Nishant Bhajaria is the Director of Privacy Engineering, Architecture, & Analytics at Uber and Author of "Data Privacy: A Runbook for Engineers.” He’s also an Advisor to Data Protocol, Privado & Piiano. In our conversation, we discuss privacy engineering trends, educational materials that Nishant has developed, and his advice to privacy technologists, engineers, and hiring managers. ---------Thank you to our sponsor, Privado, the developer-friendly privacy platform---------Nishant is a great example of a cross-functional, influential agent who has adapted to the ever-growing privacy discipline. He describes himself as an engineer for the attorneys and an attorney for the engineers, which has helped him secure positions at WebMD, Nike, Netflix, and now Uber. Nishant shares his advice for career development, both through the lens of how to break into the privacy space and also how to grow within your role. He explains how he’s been able to get board-level understanding about the importance of privacy as a product, not an afterthought. He also highlights takeaways from his book and online courses.Topics Covered:How privacy engineers can secure their jobs during this widespread tech industry layoff Privacy tech as the glue between different teams and in-house servicesHow to make privacy more visible to the business as something that benefits the bottom line Common mistakes that Nishant sees engineers make when it comes to privacy What’s covered in Nishant’s ‘Privacy by Design’ courses Resources Mentioned:Buy Data Privacy: A Runbook for Engineers Check out the Privacy Engineering Certification Course Guest Info:Follow Nishant on LinkedIn Follow the SPL Show:Follow us on Twitter Follow us on LinkedInCheck out our websiteSend us a text Privado.aiPrivacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.Shifting Privacy Left MediaWhere privacy engineers gather, share, & learnBuzzsprout - Launch your podcastDisclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.

To kick off Data Privacy Week 2023, I’m joined by Mark Lizar, CEO of the Digital Transparency Lab and Founder of 0PN: Open Privacy Network. Mark is also the Vice Chair of the IEEE Cybersecurity for Next-Generation Connectivity Systems' Human Control & Flow Sub-Committee and Editor & Lead Author of the ANCR Notice Record Specification and Framework at the Kantara Initiative. In our conversation, we unpack the current standards and specifications for transparency and data control in the digital space. Mark shares some of the innovative solutions he and his colleagues are working on to bridge the gap in web consent. ---------Thank you to our sponsor, Privado, the developer-friendly privacy platform---------Mark unpacks his interpretation of the open transparency standards, laws, and tech required for privacy to scale digitally. One of the major use cases he’s working on at 0PN is called ‘Do Track,’ which is a response to the shortcomings of the current ‘Do Not Track’ mechanism that we have in place today. The Controller Credential Standard allows users to specify or direct consent, and he shares some exciting examples of how users can use ‘Do Track’ to take back control over their own data. Mark breaks down the four levels of privacy assurance achieved Controller Credential Framework and explains what’s needed to gain market traction for this privacy-enabling tech standard. He also gives us a peek into what else they’re working on over at the Digital Transparency Lab and how to get involved with the organization and their efforts..---------Listen to the episode on Apple Podcasts, Spotify, iHeartRadio, or on your favorite podcast platform.---------Topics Covered:A simple way to understand online consents vs. system permissions Why it’s important to see who's controlling our data How the new Controller Credential gives people autonomy over their own dataInternational privacy instruments that can be scaled for local use A new digital model for representing physical privacy Resources Mentioned:Learn more about Digital Transparency Lab RSVP to the 1/27/23 Digital Privacy Transparency LaunchGuest Info:Connect with Mark on LinkedIn Follow Mark on Twitter Send us a text Privado.aiPrivacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.Shifting Privacy Left MediaWhere privacy engineers gather, share, & learnBuzzsprout - Launch your podcastDisclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Michelle Dennedy is Co-Founder & CEO of PrivacyCode, Inc., Partner at Privatus Consulting, and the Co-Author of The Privacy Engineer's Manifesto. In our lively conversation, we discuss the digital cost of information, the privacy problems that her company solves for, and how the Privatus Wicked Privacy™ framework differs from other approaches.---------Thank you to our sponsor, Privado, the developer-friendly privacy platform---------As Michelle puts it, we’re living in an ‘innovation palooza’ right now. But, there’s still progress to be made. Michelle highlights how we can change the investment proposition to get more VCs and investors to see privacy is a strategic business enabler. At PrivacyCode, they’re focused on creating a simple way to communicate the language of ‘people data’ across specialities.Part of the solution includes having a software bill of materials (SBOM), which is essentially a list of ingredients that make up software components. Michelle shares a tangible example of how an SBOM creates flow, compliance, and transparency in new areas of tech. She also touches on her consulting work, including her simple strategy for determining privacy benefit metrics.Topics Covered:Privacy as a strategic enablerWhy Michelle thinks "today's VCs are more of a mood than an algorithm"How PrivacyCode allows users to orchestrate requirements across various departments and lets specialists operate in their "zone of genius"What a Software Bill of Materials (SBOM) is & why we need one to ensure privacyMichelle's advice to privacy engineers on how to leverage an