You are viewing content from a past/completed QCon -

Track: Ethics, Regulation, Risk, and Compliance

Location: Pacific LMNO

Day of week:

From personalized news feeds to engaging experiences that forecast demand: learn how innovators are building predictive systems in modern application development.

Track Host: Hoang Bao

Privacy and Data Governance Advisor, currently Principal at Virtual Privacy

Hoang is a privacy and data governance advisor with over a decade of industry experience. He is currently a Principal at Virtual Privacy, focusing on empowering the privacy and data protection ecosystem through pro bono services and research about businesses, consumers, and trust in the digital space.

He recently served as Director, Privacy Assurance and Engineering at Netflix, where he built a high talent team and created a strategic and comprehensive vision for Netflix privacy assurance and engineering program, inclusive of Netflix products, studio operations, employee data, marketing, and other business operations.

Prior to Netflix, he was the Director of Privacy at Walmart Global eCommerce. Before that, he was the Director of Policy, Privacy & Data Governance at Yahoo!. He was also a Senior Consultant at KPMG LLP.

Hoang received his Master of Science in Computer Science from Cal Poly, San Luis Obispo. He has the following privacy designations: CIPP/US, CIPP/E, CIPT, and CIPM.

10:35am - 11:25am

Mind the Software Gap: How We Can Operationalize Privacy & Compliance

With legislation like GDPR and CCPA, it has become newly urgent for organizations to understand internal and external data flows. In the push towards compliance, software organizations have been discovering just how difficult it is to maintain an up-to-date picture of data inventory and data flows. A major challenge is that modern software teams are developing and deploying software quickly and in decentralized ways. When each code change can cause data flow changes, building a clear, up-to-date map of data flows becomes more and more elusive. The state of the art (using human processes; catching data as it flows to untrusted locations) leaves gaps.

Understanding software behavior makes up a big part of the compliance gap--and automated techniques can help. In this talk, I discuss just what it could look like to get visibility into data flows and hint at what kinds of solutions could get us there.

Jean Yang, Founder and CEO @AkitaSoftware

11:50am - 12:40pm

Ethics Landscape

For humankind, ethics is old and computers are new.  Computing fast and fervent ascent to ubiquity didn't allow the field of ethics to maintain pace and society is reaping the foul fruits.  In this talk, I'll give a fly-by survey of the vast and mature field of ethics and attempt to convince you to adopt ethical considerations into the software development lifecycle. Expect time split equally between ethics, ethics in computing, and computing in society.

Theo Schlossnagle, Founder and CEO @Circonus, Editorial board of ACM's ‘Queue’

1:40pm - 2:30pm

Managing Privacy & Data Governance for Next Generation Architecture

The number of privacy-related regulations are on the rise and more vendors than ever before are vying for the attention and validation of privacy programs. In order to advocate for resources and technological solutions, the privacy office must be accountable for vendor governance and procurement decision-making, and oversight.  How do you organize business use cases, requirements, and stakeholders to evaluate privacy and data governance vendor solutions? Who should be involved in decision-making for vendor solutions that have implications for compliance, but also require investments across the company?  

This talk will explore a governance framework for roadmapping, resourcing, and driving decision-making for next generation of architecture with privacy by design. We will walk through the key players, requirements mapping, templates, and vendor engagement models for informed decision-making.

Ayana Miller, Privacy & Data Protection Advisor @Pinterest

2:55pm - 3:45pm

Quantifying Risk

The FAIR methodology is an emerging standard for measuring information risks. But, it can be intimidating to get started with a risk quantification program, as people may be reluctant to to go beyond Low/Medium/High categories to real numbers. At Netflix, we have introduced risk quantification in our highest impact areas, and are gradually expanding it across the enterprise. I'll share my experience and approach to defining appropriate loss scenarios, and getting real numbers from colleagues.

Markus De Shon, Sr. Security Engineer, Detection Engineering Lead @Netflix

4:10pm - 5:00pm

Panel: Ethics in Software Engineering

We will explore emerging ethical issues related to software engineering, as well as how they can potentially be addressed. The panelists represent diverse set of perspectives - from professional society to industry to academics.

