Punit Bhatia, Debra J Farber

The Rise Of Privacy Tech With Debra and Punit

Drag to resize

The Rise of Privacy Tech

Privacy Tech. What is it? In the recent years there has been an advancement in terms of technology in privacy: the tools, the solutions and the related supporting technology. And, this is referred as privacy tech. Why is this important and how is it shaping the privacy world?

In this episode, Debra J. Farber and Punit Bhatia have a conversation about the rise of privacy tech and more. 
  • GDPR In One Word “Comprehensive”
  • Understanding Privacy Tech
  • The overlap of Privacy Tech and Privacy Engineering
  • Why should we care about Privacy Tech
  • The driving force behind implementing Privacy Tech
  • The Shifting Privacy Left Podcast
  • And, a message to people in business about Privacy Tech

Transcript of the conversation

Punit 0:00   
In last few years, there has been an advancement in terms of technology in privacy, the tools, the solutions, the technology that supports privacy. We call it the rise of privacy tech. So what is this privacy tech? Why is it important for you? And how is it shaping the privacy world? And we go and talk about it with none other than Debra Farber, who's a fellow privacy professional, and is also hosting a podcast. So let's go and talk to Debra.  

Punit 1:00   
So here we are with Debra. Welcome, Debra to Fit4Privacy Podcast. 

Debra 1:04   
Thank you. It's great to be here. 

Punit 1:08   
Thank you so much for being here. And let me start with a icebreaker saying, when you think of the GDPR, what's the one word that comes to your mind? 

Debra 1:17   
Oh, I'd say comprehensive. Wow

Punit 1:20
   
that's comprehensive. Meaning?

Debra 1:23   
covers, you know, it covers pretty much all most aspects of personal data and how it's processed throughout its lifecycle. So I think of it as comprehensive because it's really think it's really addressing the lifecycle of data. That's personal to us. Now, obviously, there are, you know, there's challenges with GDPR, it's principle based it you know, a lot of people wish they had more directions as to what they're supposed to do. Exactly, so they can check off a list. But that's not the purpose of GDPR, the purpose of it is to really kind of get us thinking at every stage of you no manipulation of data within the organization, about how to protect it, about how to protect the individuals behind the data. And I, you know, I really view that the GDPR as the regulation that has moved the world forward in thinking about privacy, as you know, as we're increasingly in a more data driven world. So, you know, there's, it's got its flaws, it's got its drawbacks. It's, you know, got some enforcement challenges. But overall, I mean, even the United States is, you know, we're on the other side of the world, you know, were pushed to follow the GDPR. Because we have not passed our own laws, right. So even in the default of our doing nothing here in the US on a federal level, I don't want to say nothing. But you know, in terms of legislation and getting it passed, we still are, you know, bound by the GDPR. And what Europe has put in place? 

Punit 3:07   
Absolutely. I think it's quite comprehensive, and it's a framework in its own. Now, in the privacy world, we are talking about this new term called privacy tech. More and more being taught, especially in the United States, can you help us understand what exactly do you mean, because you're also doing a lot of work in privacy tech field. Understand, what does this privacy tech mean? 

Debra 3:33   
Yeah, I mean, it's basic privacy tech is, you know, creating tools and just technology that is going to enable us to continue to use data about people, but in a protective way, where we're not adding more risk. And in fact that the we can de risk. You know, the use of personal information in a negative way. So we're trying to protect so privacy Tech has a whole bunch of definitions depending on like what view of the elephant you're looking at. But the way I kind of view it is, it's bringing a market new technology that enables, you know, us to safely use that use the technology to another end. So perhaps you wanted to use, you know, cloud technology, you want to make sure that it's got its appropriate privacy preserving capabilities built in, you might want to know, how do you delete the information if you put it in the cloud, like so. Privacy tech is kind of coming up with this technology that allows privacy engineers and the entire team under, you know, the privacy and security teams to do their jobs in a way that doesn't really affect their work negatively and get in the way, in fact, enables them to do the privacy preserving aspects of their jobs. So it's free really about making the business of privacy easier within an organization by, you know, either building or buying software, for the most part software, but it could be tech, that could be hardware, as well. And, you know, enabling engineers, for the most part, but also, you know, other technologists and data scientists, and even your attorneys, to better be able to have insight into how the organization is processing data. And that could even be about how the organization is, you know, it's state of that personal data, and therefore also thinking in terms of, like, the risk to individuals, and like, what are the privacy problems that could potentially happen, so that you can then go and fix those, you know, de risk the organization before ever shipping? A product or service? Right? So, so privacy Tech is a growing area where, you know, we're bringing products to market, and you're this is really getting into the world of entrepreneurs who are building new technology for the first time, and then wanting to sell it into the market. You know, it could be a particular vertical, it could be to, you know, anyone who processes personal data. I mean, it runs the gamut. And there's a growing growing areas of privacy tech that, you know, we've categorized that the rise of privacy tech, which is an organization led by Lourdes derecha, that brings together entrepreneurs who are building privacy tag, the, the buyers of that privacy tech investors, and then the experts, like myself or yourself, right, who could really advise companies on how do you implement that? Or how do you even bring privacy tech to market? What are the what is the right way to do that? So I'm working a lot on bringing privacy tech to market. But what it is itself is still kind of a working definition. For the most part, it's anything that solves privacy problems. 