SBOM for quality codeMichelle's work at Privatus Consulting and their Wicked Privacy FrameworkExamples of creative, straightforward privacy metricsResources Mentioned:Learn more about PrivacyCode & schedule a demoLearn more about Privatus ConsultingTrillions: Thriving in the Emerging Information EcologyGuest Info:Follow Michelle on LinkedInFollow Michelle on TwitterRead The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to ValueSend us a text Privado.aiPrivacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.Shifting Privacy Left MediaWhere privacy engineers gather, share, & learnBuzzsprout - Launch your podcastDisclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Of the almost 300 million cars that are in circulation in the U.S., the vast majority collect consumer’s personal information. Every time you connect your phone via USB or Bluetooth, your car is designed to download data and store it locally. The automotive industry is grossly behind when it comes to data privacy and safety, but that’s where Privacy4Cars comes in. Privacy4Cars is the first (and only) privacy tech company focused on identifying the challenges posed by vehicle data. They create solutions to better protect consumers and businesses by offering improved privacy, safety, security, and compliance. ---------Thank you to our sponsor, Privado, the developer-friendly privacy platform---------In our conversation, Andrea reveals how personal data flows through vehicular systems and networks. He highlights the type of data that can be easily found in cars, such as your frequently visited addresses, garage codes, text messages, emails, and so on. Andrea explains the different privacy concerns that have so far remained unaddressed across the industry and his theory on why these gaps exist. It might be unsettling to hear about the state of privacy in the automotive industry, but fortunately, the folks at Privacy4Cars are dedicated to creating new standards. Andrea shares what the industry reaction has been to Privacy4Cars’ initiatives and highlights some other organizations that are leading innovation on this issue. ---------Listen to the episode on Apple Podcasts, Spotify, iHeartRadio, or on your favorite podcast platform.---------Topics Covered:Andrea’s professional background and what inspired him to launch Privacy4CarsDebunking common myths about data storage and security in cars Where car data privacy falls under EU GDPRHow Privacy4Cars helps companies solve compliance issuesFeedback from third-party wholesalers, dealerships, and service providers Advice for automotive software developers when architecting systems and networks in this space Resources Mentioned:Read STOP's paper, Wiretaps on Wheels Read the European Data Protection Guidelines for Connected VehiclesLearn about Privacy4CarsGuest Info:Connect with Andrea on LinkedInFollow @Privacy4Cars on Twitter Send us a text Privado.aiPrivacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.Shifting Privacy Left MediaWhere privacy engineers gather, share, & learnBuzzsprout - Launch your podcastDisclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.

This week, I continue my conversation with Jim Nasr, CEO of Acoer about privacy and using distributed ledger technology (DLT). We discuss his work leading The HBAR Foundation's Privacy Market Development Fund and the trends he sees across grant applicants. We also chat about the collapse of FTX and the ripple effect it’s had on the crypto space. ---------Thank you to our sponsor, Privado, the developer-friendly privacy platform---------Jim tells us about the types of innovations The HBAR Foundation seeks to fund; why privacy & security usability is an imperative; uses cases for decentralized identifiers (DIDs) and new "DID methods" like PKH. We also discuss FTX's collapse and how to provide real transparency and data regulation in DLT technology. ---------Listen to the episode on Apple Podcasts, Spotify, iHeartRadio, or on your favorite podcast platform.---------Topics Covered:The HBAR Foundation’s search for projects to fund that enhance privacy usabilityExciting privacy use cases Jim has seen using Hedera's DLT, including those that enable high-value, privacy-preserving transactions What went wrong with FTX and what we can learn from it's collapse How decentralized identity can enable the next iteration of web privacyThe tech behind MetaMask's Snap software that allows anyone to safely extend capabilities of their wallet Resources Mentioned:Learn about AcoerLearn about The HBAR FoundationRead about The HBAR Foundation's Privacy Market Development Fund Jim Nasr’s Info:Follow Jim on LinkedInFollow Jim on TwitterFollow the SPL Show:Follow us on Twitter Follow us on LinkedInCheck out our websiteSend us a text Privado.aiPrivacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.Shifting Privacy Left MediaWhere privacy engineers gather, share, & learnBuzzsprout - Launch your podcastDisclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Today, I am joined by Jim Nasr, CEO of Acoer. I had the pleasure of collaborating with Jim on several projects during my 6-month stint as Privacy Strategist for Hedera. Jim joins me today to discuss the use of distributed ledger tech (DLT) to provide computational trust for real-time applications. Jim and I speak about the development of secure, privacy-preserving, and traceable technologies, which can gain adoption via open protocols and usable interfaces.---------Thank you to our sponsor, Privado, the developer-friendly privacy platform---------In part one of this two-episode conversation, Jim explains Acoer's approach to building DLT-enabled software and its initial application to healthcare and clinical trials. Jim shares his background and experience in tech both academically and professionally; as an entrepreneur in software development; his roles in large-scale tech companies and with the government at the CDC; and how he enjoyed “getting his hands dirty” in public health to bring automated trust and accountability to the space. At Acoer, Jim continues his previous work - to build open technologies - by leveraging DLT and also building interfaces with usable privacy and security. In this conversation, Jim also covers the security and privacy approaches that Acoer takes to ensure that its products work as advertised and so that the machinery of its clients is never compromised.