. Page Principles

Guest Info:

• Follow Melanie on LinkedIn
• Follow Melanie on Mastodon

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

His long-term research vision is to create an environment where users can reap the benefits of technology without losing their privacy by enabling preemptive privacy protections and establishing 'checks & balances' on the Internet. In this discussion, we discuss his previous and current research with a goal of empowering people to protect their privacy on the Internet. 

Topics Covered:

• Why Umar focused his research on transparency
• Umar's research relating to transparency, data collection & use, with a focus on Amazon's smart speaker & metadata privacy and potential EU regulatory enforcement
• His transparency-related work related to browsers & API's, and the growing problem of using fingerprinting techniques to track people without consent
• How Umar plans to bring control to individuals by restricting online privacy-invasive data collections
• How he used a ML technique to detect browser fingerprinting scripts based on their functionality
• Umar's research to determine the prevalence of online tracking & measure how effective currently-available tracker detection tools are 
• His research on early detection of emerging privacy threats (e.g., 'browser fingerprinting' & 'navigational tracking', etc.) and his investigation of privacy issues related to IoT (e.g., smart speakers & health & fitness bands that analyze people's voices)
• How we can ensure strong privacy guarantees and make a more accountable Internet
• Why regulations need technological support to be effective for enforcement
• Umar's advice to developers / hackers looking for 'privacy bugs' via dynamic code analysis and a discussion of the future of 'privacy bug bounties'

Resources Mentioned:

• Read Umar's papers: Google Scholar Citations

Guest Info:

• Learn about Umar on his website
• Connect with Umar on LinkedIn
• Follow Umar on Twitter

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Suchakra aligns himself with the philosophical aspects of privacy and wishes to work on anything that helps in limiting the erosion of privacy in modern society, since privacy is fundamental to all of us. These kinds of needs have always been here, and as societies have advanced, this is a time when we require more guarantees of privacy. After all, it is humans that are behind systems and it is humans that are going to be affected by the machines that we build. Check out this fascinating discussion on how to shift privacy left in your organization.

Topics Covered:

• Why Suchakra was interested in privacy after focusing on static code analysis for security
• What 'shift left' means and lessons learned from the 'shift security left' movement that can be applied to 'shift privacy left' efforts
• Sociological perspectives on how humans developed a need for keeping things 'private' from others
• How to provide engineering-focused guarantees around privacy today & what the role should be of engineers within this 'shift privacy left' paradigm
• Suchakra's USENIX Enigma talk & discussion of 'taint tracking' & 'data flow analysis' techniques
• Which companies should build in-house tooling for static analysis, and which should be outsourcing to experienced vendors like Privado
• How to address 'privacy bugs' in code; why it's important to have an 'auditor's mindset;' &, why we'll see 'Privacy Bug Bounty Programs' soon
• Suchakra's advice to engineering managers to move the needle on privacy in their orgs

Resources Mentioned:

• Join Privado's Slack Community
• Review Privado's Open Source Code Scanning Tools

Guest Info:

• Connect with Suchakra on LinkedIn

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

He's successfully led teams that are developing, transitioning, and applying first-in-the-world technology capabilities for both the Department of Defense as well as for commercial use. Kurt specializes in generating, developing, and commercializing innovative secure computing technologies with a focus on privacy and AI/ML at scale. In this episode, we discuss use cases for leveraging Fully Homomorphic Encryption (FHE) and other PETs.

In a previous episode, we spoke about federated learning; and in this episode, we learn how to achieve secure federated learning using fully homomorphic encryption (FHE) techniques.

Kurt has been focused on and supported homomorphic encryption since it was first discovered, including his involvement in one of the seminal projects, funded by DARPA, where he ran an implementation team, called PROCEED.

FHE, as opposed to other kinds of privacy technologies, is more general and malleable. As each organization has different needs when it comes to data collaboration, Duality Technologies offers three separate models for collaboration, which enable organizations to secure sensitive data while still allowing different types of sharing.

Topics Covered:

• How companies can gain utility from a dataset while protecting the privacy of individuals or entities
• How FHEs help with fraud prevention, How FHEs help with fraud prevention, secure investigations, real-world evidence & genome-wide association studies
• Use cases for the three collaboration models Duality offers: Single Data Set, Horizontal Data Analysis, and Vertical Data Analysis
• Comparison & trade-offs involved between federated learning and homomorphic encryption
• Proliferation of FHE Standards
• OpenFHE.org, the leading open source library for implementations of fully homomorphic encryption protocols

Resources Mentioned:

• Review the OpenFHE encryption software library
• Learn about Duality

Guest Info:

• Connect with Kurt on LinkedIn

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Katharine believes that we should never fall victim to a 'techno-solutionist' mindset where we believe that we can solve a deep societal problem simply with tech alone. However, by solving issues around privacy & consent with data collection, we can more easily address the challenges with ethical ML.  In fact, ML research is finally beginning to broaden and include the intersections of law, privacy, and ethics. Katharine anticipates that data scientists will embrace PETs that facilitate data sharing in a privacy-preserving way; and, she evangelizes the un-normalization of sending ML data from one company to another. 