Punit 7:10   
does it also include the privacy management software, or that's?

Debra 7:13   
a part? Yes. So I would say it absolutely does include privacy management software. But I would say that it doesn't only include that, right, that is one particular subset, and I and that is post production, you've already pushed to a code to production or there's a product out there, and you want to understand the lifecycle of that data. You know, you keep tabs on that, then then that privacy management software is essential to the business of an organization. But there's so much beyond just the management of privacy. And, you know, if you're looking at, you know, different sub areas, then you could really, you could really see that there is a flourishing area, there are different segments of privacy tech, like it could be, you know, how do you use the blockchain or the hash graph to to manage personal data and not so much like the representation of personal data. So you don't ever want to put personal data on a blockchain, right. But you could represent consents, for instance, as an IF t's on a blockchain and be able to track those or track the accountability of an organization for taking an action or not taking an action can be represented on a blockchain. So I'm just giving examples of how new technology is being played around with right now to figure out ways that can provide more trust, more accountability and transparency about how organizations are processing this data. There are new ways that organizations are looking at consent. There's, you know, with the advent of new things like XR, you know, extended reality and, you know, this this goal of building towards a Metaverse, you know, there's there there needs to be privacy engineers who are thinking about how can we do this in a safe way so that the humans are having a safe experience when they're immersed, fully immersed? What what are some ways that that if you're in the metaverse, you can actually take ownership and protect yourself. And so, you know, there's so many areas, I'm just kind of, you know, giving one off examples of why we need our ingenuity in in the space. And we're starting to see it quite a bit. 

Punit 9:33
Now, that's privacy tech, but we also talk about a term called privacy engineering. The two differ. So privacy tech, as I understand, and as you explain, it is about enabling privacy to technology, whether it's privacy management software, encryption, software, security software, data deletion software, or anything that has to do with privacy principles, and its enablement or privacy obligations that it's enablement. But then what is privacy in general, is that have anything to do with this privacy tech? 

Debra 10:07   
It does. I mean, they overlap in ways. So, you know, most, I would say that most of the privacy tech founders that I've seen have an overlap with engineering in some capacity. But it doesn't necessarily mean that someone who's bringing privacy tech to market has an overall understanding of privacy engineering, which is all of the elements across an organization as to how you need to engineer your business so that you've got privacy baked in. But I would say that privacy by design, if you, in order to get into the business and embedded into the business, you truly need to deploy privacy engineering principles. And so I would define privacy engineering as an emerging field of engineering that aims to provide methodologies, tools and techniques to ensure systems provide acceptable levels of privacy. And you'll do that through different ways of managing that and you know, what it's going to take, that's the viewpoint instead of a legal lens, or even bringing one product to market lens privacy engineering is looking a little more holistically on, you know, how do you go about and make acceptable, you know, a system have an acceptable level of privacy. And there are various, you know, risk frameworks for this that are kind of being iterated on everything from the NIST privacy engineering, you know, approach. So in the United States, take a look at how NIST has approached that to independent organizations like mitre has its own approach. What I really like is that, like Linden is a risk modeling capability that really applies well, to privacy engineering, I forget what Linden actually stands for, but it's I L, M, sorry, l i n, d, is to use D D, U. N, I believe, but Linden I might have had spelled that wrong. But it's it's along those lines and Linden is it really gives some great ways of approaching looking for threats, and then control selection for privacy in the engineering of a system. So while it's more of a threat modeling, it really you know, perspective, it really enables organizations to build the system by thinking about what those potential privacy problems would be, and building up the system. And then, you know, sharing them up as you go along and making sure you have the right controls so that your system is privacy enabling. 