----------Listen to the episode on Apple Podcasts, Spotify, iHeartRadio, or on your favorite podcast platform.----------Topics Covered:How Acoer designs and builds its tech as components to be absorbed & consumed by other machinesHow using DLT reduces the need for intermediariesAcoer's approach to building decentralized apps & why it chose to build on hashgraph tech instead of blockchainBenefits gained from DLT's "data stamping" to computationally prove transactions & to assist during data leakages, compliance issues, or to demonstrate privacy assuranceHow you can use NFTs to represent individuals' consents via RightsHashResources Mentioned:Learn about AcoerLearn about RightsHashJim Nasr's Info:Follow Jim on LinkedInFollow Jim on TwitterSend us a text Privado.aiPrivacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.Shifting Privacy Left MediaWhere privacy engineers gather, share, & learnBuzzsprout - Launch your podcastDisclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.

In this episode, I’m joined by Lorrie Cranor, FORE Systems Professor, Computer Science and Engineering & Public Policy at Carnegie Mellon University (CMU); Director, CyLab Usable Privacy and Security Laboratory; and Co-Director, of CMU's MSIT-Privacy Engineering Masters Program. We discuss the different tracks within the Privacy Engineering Program at CMU, privacy engineering hiring trends, the need for industry education, and Lorrie’s research outside of the classroom.----------Thank you to our sponsor, Privado, the developer-friendly privacy platform----------Lorrie explains how this next generation of privacy experts and engineers can work together to bring new architectures, innovations, and software to market. She describes the kind of hands-on work in which her students participate, including a capstone project sponsored by Meta that’s exploring ways the platform can integrate more privacy education into its UI/UX.In addition, Lorrie shares her perspective on the job market for privacy engineers for recent grads and explains how CMU’s Certificate Program in Privacy Engineering aims to meet the high demand for experienced privacy experts with knowledge of privacy engineering concepts. We also get into her research on cookie banners and privacy “nutrition labels” for IoT devices.Topics Covered:Lorrie’s professional background and what drew her into privacy engineeringWhat candidates can expect from the Privacy Engineering Program at CMU Insights into how people interact with cookie banners and potential solutions to improve the user experienceWays that we can bridge the hiring gap in our industryDifferent sectors outside of tech that are looking for privacy experts, including finance and retailResources Mentioned:Apply to CMU's Privacy Engineering Program (Applications due Dec 12th, 2022 for the next enrollment period)Learn about CMU's CyLab Security & Privacy InstituteLearn about the CyLab Usable Privacy and Security (CUPS) LaboratoryReview CMU's research on IoT Privacy & Security Labels.Guest Info:Connect with Lorrie on LinkedInFollow Lorrie on TwitterLearn more about LorrieSend us a text Privado.aiPrivacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.Shifting Privacy Left MediaWhere privacy engineers gather, share, & learnBuzzsprout - Launch your podcastDisclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.

This week, I’m joined by Lourdes Turrecha, Founder & Chief Privacy Tech Strategist at The Rise of Privacy Tech (TROPT). TROPT's mission is to fuel privacy innovation by bringing together privacy tech founders, investors, buyers, & expert-advisors to bridge the existing tech-capital-expertise gaps in the field. As a member of TROPT's Advisory Board, I’ve seen 1st-hand TROPT's innovative resources and events that they offer the industry.----------Thank you to our sponsor, Privado, the developer-friendly privacy platform----------In our conversation, Lourdes and I explore the different facets of TROPT, particularly focusing on what’s included in the recently-published "TROPT Privacy Tech Stack 2.0 Whitepaper 2022." We discuss how buyers currently navigate the space, how TROPT supports privacy tech founders & the 5 biggest challenges that we see across privacy tech. The whitepaper is a first-of-its-kind landscape that categorizes the different categories of privacy tech so the market can better understand the breadth and depth of the space. It highlights current trends and visions for the future of privacy tech, and addresses solutions to those 5 major pain points. Lourdes also dives into what we can expect from the TROPT Data Privacy Week 2023 in January and how to get involved. ----------Listen to the episode on Apple Podcasts, Spotify, iHeartRadio, or on your favorite podcast platform.----------Topics Covered:TROPT’s free resources and paid offerings for privacy tech key playersThe thought process behind the TROPT Privacy Tech Stack Review program The current frustrations of many privacy tech buyers and users' experience, especially on the B2B sideAn overview of the 3 main topics covered in the whitepaper Proposed solutions for the challenges we’re facing in privacy tech Resources Mentioned:Read the TROPT Defining the Privacy Tech Landscape Whitepaper 2021Bookmark the TROPT Privacy Tech Stack 'Scape Guest Info:Follow Lourdes on LinkedIn Follow Lourdes on TSend us a text Privado.aiPrivacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.Shifting Privacy Left MediaWhere privacy engineers gather, share, & learnBuzzsprout - Launch your podcastDisclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.