Topics Covered:

• Katharine's motivation for writing a book on privacy for a data scientist audience and what she hopes readers will learn from it
• What areas must be addressed for ML to be considered ethical
• Overlapping AI/ML & Privacy goals
• Challenges with sharing data for analytics
• The need for data scientists to embrace PETs
• How PETs will likely mature across orgs over the next 2 years
• Katharine's & Debra's favorite PETs
• The importance of threat modeling ML models: discussing 'adversarial attacks' like 'model inversion' & 'membership inference' attacks
• Why companies that train LLMs must be accountable for the safety of their models
• New ethical approaches to data sharing
• Why scraping data off the Internet to train models is the harder, lazier, unethical way to train ML models

Resources Mentioned:

• Pre-order the forthcoming book: "Practical Data Privacy"
• Subscribe to Katharine’s newsletter: Probably Private

Guest Info:

• Follow Katharine on LinkedIn
• Follow Katharine on Twitter

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Menotti sees privacy engineering as the practice of building or improving info systems to advance a set of privacy goals. It's like a 'layer cake' in that you have different protections and risk reductions based on threat modeling, as well as different specialization capabilities for larger orgs.

It makes a lot of sense that he's held weaving roles from company to company. His journey into privacy engineering was originally 'adjacent work' and today, he shares lessons learned from taking a PET like differential privacy from the lab to systematizing it into an organization to deploying it in the real-world. In this episode, we delve into tools, technical processes, technical standards, the maturing landscape for privacy engineers, and how the success of privacy is coupled with the success of each product shipped.

Topics Covered:

• How Menotti found his way to managing privacy engineering teams
• Menotti's definition of 'privacy engineer' & the skillsets required
• What it was like to work at Uber & Twitter, which have multiple privacy engineering teams
• Best practices for setting up teams & deploying solutions
• Privacy outcomes that privacy engineers should keep top of mind
• Best practices for privacy architecture
• Menotti positive experience while at Uber working with Privacy Researchers from UC Berkeley to take differential privacy from the lab to a real-world deployment
• Lessons learned from times of transition, including while at Twitter during Musk's takeover 
• Whether privacy was a 'zero interest rate bet,' and what that means for privacy engineering roles given current economic realities

Resources Mentioned:

• Check out the PEPR conference
• Read 'Was Privacy a Zero Interest Rate Bet?'

Guest Info:

• Follow Menotti on LinkedIn
• Connect with Menotti on Mastadon

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Lipika’s interest in both machine learning and privacy comes from her love of math and things that can be defined with equations. Her interest was piqued in grad school and accidentally walked into a classroom holding a lecture on Applying Differential Privacy for Data Science. The intersection of data combined with the privacy guarantees that we have available today has kept her hooked ever since.

---------
Thank you to our sponsor, Privado, the developer-friendly privacy platform
---------

There's a lot to unpack when it comes to synthetic data & privacy guarantees, as she takes listeners on a deep dive of these compelling topics. Lipika finds elegant how privacy assurances like differential privacy revolve around math and statistics at their core. Essentially, she loves building things with 'usable privacy' & security that people can easily use. We also delve into the metrics tracked in the Gretel Synthetic Data Report, which assesses both 'statistical integrity' & 'privacy levels' of a customer's training data.

Topics Covered:

• The definition of 'synthetic data,' & good use cases
• The process of creating synthetic data
• How to ensure that synthetic data is 'privacy-preserving'
• Privacy problems that may arise from overtraining ML models
• When to use synthetic data rather than other techniques like tokenization, anonymization, aggregation & others
• Examples of good use cases vs poor use cases for using synthetic data
• Common misperceptions around synthetic data
• Gretel.ai's approach to 'privacy assurance,' including a focus on 'privacy filters,' which prevent some privacy harms outputted by LLMs
• How to plug into the 'synthetic data' community
• Who bears the responsibility for educating the public about new technology like LLMs and potential harms
• Highlights from Gretel.ai's Synthesize 2023 conference

Resources Mentioned:

• Join Gretel's Synthetic Data Community on Discord
• Watch Talks on Synthetic Data on YouTube

Guest Info:

• Connect with Lipika on LinkedIn

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Prof. Kapadia has been excited by anonymized networks since childhood. He has memories of watching movies where a telephone call was being routed around the world so that it became impossible to trace. What really fascinates him now is how much there is to understand mathematically and technically in order to measure that amount of privacy. In more recent years, he has been interested in privacy in the context of digital photography and audio shared online and on social media. His current research is focused on understanding privacy issues around photo sharing in a world with cameras everywhere.

