Privacy Engineering Section Forum

Monday, September 23
8:30 a.m. – 5 p.m.

Privacy engineering is rapidly emerging as a discrete discipline merging information technology, law, and program management into working privacy solutions. Be part of the momentum toward integrating privacy into product development at the Privacy Engineering Section Forum, brought to you by the IAPP’s Privacy Engineering Section. Expanded to a full day after packed crowds at IAPP Global Privacy Summit 2019 and P.S.R. 2018, the Forum will focus on identifying solutions that bridge technologies, users and the laws aimed at protecting our privacy. Come for in-depth discussions and real-world examples of privacy engineering at work.

Schedule and Program

  • local_dining7 – 8:30 a.m.
    Registration and Breakfast
  • person8:30 – 9 a.m.
    Keynote Address
  • expand_more9 – 10:30 a.m.
    Analytics and Privacy Can Go Together: Engineering the Analytics Platform With Data Protection in Mind

    Rafae Bhatti, CIPP/US, CIPM, Head of Security and Privacy, Mode Analytics

    Benn Stancil, Chief Analytics Officer, Mode Analytics

    Jason White, Head of Privacy Engineering, Shopify

    The value of data analytics is often undermined when companies are not prepared to address inherent privacy issues. There are legal, policy and technical consequences of ignoring privacy considerations during the design phase. Applying them after the fact becomes a daunting and costly task, often forcing the companies to settle for undesirable trade-offs. This case study demonstrates how privacy protections are an important design consideration from the start when building a data analytics platform. It also illustrates how a company can bake privacy not just into its engineering process, but in the culture that provides a strong foundation for data protection.

    What you'll take away:

    • Analytics services and platforms play an important role in modern businesses but it’s often undermined when companies are not adequately prepared to address privacy issues that inherently arise in this process
    • The legal, policy and technical consequences of ignoring privacy considerations during design phase and applying them after the fact
    • Appropriate privacy considerations during design processes and a company culture that supports making prudent privacy decisions provides a strong foundation for data protection
  • local_cafe10:30 – 11 a.m.
    Networking Refreshment Break
  • expand_more11 a.m. – 12 p.m.
    Thinking Whole Product Experience: Privacy-by-Design Beyond Code Freeze

    Lisa Bobbitt, CIPM, Privacy Architect, Cisco

    Debra Farber, CIPP/E, CIPP/G, CIPP/US, CIPM, CIPT, FIP, Global Head of Security Assurance, Regulatory Compliance (Privacy), AWS

    Jonathan Fox, CIPP/US, CIPM, Director, Strategy and Planning, CPO, Cisco

    Where does privacy by design in product development end? This interactive session asks that question and, using real world examples, will show how privacy professionals need to consider the whole product experience, from packaging to customer support to returns. That includes when conducting product assessments or helping to scope privacy requirements — especially when dealing with consumer product and services.

    What you'll take away:

    • Practical examples for considering the whole product experience
    • Learning when to conduct product assessments and scope privacy requirements
    • Understanding when privacy by design begins and ends in product development
  • local_dining12 – 1:15 p.m.
    Lunch On Your Own
  • expand_more1:15 – 2:15 p.m.
    Experts in the Room: The Role of Technologists at the FTC

    Joseph Calandrino, Research Director, Office of Technology Research and Investigation, Federal Trade Commission

    How does the FTC keep up with emerging technical practices and their privacy implications? Beyond enforcement and education, how does the agency seek to protect consumers? What part do technologists and research play? This session will cover the role of the Office of Technology Research and Investigation (OTech) at the FTC. OTech helps the agency stay up to date with rapidly evolving technology. It also seeks to drive research and innovation that advance the FTC's mission. We’ll discuss how OTech accomplishes this and how others can help, including how companies and researchers can engage the FTC to discuss new technologies.

    What you'll take away:

    • The role that technologists play at the Federal Trade Commission
    • Ways that the FTC keeps up with technology and that those outside the agency can engage
  • expand_more2:15 – 3:15 p.m.
    Improving Engineering Outcomes With Scalable Privacy Knowledge

    Nathan Good, Principal, Good Research

    Ditmar Haist, VP, Architecture and Innovation, Rangle.io

    Maritza Johnson, UX Principal, Good Research

    Trish Lamanna, Lead Product Designer, Rangle.io

    Jack Sadler, Director of Product Management, Rangle.io

    We regularly see new products and services that appear to go overboard with data collection, stretch the limit of acceptable use, or otherwise fail to adequately protect data. Every product and service is the result of decisions made by an interdisciplinary team representing different functions who come together to solve a specific problem. What will it take to get better outcomes? The best way to improve data protection begins with equipping your product teams and engineers to make better privacy decisions. That is, giving every person on the team enough training for them to adapt the information to their specific role and the tools to put privacy in practice. In this session, product team members and researchers will present two case studies that highlight the benefits of making privacy a part of the development process for all roles. They will walk through how to transfer privacy perspective via team training or by embedding an expert on the team.

    What you'll take away:

    • How people in different roles will operationalize privacy training in different ways
    • How privacy by design can be adapted to fit your existing workflow
  • local_cafe3:15 - 3:45 p.m.
    Networking Refreshment Break
  • expand_more3:45 – 5 p.m.
    NIST Privacy Engineering Collaboration Space

    Kaitlin Boeckl, Privacy Risk Strategist, National Institute of Standards and Technology

    Kelsey Finch, CIPP/US, Senior Counsel, Future of Privacy Forum

    Xi He, Assistant Professor, Cheriton School of Computer Science, University of Waterloo

    Explore NIST’s new Privacy Engineering Collaboration Space and learn how you can engage at this session led by NIST and featuring contributors to the space. The Privacy Engineering Collaboration Space is an online venue open to the public where practitioners can discover, share, discuss, and improve upon open source tools, solutions, and processes that support privacy engineering and risk management. Individuals affiliated with organizations ranging from Google to the Future of Privacy Forum have shared tools and use cases. The space has launched with an initial focus on de-identification, to include differential privacy techniques, and privacy risk assessment. Join this session to see a demo of the space, get an overview of contributions to date, and learn how to contribute https://www.nist.gov/itl/applied-cybersecurity/privacy-engineering/collaboration-space.

    What you'll take away:

    • An overview of current privacy engineering efforts, including common themes and distinctions
    • Discover, share, discuss and improve open source tools, solutions and processes that support privacy engineering and risk management
    • Examples of privacy engineering use cases and tools