Punit 12:42
   
So that's privacy engineering, which is about essentially enabling privacy in different steps, different processes, different elements, different aspects, different departments of your organization, as I understand. Now, why does an organization care about this rise of privacy tech, because as we see, every day, a lot of new technological, technological advancements are happening, new technology companies are coming coming up and they say, we help you implement privacy, we help you delete data, we help you encrypt data, and everything will jumping on the bandwagon of privacy or GDPR. Yeah, we think that existed 10 years ago, is also being colored green, or blue, and with the study seven stars and saying here is GDPR compliant, which helps you comply with GDPR. But why does it matter? To an organization this rise of privacy tech? 

Debra 13:34   
Yeah, so I think so. It matters to an organization, because there's no way that you could address everything manually. So if we need to scale systems and make them privacy preserving, for the most part, there needs to be some way that we're able to scale them. And that usually means, you know, we're either doing something with AI, or we're doing something that's just, you know, you need to really monitor at scale or, you know, so organizations are realizing that, you know, if it's something even as as I don't want to say simple, but you want to do something like a DSR, you know, even at scale, like if Google was doing that manually, that would be pretty much insane, right? You would just need to staff up so many humans, you'd to kind of review them all. And that would be error prone. Because just you know, it's we're humans, right? We're, we are prone to errors. We're not computers. And I think that organizations really need to address through technology, ways of just doing business in a in a more scalable way. I mean, it's especially as we're more global and we have just, you know, we're aiming for as many users as possible when we're selling a product that you need technology that's going to enable you to Well, like I said, do things at scale but then You also want to make sure that the you're not scaling on a privacy disaster, right. Like, I looked at something like clubhouse when it came onto the scene. And, you know, at scale, it was collecting all of your connections and your your social graph and you know, so that that can be really dangerous if you do things like that at scale. So making sure you've got the right privacy controls in place that you have the right purpose, for collecting the data in the first place, you've got authority to do that you can do it in a safe manner. With all these things. I mean, it's really complicated set of engineering requirements, that if you embed them into a product and bring them in that product can help the organization, then do it as you know, do something at scale and not and could turn your attention elsewhere. And then you just look at that in terms of monitoring at scale, and making sure that you know, rights are being respected. And, you know, once you have that technology in place, the challenge we're seeing is that every single organization that has anything that touches on security, or privacy is using GDPR and other regulations to drive their product forward to drive sales of their product to drive people to their website. And so they're all glomming on to the very same concepts, oh, comply with GDPR, which is this massive, as I mentioned before, a comprehensive legislation. So when you say that, first of all, we all know that there is no such thing as like GDPR compliant, you know, like certification for the most part of a product. But that if that's what an organization feels like, is going to be fuel for an you know, is basically, the interesting thing about them is that they can help with a compliance problem, they're not gonna want to use that in sales on their messaging. The challenge is that privacy tech companies very often they're not from the industry, what I found is, it's usually somebody like, you know, someone in cloud that's like, I could do this in a more privacy preserving manner, I'm gonna go start my own company. And, you know, I'm an engineer, and, you know, I'm a founder, I'll just found this, I'll solve for this one problem, or like, the executive who went and left Google and founded Neva, which is a privacy preserving search engine. You know, from a former, I believe, SVP of Google, you know, that person really understood search very, very well. That's the expertise. Now let's, let's add the privacy piece in embedded in, bake it in, and now create a search engine that's privacy preserving to compete against the status quo, which is, you know, a like your Google's and your Bings and other search engines on the market. And so what those people usually have a very clear vision, but don't necessarily know what a Chief Privacy Officer Chief Security Officer a, you're all what all the players in the privacy space, the the legal even right, all of these executives want to hear something different from a technologist that's trying to sell to them. And the challenge is