In this conversation, we delve into how users are affected once privacy violations have already occurred, the implications of privacy of children when it comes to parents sharing photos of them online, the fascinating future of trusted hardware that will help ensure "digital forgetting," and how all of this is a people problem as much as it is a technical problem.

Topics Covered:

• Can we trick 'automated speech recognition' (ASR)?
• Apu's co-authored paper: 'Defending Against Microphone-based Attacks with Personalized Noise'
• What Apu means by 'tangible privacy' & what design approaches he recommends
• Apu's view on 'bystander privacy' & the approach that he took in his research
• How to leverage 'temporal redactions' via 'trusted hardware' for 'digital forgetting'
• Apu’s surprising finding in his research on "interpersonal privacy" in the context of social media and photos
• Guidance for developers building privacy-respective social media apps
• Apu's research focused on cybersecurity & privacy for marginalized & vulnerable populations
• How we can make privacy & security more 'useable'

Resources Mentioned:

• Read Defending Against Microphone-Based Attacks with Personalized Noise
• Read Decaying Photos for Enhanced Privacy: User Perceptions Towards Temporal Redactions and 'Trusted' Platforms

Guest Info:

• Follow Prof. Kapadia on LinkedIn

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

---------
Thank you to our sponsor, Privado, the developer-friendly privacy platform
---------

Victor views PETs as functional requirements and says they shouldn’t be buried in your design document as nonfunctional obligations. In his work, he has found key gaps where organizations were only doing “security for security’s sake.” Rather, he believes organizations should be thinking about it at the forefront. Not only that, we should all be getting excited about it because we all have a stake in privacy.

With federated learning, you have the tools available to train ML models on large data sets with precision at scale without risking user privacy. In this conversation, Victor demystifies what federated learning is, describes the 2 different types: at the edge and across data silos, and explains how it works and how it compares to traditional machine learning.We deep dive into how an organization knows when to use federated learning, with specific advice for developers and data scientists as they implement it into their organizations.

Topics Covered:

• What 'federated learning' is and how it compares to traditional machine learning
• When an organization should use vertical federated learning vs horizontal federated learning, or instead a hybrid version
• A key challenge in 'transfer learning': knowing whether two data sets are related to each other and techniques to overcome this, like 'private set intersection'
• How the future of technology will be underpinned by a 'constellation of PETs' 
• The distinction between 'input privacy' vs. 'output privacy'
• Different kinds of federated learning with use case examples
• Where the responsibility for adding PETs lies within an organization
• The key barriers to adopting federated learning and other PETs within different industries and use cases
• How to move the needle on data privacy when it comes to legislation and regulation

Resources Mentioned:

• Take this outstanding, free class from OpenMined:  Our Privacy Opportunity

Guest Info:

• Follow Victor on LinkedIn

Follow the SPL Show:

• Follow us on Twitter
• Follow us on LinkedIn
• Check out our website

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

---------
Thank you to our sponsor, Privado, the developer-friendly privacy platform
---------

We discuss how to approach building a privacy-first platform to unlock the value and use of IOT / sensor data. It began with the concept of individual ownership: who should actually benefit from the data that we generate? Markus says it should be individuals themselves.

Prifina boasts a strong community of 30,000 developers who align around common interests - liberty, equality & data - and build and test prototypes that are gathering and utilizing the data working for individuals, as opposed to corporate entities. The aim is to empower individuals, companies & developers to build apps that re-purpose individuals' own sensor data to gain privacy-enabled insights.

---------
Listen to the episode on Apple Podcasts, Spotify, iHeartRadio, or on your favorite podcast platform.
---------

Topics Covered:

• Enabling true, consumer-grade 'data portability' with personal data clouds (a 'bring your own data' approach)
• Use cases to illustrate the problems Prifina is solving with sensors
• What are large language models (LLM) and chatbots trained on them, and why they are so hot right now
• The dangers of using LLMs, with emphasis on privacy harms
• How to benefit from our own data with personal AIs
• Advice to data scientists, researchers and developers regarding how to architect for ethical uses of LLMs
• Who's responsible for educating the public about LLMs, chatbots, and their potential harms & limitations

Resources Mentioned:

• Learn more about Prifina
• Join Prifina's Slack Community: Liberty.Equality.Data

Guest Info:

• Follow Markus on

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Gary describes the 7 Universal Data Use Cases with relatable examples and how they are applicable across orgs and industries, regardless of jurisdiction. We then dive into what Gary is seeing in the market in regard to the use cases. He then reveals the 3 Main Data Use Obstacles to accomplishing these use cases and how to overcome them with "statutory pseudonymization" and "synthetic data."

