State Data Privacy Laws Effective Jan 1:
Complying and Unintended Consequences
Privacy and Security by Design
January 15, 2020
5:30 – 8:30 pm
@Knobbe Martens (12790 El Camino Real, San Diego, CA 92130)
Who should attend?
This session is for chief technologists, R&D, product managers, developers, and designers who want to better understand the principles of Privacy by Design.
California has two new laws that go into effect January 1: the California Consumer Privacy Act (CCPA) and SB 327, an IOT security law which mandates that manufacturers that sell or offer to sell a connected device in California equip the device with “reasonable security features.”
This makes California the first state to specifically regulate the security of connective devices, which are commonly referred to as Internet of Things (IoT) devices and the CCPA is one of most comprehensive state privacy laws to go into effect since the EU enacted General Data Protection Regulation (GDPR) in 2018.
In contrast to California data privacy laws protecting only personal information, the new security law aims to protect the security of both IoT devices, and any information contained on IoT devices.
Given this focus on legislating privacy and security we should be thinking ahead and addressing these principles during the design process. While SB 327 focuses on IoT specifically (this includes connected things such as connected cars, industrial devices, retail point-of-sale or medical devices, to name a few), privacy can impact other products and apps as well, including social apps, media, and telecommunications. Across the board, these two new acts have an impact on a wide number of products and services.
Examples where Privacy by Design was needed
When we look at the Facebook data privacy scandal around the collection and sharing of personally identifiable information on as many as 87 million people or read in recent news about hackers who have been able to spy on children via popular “smart home” security apps, we realize that even honestly designed products can end up with unintended consequences. As our world becomes more mobile and more connected, how can developers build privacy and security into their products to keep their customers safe and secure?
This panel will consist of technical, product, and design professionals who will focus on how we can apply design principles that will make our new products safe and secure.
What is Privacy by Design?
The term “Privacy by Design” means “data protection through technology design.” “Privacy by Design” along with “Privacy by Default” are one of the key changes that were brought into the General Data Protection Regulation (GDPR) that went into effect in Europe in May 2018.
“Privacy by Design” and “Privacy by Default” have been frequently discussed topics related to data protection. The first thoughts of “Privacy by Design” were expressed in the 1970s and were incorporated in the 1990s into the RL 95/46/EC data protection directive. According to recital 46 in this Directive, Technical and Organizational Measures (TOM) must be taken already at the time of planning a processing system to protect data safety.
Startups and New Product Introductions: MVP vs. Privacy / Security
As entrepreneurs we tend to think in terms of Minimally Viable Product or MVP when we first launch a product or app, and typically instantiating privacy or security at that point is thought to take up too much time or investment and risk “holding us back” in a competitive space. Yet that leaves a window of vulnerability. When should we consider designing in privacy and security? Is there “right” timing?
For that answer and more, join us Wednesday, January 15.
5:30: Registration, networking, food and drinks
7:30: Audience Q & A
8:00: Program concludes, followed by networking, coffee & dessert until 8:30
Kathleen Glass (moderator)
VP of Marketing, 2B Advice
Kathleen Glass is global VP of Marketing for 2B Advice, providers of outsourced privacy management services and data privacy compliance software. Kathleen brings over two decades of B2B sales and marketing experience in SaaS and managed services industries for emerging technologies including IoT, CyberSecurity, Privacy, and Analytics. As a passionate advocate of sales and marketing alignment, Kathleen advises companies across the US in best practices for inbound and outbound demand generation processes and technology adoption.
Kathleen is a Chapter Chair for the San Diego IAPP KnowledgeNet Chapter Program for privacy professionals, a San Diego Chapter Officer for the Association of Inside Sales Professionals and serves on the AA-ISP National Advisory Board. Kathleen also serves on the CompTIA IoT Advisory Council.
Dr. Ro Cammarota
Principal Research Scientist, Intel Corporation
Dr. Rosario Cammarota (Ro) is a Principal Research Scientist at Intel AI Research, where he grows the effort on privacy-preserving technologies and international standards for AI Systems. He received his Ph.D. degree in Computer Science from the University of California, Irvine, in 2013. He serves on the program and organizing committees of several premier hardware and embedded security conferences and workshops. He is a Senior Member of IEEE, a prolific inventor and one of the recipients of the SRC Outstanding Industry Liaison Awards in 2017, 2018, and 2019.
CEO and Founder, NXT Robotics
Darin Andersen is a distinguished serial Entrepreneur, Cybersecurity, Smart City, Internet of Things (IoT) and professional with over 20 years of experience in industry. Darin is the CEO & Founder of NXT Robotics which builds an AI security robotics platform. In 2013, Mr. Andersen founded CyberTECH (CyberHive and iHive Incubators), a global cybersecurity and IoT network ecosystem providing cybersecurity, IoT and Smart City resources, strategic programs and quality thought leader Forums across the nation. Before NXT Robotics, Darin was the CEO of CyberUnited a enterprise cybersecurity firm. Darin also served as President, North America for Norman Shark, a forensics malware analytics company, acquired by Symantec. Prior to Norman Shark, Darin was the Chief Operating Officer (COO) at ESET, an award winning and antivirus solutions company. While COO at ESET, Darin created the “Securing Our eCity” initiative. The initiative, now an independent Foundation, was recognized by The White House as the “Best Local/Community Plan” DHS National Cybersecurity Awareness Challenge. Andersen is a distinguished Ponemon Institute Fellow and serves on numerous boards and received an MBA in Finance and Operations Management and 2nd Masters in Information Systems and Operations Systems both from University of Southern California and a BA from Claremont McKenna College.
CTO, Advisory & Consultant
Emad is recognized globally as an execution-focused CTO and powerful transformational leader. His passion is both developing code and developing leaders. He is a hands-on, execution-focused CTO Advisor and Consultant leading large-scale transformations in architecture, Agile, DevOps, IT, process and leadership development. He helps his clients with scaling and growing pains as well as developing strong leaders in technology. His hybrid approach to technology management, focusing on both the practical and cultural elements of leadership, makes Emad a trusted and valued partner helping both domestic startups and global enterprises scale and grow. He is proficient in talent assessment, tangible leadership and organizational development, as well as data engineering and analytics pipelines, modernizing legacy applications, re-architecture, cloud migrations, DevOps and API integrations. He has held CTO and technology leadership positions at a number of major global brands including Experian. Named a Computerworld Premier 100 IT Leader, Emad is developing tomorrow’s industry leaders.