Ayana Miller, Privacy & Data Protection Advisor @Pinterest
Bruce Edward DeBruhl, Assistant Professor @CalPoly
Theo Schlossnagle, Founder and CEO @Circonus, Editorial board of ACM's ‘Queue’
Megan Cristina, Chief Privacy Officer @Slack

5:25pm - 6:15pm

Privacy Architecture for Data-Driven Innovation

Data-driven businesses can no longer treat privacy as strictly a legal compliance-focused discipline. In a post-GDPR world, privacy needs an engineering focus to ensure it is actionable, enforceable and scalable. 

This talk will discuss how you can set up a privacy architecture to build in “privacy by data”.

The first part of the talk will tackle privacy challenges posed by incoming data into your company. This data can be extremely sensitive in that it describes who you are, where you are and other information that can uniquely identify you.

How does an organization assess and classify the risk around the data? I will discuss how your privacy architecture team can work with privacy legal to create a multi-tiered data classification, and then with security, data science and data platform teams to set up a backend that tags your data to reflect said classification. With this investment, your employees will be able to make informed decisions around data since they will know its privacy risk.   

The second part of the talk will tackle privacy as it related to sharing data with third parties, be it vendors, partners or even governments and regulators. How do you protect data from security risk or even re-identification risk in those cases? What techniques are available and what are the trade-offs involved? Uber is at the forefront of those conversations and I will discuss what our research and case-studies have yielded. 

Nishant Bhajaria, Author, Privacy and Security Leader, Digital Product Architect @Uber

Last Year's Tracks

  • Monday, 16 November

  • Distributed Systems for Developers

    Computer science in practice. An applied track that fuses together the human side of computer science with the technical choices that are made along the way

  • The Future of APIs

    Web-based API continue to evolve. The track provides the what, how, and why of future APIs, including GraphQL, Backend for Frontend, gRPC, & ReST

  • Resurgence of Functional Programming

    What was once a paradigm shift in how we thought of programming languages is now main stream in nearly all modern languages. Hear how software shops are infusing concepts like pure functions and immutablity into their architectures and design choices.

  • Social Responsibility: Implications of Building Modern Software

    Software has an ever increasing impact on individuals and society. Understanding these implications helps build software that works for all users

  • Non-Technical Skills for Technical Folks

    To be an effective engineer, requires more than great coding skills. Learn the subtle arts of the tech lead, including empathy, communication, and organization.

  • Clientside: From WASM to Browser Applications

    Dive into some of the technologies that can be leveraged to ultimately deliver a more impactful interaction between the user and client.

  • Tuesday, 17 November

  • Languages of Infra

    More than just Infrastructure as a Service, today we have libraries, languages, and platforms that help us define our infra. Languages of Infra explore languages and libraries being used today to build modern cloud native architectures.

  • Mechanical Sympathy: The Software/Hardware Divide

    Understanding the Hardware Makes You a Better Developer

  • Paths to Production: Deployment Pipelines as a Competitive Advantage

    Deployment pipelines allow us to push to production at ever increasing volume. Paths to production looks at how some of software's most well known shops continuous deliver code.

  • Java, The Platform

    Mobile, Micro, Modular: The platform continues to evolve and change. Discover how the platform continues to drive us forward.

  • Security for Engineers

    How to build secure, yet usable, systems from the engineer's perspective.

  • Modern Data Engineering

    The innovations necessary to build towards a fully automated decentralized data warehouse.

  • Wednesday, 18 November

  • Machine Learning for the Software Engineer

    AI and machine learning are more approachable than ever. Discover how ML, deep learning, and other modern approaches are being used in practice by Software Engineers.

  • Inclusion & Diversity in Tech

    The road map to an inclusive and diverse tech organization. *Diversity & Inclusion defined as the inclusion of all individuals in an within tech, regardless of gender, religion, ethnicity, race, age, sexual orientation, and physical or mental fitness.

  • Architectures You've Always Wondered About

    How do they do it? In QCon's marquee Architectures track, we learn what it takes to operate at large scale from well-known names in our industry. You will take away hard-earned architectural lessons on scalability, reliability, throughput, and performance.

  • Architecting for Confidence: Building Resilient Systems

    Your system will fail. Build systems with the confidence to know when they do and you won’t.

  • Remotely Productive: Remote Teams & Software

    More and more companies are moving to remote work. How do you build, work on, and lead teams remotely?

  • Operating Microservices

    Building and operating distributed systems is hard, and microservices are no different. Learn strategies for not just building a service but operating them at scale.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.