In this conversation that evaluates how we can do business in a de-risked environment, we discuss why you can't approach privacy with just words - contracts, policies, and treaties; why it's essential to protect data in use;  and how you can embed technical controls that move with data for protection that meets regulatory thresholds while "in use" to unlock additional data use cases. I.e., these effective controls equate to competitive advantage.

Topics Covered:

• Why trust must be updated to be technologically enforced - "privacy left trust"
• The increasing prevalence of data breaches and ransomware attacks and how they have shifted privacy left from optional to mandatory
• 7 Data Use Cases, 3 Data Use Obstacles, and deployable technologies to unlock new data use cases
• How the market is adopting technology for the 7 use cases and trends that Gary is seeing
• What it means to "de-risk" data
• Beneficial uses of "variant twins" technology
• Building privacy in by design, so it increases revenue generation
• "Statutory pseudonymization" and how it will help you reduce data privacy risks while increasing utility and value

Resources Mentioned:

• Learn about Anonos
• Read: "Technical Controls that Protect Data When in Use and Prevent Misuse"

Guest Info:

• Follow Gary on LinkedIn
• Follow Gary on Twitter

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

We start off discussing updates to  Strategic Privacy by Design, now in it's 2nd edition. We chat about the brand new ISO 31700 Privacy by Design for Consumer Goods and Services standard and consensus process and  compare it to the NIST Privacy Framework, IEEE 7002 Standard for Data Privacy, and Jason's work with the Institute of Operational Privacy Design (IOPD) and it's newly-published Design Process Standard v1. 

Jason and I also explore risk tolerance through the lens of privacy using FAIR. There’s a lot of room for subjective interpretation, particularly of non-monetary harm, and Jason provides many thought-provoking examples of how this plays out in our society. We round out our conversation by talking about the challenges of Global Privacy Control (GPC) and what deceptive design strategies to look out for.

Topics Covered:

• Why we should think of privacy beyond "digital privacy"
• What readers can expect from Jason’s book,  Strategic Privacy by Design, and what’s included in the 2nd edition
• IOPD’s B2B third-party privacy audit
• Why you should leverage the FAIR quantitative risk analysis model to define address effective privacy risk management programs
• The NIST Privacy Framework and developments of its Privacy Workforce Working Group
• Dark patterns & why just asking the wrong question can be a privacy harm (interrogation)
• How there are 15 privacy harms & only 1 of them is about security

Resources Mentioned:

• Learn about the ISO 31700 Privacy by Design Standard
• Review the IOPD Design Process Standard v1

Guest Info:

• Follow Jason on LinkedIn
• Follow Enterprivacy Consulting Group on Twitter

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

---------
Thank you to our sponsor, Privado, the developer-friendly privacy platform
---------

Nishant is a great example of a cross-functional, influential agent who has adapted to the ever-growing privacy discipline. He describes himself as an engineer for the attorneys and an attorney for the engineers, which has helped him secure positions at WebMD, Nike, Netflix, and now Uber. 

Nishant shares his advice for career development, both through the lens of how to break into the privacy space and also how to grow within your role. He explains how he’s been able to get board-level understanding about the importance of privacy as a product, not an afterthought. He also highlights takeaways from his book and online courses.

Topics Covered:

• How privacy engineers can secure their jobs during this widespread tech industry layoff 
• Privacy tech as the glue between different teams and in-house services
• How to make privacy more visible to the business as something that benefits the bottom line 
• Common mistakes that Nishant sees engineers make when it comes to privacy 
• What’s covered in Nishant’s ‘Privacy by Design’ courses 

Resources Mentioned:

• Buy Data Privacy: A Runbook for Engineers 
• Check out the Privacy Engineering Certification Course 

Guest Info:

• Follow Nishant on LinkedIn 

Follow the SPL Show:

• Follow us on Twitter 
• Follow us on LinkedIn
• Check out our website

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Mark is also the Vice Chair of the IEEE Cybersecurity for Next-Generation Connectivity Systems' Human Control & Flow Sub-Committee and Editor & Lead Author of the ANCR Notice Record Specification and Framework at the Kantara Initiative. 

In our conversation, we unpack the current standards and specifications for transparency and data control in the digital space. Mark shares some of the innovative solutions he and his colleagues are working on to bridge the gap in web consent. 