I’m joined by Stephen Wilson, accomplished data protection innovator, researcher, analyst and advisor who leads Digital Safety and Privacy efforts at Constellation Research and is Managing Director of Lockstep Technologies. In our conversation, we discuss the importance of information value chains, the emergence of data sharing platforms, discuss why data should be like clean drinking water, and explore the problems with "data ownership."--------Thank you to our sponsor, Privado, the developer-friendly privacy platform--------Stephen explains the push for more data sharing and to establish user-centric business models that deliver value for businesses and benefits for individuals. We discuss emerging tools that assure the orderliness, fairness, and transparency of information value chains and why Stephen aims to take data processing "out of the shadows" with his research.Lastly, we discuss key Facebook & Google EU court cases that addresses collection & use of facial biometrics  from people without sufficient consent and the challenges that Google and search engines have with addressing "the right to be forgotten." Plus, we discuss the privacy expectations within the ‘digital town square,’ particularly through the lens of Twitter and Facebook. ---------Listen to the episode on Apple Podcasts, Spotify, iHeartRadio, or on your favorite podcast platform.---------Topics Covered:Stephen’s assertion that privacy is about restraint: what you choose to not know.The rise of data sharing platforms to facilitate and scale global information value chains.How if data is like “crude oil,” then it requires safe handling, and why we should treat data like "clean drinking water" instead.The importance of data quality, data originality, and data lineage.Stephen’s analysis of the growing market for “Data Protection as a Service," which includes: data clean rooms, privacy APIs, and more.Why you don’t need to own your own data to get good privacy outcomes.Resources Mentioned:Read the 2021 Data for Better Lives report (World Bank) Send us a text Privado.aiPrivacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.Shifting Privacy Left MediaWhere privacy engineers gather, share, & learnBuzzsprout - Launch your podcastDisclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.

In this episode, I interview Mert Can Boyar,  Director of Privacy Innovation Lab at Bilgi University and Founder of privacy tech company, Verilogy. Mert walks us through his creative approach to educating on core privacy engineering concepts, particularly through the lens of storytelling, visual art & music. He also shares his vision & mission behind his passion project, “The Hitchhiker’s Guide to Privacy Engineering."---------Thank you to our sponsor, Privado, the developer-friendly privacy platform---------Mert tells his "origin story" and dives into how he ended up in privacy and data protection. He highlights the thread of art & entrepreneurship throughout his career, which has taken him from musician to lawyer to start-up founder, and now educator. Privacy Innovation Lab is a multi-stakeholder hub for privacy innovation. Mert highlights exciting projects that his students are working on, including an assessment tool to help practitioners build fair & lawful AI models and new tech in the self-sovereign identity (SSI) space. While working at the lab, Mert came up with a “creative privacy" strategy, which he uses to inspire young minds about privacy engineering. In this episode, he takes us behind-the-scenes of his comic book project that’s meant to educate people who want to understand how modern software and data processing technologies function. ---------Listen to the episode on Apple Podcasts, Spotify, iHeartRadio, or on your favorite podcast platform.---------Topics Covered:What initially sparked Mert’s interest in data and privacy protection How Mert uses his multifaceted & creative skillsets to bridge knowledge gaps between privacy law & engineeringVerilogy’s open source database tool that automates and streamlines the work that Mert was doing as a privacy lawyer Fascinating projects underway at Privacy Innovation Lab What Mert hopes to achieve with The Hitchhiker’s Guide to Privacy EngineeringResources Mentioned:Learn more about Privacy Innovation LabSubscribe on LinkedIn to The Hitchhiker's Guide to Privacy EngineeringRead about Verilogy Guest Info:Follow Mert on LinkedIn Contact Mert at Privacy Innovation Lab:  mertcan.boyar@bilgi.edu.trSend us a text Privado.aiPrivacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.Shifting Privacy Left MediaWhere privacy engineers gather, share, & learnBuzzsprout - Launch your podcastDisclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.