the messaging is all the same. It's all the same to the exact each of the executives, it's all the same from one company to another. With GDPR compliant, we're consent driven, we're global, and it doesn't distinguish a privacy tech company from another privacy tech company very well. So you go to like an RSA Security, or an IPP conference or something like you know, where there's vendors. And sometimes you can't tell the difference was differences between one privacy tech vendor and another, and they're in wildly different areas of focus. And so that's, you know, that's kind of where I help out, that's where that's my sweet spot right now. And I like to, to help companies be heard and make that distinction based on what their what problem problems they're trying to actually solve, rather than just say, we're going to help you be compliant. Because Because compliance is no longer enough of a driver. So I want companies to understand is, compliance is necessary, but it's the bare minimum. And if you really want to make sense of privacy within your organization, it's about embedding it in by design. But that means that portion of that design needs to be engineered into the product, or service. And that requires people who have a real cross section of understanding between the macro what's going on in privacy, the regulations as are, what are the drivers that's changing the space at a macro level, but also at a really focused technical level, understanding the technology making sure that, you know, the, you know, if you're, if you're gonna do a web based app versus an iOS app versus an Android app, like understanding the differences and the nuances that come to, that are relevant to the user experience and the design all the way to, you know, the data and how you're, how you're processing it. Is it is it anonymized under what circumstances does it need to be anonymized versus pseudonymise versus you know, all of those things? Are that privacy experts of any stripe really should know, at a macro level, they need to really understand at a more technical level. So you want your data scientists to be doing, you know, your machine learning, privacy preserving machine machine learning, they should really have a strong data science background, versus someone who's in cryptography and is looking at, you know, I don't know a new self sovereign identity, technology that's going to help you manage your own data, you know, that person is really going to have to understand how the pieces of that stack go together. And so these, I think that's a good point, these separate technology stacks, are going to require expertise in those stacks. And we're going to see privacy engineers that have wildly different expertises. So over the next 510 years, I think we're going to start to see the privacy engineering space form where you have more, fewer generalists and more specialists in particular areas of privacy engineering, I think we're gonna follow very similar paths, tap that security did, we're just about 1015 years behind, but we have so much technology, we're not going to know what to do with it, now, we're gonna have so much technology that it's going to just over time be more and more refined, it's going to the organizations are going to, over time realize they need more budgets for bringing tech into the organization, it's not enough just to have privacy management software, that manages your business process flows, and you know, that he gets your, you know, your rights, gets everybody's rights attended to, you know, through through D SARS and such or deletion requests, I mean, there's going to be technology that's needed, just that's embedded within all of the privacy tech companies because of, I don't know, some, some bell or whistle, it brings in or some more trust that it enables. But there's going to be so much more technology, and we're starting to see a lot of it on the pre a push to, on the left side basically of of the product development stack. So before you ever push code to production, we're starting to see a lot more of that the tools that enable that help developers bring their, their code to market, where, you know, it's already gone through some sort of privacy filter, or, you know, a scanning their code, for instance, and looking for potential problems. And we're seeing a lot of that, what I what I'd like to see a lot more is consumer enabled privacy tech that enables, you know, individuals to take ownership of their data. When I say ownership, I mean that more like control sense like to take control of their own data restricted only give permission when they want, when they feel like they have trust or a company no longer seems to have, you know, doing things the right way you can you can punish them by and also save yourself by removing that data. And so I think that requires a lot of interoperability engineering, I think we're gonna see a lot more of that in the future, it's just going to take a little time to get there, because regulations alone are not going to drive that think the market demands from individuals are going to drive that. So a lot of that consumer stuff will be down the road. 