---------
Thank you to our sponsor, Privado, the developer-friendly privacy platform
---------

Mark unpacks his interpretation of the open transparency standards, laws, and tech required for privacy to scale digitally. One of the major use cases he’s working on at 0PN is called ‘Do Track,’ which is a response to the shortcomings of the current ‘Do Not Track’ mechanism that we have in place today. The Controller Credential Standard allows users to specify or direct consent, and he shares some exciting examples of how users can use ‘Do Track’ to take back control over their own data. 

Mark breaks down the four levels of privacy assurance achieved Controller Credential Framework and explains what’s needed to gain market traction for this privacy-enabling tech standard. He also gives us a peek into what else they’re working on over at the Digital Transparency Lab and how to get involved with the organization and their efforts..

---------
Listen to the episode on Apple Podcasts, Spotify, iHeartRadio, or on your favorite podcast platform.
---------

Topics Covered:

• A simple way to understand online consents vs. system permissions 
• Why it’s important to see who's controlling our data 
• How the new Controller Credential gives people autonomy over their own data
• International privacy instruments that can be scaled for local use 
• A new digital model for representing physical privacy 

Resources Mentioned:

• Learn more about Digital Transparency Lab 
• RSVP to the 1/27/23 Digital Privacy Transparency Launch

Guest Info:

• Connect with Mark on LinkedIn 
• Follow Mark on Twitter 

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

---------
Thank you to our sponsor, Privado, the developer-friendly privacy platform
---------

As Michelle puts it, we’re living in an ‘innovation palooza’ right now. But, there’s still progress to be made. Michelle highlights how we can change the investment proposition to get more VCs and investors to see privacy is a strategic business enabler. At PrivacyCode, they’re focused on creating a simple way to communicate the language of ‘people data’ across specialities.

Part of the solution includes having a software bill of materials (SBOM), which is essentially a list of ingredients that make up software components. Michelle shares a tangible example of how an SBOM creates flow, compliance, and transparency in new areas of tech. She also touches on her consulting work, including her simple strategy for determining privacy benefit metrics.

Topics Covered:

• Privacy as a strategic enabler
• Why Michelle thinks "today's VCs are more of a mood than an algorithm"
• How PrivacyCode allows users to orchestrate requirements across various departments and lets specialists operate in their "zone of genius"
• What a Software Bill of Materials (SBOM) is & why we need one to ensure privacy
• Michelle's advice to privacy engineers on how to leverage an SBOM for quality code
• Michelle's work at Privatus Consulting and their Wicked Privacy Framework
• Examples of creative, straightforward privacy metrics

Resources Mentioned:

• Learn more about PrivacyCode & schedule a demo
• Learn more about Privatus Consulting
• Trillions: Thriving in the Emerging Information Ecology

Guest Info:

• Follow Michelle on LinkedIn
• Follow Michelle on Twitter
• Read The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to Value

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Privacy4Cars is the first (and only) privacy tech company focused on identifying the challenges posed by vehicle data. They create solutions to better protect consumers and businesses by offering improved privacy, safety, security, and compliance. 

---------
Thank you to our sponsor, Privado, the developer-friendly privacy platform
---------

In our conversation, Andrea reveals how personal data flows through vehicular systems and networks. He highlights the type of data that can be easily found in cars, such as your frequently visited addresses, garage codes, text messages, emails, and so on. Andrea explains the different privacy concerns that have so far remained unaddressed across the industry and his theory on why these gaps exist. 

It might be unsettling to hear about the state of privacy in the automotive industry, but fortunately, the folks at Privacy4Cars are dedicated to creating new standards. Andrea shares what the industry reaction has been to Privacy4Cars’ initiatives and highlights some other organizations that are leading innovation on this issue. 

---------
Listen to the episode on Apple Podcasts, Spotify, iHeartRadio, or on your favorite podcast platform.
---------

Topics Covered:

• Andrea’s professional background and what inspired him to launch Privacy4Cars
• Debunking common myths about data storage and security in cars 
• Where car data privacy falls under EU GDPR
• How Privacy4Cars helps companies solve compliance issues
• Feedback from third-party wholesalers, dealerships, and service providers 
• Advice for automotive software developers when architecting systems and networks in this space 

Resources Mentioned:

• Read STOP's paper, Wiretaps on Wheels 
• Read the European Data Protection Guidelines for Connected Vehicles
• Learn about Privacy4Cars

Guest Info:

• Connect with Andrea on LinkedIn
• Follow @Privacy4Cars on Twitter 

Send a text

Copyright © 2022 - 2024 Principled LLC. All rights reserved.