When Engineers and Lawyers Talk: Right-Sizing Your Data Protection Risk Profile
Rafae Bhatti, Mode
The path to navigating data protection risks is often filled with uncertainty. Overestimating the risks stifles growth, and underestimating them can derail the business. To be able to measure data protection risks and right-size the risk-profile of a company, we need to view them from both a technical and legal lens. Engineers and lawyers need to talk.
This talk will provide practical examples of how right-sizing the risk profile helps simply compliance. It will cover scenarios of data retention, use, and sharing, as well as breach notification. We will review key architectural decisions as well as engineering trade-offs that are often involved in shaping an organization’s compliance processes. These decisions and tradeoffs often center around the purpose of use, which is a concept that engineering teams do not traditionally pay attention to. Therefore, viewing the system requirements from a data protection lens helps clarify legal obligations and simplify compliance.
View the full PEPR '20 program at https://www.usenix.org/conference/pepr20/conference-program