The Shifting Privacy Left Podcast
S2E31: "Leveraging a Privacy Ontology to Scale Privacy Processes" with Steve Hickman (Epistimis)
This week’s guest is Steve Hickman, the founder of Epistimis, a privacy-first process design tooling startup that evaluate rules and enables the fixing of privacy issues before they ever take effect. In our conversation, we discuss: why the biggest impediment to protecting and respecting privacy within organizations is the lack of a common language; why we need a common Privacy Ontology in addition to a Privacy Taxonomy; Epistimis' ontological approach and how it leverages semantic modeling for privacy rules checking; and, examples of how Epistimis Privacy Design Process tooling complements privacy tech solutions on the market, not compete with them.
Topics Covered:
- How Steve’s deep engineering background in aerospace, retail, telecom, and then a short stint at Meta, led him to found Epistimis
- Why its been hard for companies to get privacy right at scale
- How Epistimis leverages 'semantic modeling' for rule checking and how this helps to scale privacy as part of an ontological approach
- The definition of a Privacy Ontology and Steve's belief that all should use one for common understanding at all levels of the business
- Advice for designers, architects, and developers when it comes to creating and implementing privacy ontology, taxonomies & semantic models
- How to make a Privacy Ontology usable
- How Epistimis' process design tooling work with discovery and mapping platforms like BigID & Secuvy.ai
- How Epistimis' process design tooling work along with a platform like Privado.ai, which scans a company's product code and then surfaces privacy risks in the code and detects processing activities for creating dynamic data maps
- How Epistimis' process design tooling works with PrivacyCode, which has a library of privacy objects, agile privacy implementations (e.g., success criteria & sample code), and delivers metrics on the privacy engineering process is going
- Steve calls for collaborators who are interested in POCs and/or who can provide feedback on Epistimis' PbD processing tooling
- Steve describes what's next on the Epistimis roadmap, including wargaming
Resources Mentioned:
- Read Dan Solove's article, "Data is What Data Does: Regulating Based on Harm and Risk Instead of Sensitive Data"
Guest Info:
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.
Shifting Privacy Left Media
Where privacy engineers gather, share, & learn
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Copyright © 2022 - 2024 Principled LLC. All rights reserved.
Remember Everything You Learn from Podcasts
