S2E31: "Leveraging a Privacy Ontology to Scale Privacy Processes" with Steve Hickman (Epistimis)

This week’s guest is Steve Hickman, the founder of Epistimis, a privacy-first process design tooling startup that evaluate rules and enables the fixing of privacy issues before they ever take effect. In our conversation, we discuss: why the biggest impediment to protecting and respecting privacy within organizations is the lack of a common language; why we need a common Privacy Ontology in addition to a Privacy Taxonomy; Epistimis' ontological approach and how it leverages semantic modeling for privacy rules checking; and, examples of how Epistimis Privacy Design Process tooling complements privacy tech solutions on the market, not compete with them.

Topics Covered:

• How Steve’s deep engineering background in aerospace, retail, telecom, and then a short stint at Meta, led him to found Epistimis 
• Why its been hard for companies to get privacy right at scale
• How Epistimis leverages 'semantic modeling' for rule checking and how this helps to scale privacy as part of an ontological approach
• The definition of a Privacy Ontology and Steve's belief that all should use one for common understanding at all levels of the business
• Advice for designers, architects, and developers when it comes to creating and implementing privacy ontology, taxonomies & semantic models
• How to make a Privacy Ontology usable
• How Epistimis' process design tooling work with discovery and mapping platforms like BigID & Secuvy.ai
• How Epistimis' process design tooling work along with a platform like Privado.ai, which scans a company's product code and then surfaces privacy risks in the code and detects processing activities for creating dynamic data maps
• How Epistimis' process design tooling works with PrivacyCode, which has a library of privacy objects, agile privacy implementations (e.g., success criteria & sample code), and delivers metrics on the privacy engineering process is going
• Steve calls for collaborators who are interested in POCs and/or who can provide feedback on Epistimis' PbD processing tooling
• Steve describes what's next on the Epistimis roadmap, including wargaming

Resources Mentioned:

• Read Dan Solove's article, "Data is What Data Does: Regulating Based on Harm and Risk Instead of Sensitive Data"

Guest Info:

• Connect with Steve on LinkedIn
• Reach out to Steve via Email
• Learn more about Epistimis

Send us a text

Privado.ai
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.

Shifting Privacy Left Media
Where privacy engineers gather, share, & learn

Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Copyright © 2022 - 2024 Principled LLC. All rights reserved.