Punit 23:31  
 
That's for sure. But now, that's a lot of privacy tech that is available in the market. Yes, of course, organizations have reactions like okay, we are having too many rights requests. Let's automate that. We are having too many division needs, or we have too much data we need to delete, let's put the deletion software in place. But in your view, and the work you're doing, what do you see as the driving force? What is the key driver for implementing or buying privacy tech at the moment in the market? 

Debra 24:05   
Oh, I would say there's a, I would say there's a huge shift left mentality. And we can talk about that a little bit, if you'd like. But so at first privacy was at the realm of attorneys, and we're looking at it from a legal perspective. And we did a lot with contracts and you know, regulation and then contracts and then internally policies, and then we train on those policies and right so, what I see companies doing is going okay, this gray, we now have like the bare bones of compliance in place, we've got our, you know, privacy management suite. We've got these processes down we have you know, so all the stuff that I will call on the right side of the privacy tech stack. But we still need to address development lifecycle and data lifecycle and you can't do that. With policy alone, you need actual levers to be moved and, you know, get requirements to be embedded into the, the not just the processes, but the the way of working for an organization. It's not right, because, you know, we can't just add a box of privacy on at the end, right? Like it privacy, just like security, but privacy, maybe even more. So is about how do we, as we're, as data about humans is flowing through multiple business processes? How do we make sure that that data is used correctly only for the right purposes, right, all of these things need to be baked in by design. So what I think companies are focusing on now is they realize that this compliance stuff is really expensive. What if we reduce the amount of data that you know, we no longer think of let's let's get all the data. And maybe we have a reason to use it later. Because so let's just keep it now, right now we're seeing well, if you keep data that has liability to it, and you know, you have a breach or you have some other privacy problem that happens, as a result of you having this data that maybe you didn't even need, then companies are actually creating more risk for themselves. And it's more expensive. So if they're able to, you know, shift further left into the development cycle, go, you know, here are some privacy enhancing technologies, or here are some, here's like, data subject, right rights infrastructure that we're creating using new, maybe new methods to define what your privacy data looks like, like EPA, for instance, came out with I forget what it's called, it's an open source, new way of like naming your data and then calling it up. There's, there's new that way, it enables you to your engineers to build infrastructure that is only going to collect data, that's maybe I'll call it clean, like clean drinking water, right? You know, you don't want that toxic aspect of data that's going to get in your pool of clean drinking water, and then render it all of a sudden, unusable, and you have to throw it away, right. So especially in the world of disgorgement, where the FTC in the United States is, they have the capability, and they've expressed that they would like to start using it, that if a company ends up Do you know, creating a major privacy problem. You know, like, think of it like a biometric collection that Facebook had had done for many years, right, the FTC would make them not only, you know, have a pay a fine, but get rid of the model that they trained the data on, right, like disgorgement, like it, so no company really wants to go through that they've built in, they spent millions and millions of dollars on bringing something to market, and then all of a sudden have to throw it away. And so what they're realizing is the market is demanding, it's I don't think it's just GDPR I think the market is at a place now where human people realize that surveillance capitalism and other, you know, other challenges where they feel that they don't have control over their own data anymore, or that privacy doesn't exist. These these this thought process from from people, is what is ice ice is driving the market change. And it's, it's really tipping where people won't stand for Super invasive technology anymore. So companies are shifting left, to make sure that they are building things right from, from the ground up, at least with new products, if you're a huge company can't just turn the ship around everywhere. But if you're going to be building something new, they're starting to look at, you know, what are the requirements in the design phase, looking at the build phase, you know, verifying that they have the right, you know, you know, testing the product, you know, looking at incident response, you know, all of that before, you're even looking at the data lifecycle aspect of collection, you sharing, storage, retention, deletion, all of that. I think that focusing on that means that you have fewer compliance requirements later on, you know, maybe you're architecting in a self service, you want to know, every day all the data that we collect about you, well, we're building that in, so you could then go and at any point in time, you could go look at what data we've collected about you or process about you. You know, so I'm seeing companies do that. But I think I think that's really what we mean. When we say when we talk about shifting left is dealing with the product earlier on or it doesn't even have to be product, you know, dealing with something within your organization early on in the design phase architecting, for privacy, I mean, this is why I'm like a huge fan of, of distributed ledger technology and other infrastructure that's being innovated on right now is that if you get it right at the lower levels, and are then able to build on top of that, in this case with DLT, would be decentralized applications. You know, but if you build that into the governance and the the underlying, you know, base level technology, and then you know, anything that's pulled up from that already kind of inherits the security and privacy of the layer below it. And so, you know, it's this layering in a thoughtful way that can actually save millions and millions of dollars down the road, rather than adding on a box of privacy or just get a tool that does, you know, X, you just don't create the problem in the first place. And that's where I see a lot of companies wanting to go. I say, we still have a long way before companies are actually doing that on the whole, but the really innovative ones are.  

Punit 31:02   
Absolutely, and I think you also have this podcast, shift left privacy. 

Debra 31:09   
Yes. Privacy left podcasts shift up and shifting privacy 

Punit 31:13   
Left Podcast. So tell us about it in a minute or two. What is it all about? Yeah 

Debra 31:18   
shifting privacy left is really about kind of bringing some of this exciting new methodologies, whether it's privacy engineering, I had Lori Craner, on who runs the scilab at Carnegie Mellon and the master's program for privacy engineering at Carnegie Mellon. So she really unpacked privacy engineering. On a recent episode, we've talked about, you know, new ways of doing some biometrics or approaches to the metaverse and, you know, so I'm really shifting privacy left is sponsored by provato. That does code scanning, you know, technology and making sure you're shipping privacy, enabling code. And, you know, really, their mission is to shift left to So the whole point of the podcast is to bring on guests and have great conversations around how they're shifting left. So we look at privacy Tech, we look at privacy engineering, we kind of look at some of the problems that are out there, and how do you threat model for them? So it's really two, it's the difference, I would say, between your podcast and, and some of the others and shifting privacy left would be that our main focus is to really talk about a privacy tech to privacy to engineers. So my the base that I'm building, and the audience I'm building is technologists, engineers, researchers, you know, cuz, because they've been telling me that there's just where do I go to learn more, right? There's like one or two books out there, there's the data privacy from Nishant Pajara, you've got Michelle identities written the privacy engineers manifesto. I mean, there's some really good books out there. Besides the books, there aren't that many forum forums for people to come together and really talk technical at the technical level. So while I have plenty of people who listen who are not technologists, I constantly remind myself that as I'm, you know, creating the, you know, figuring out who I want on my show, or what I want them to talk about, I really want them to get into the technical level, and unpack that more technological, you know, innovation and how they're bringing innovation to market or how they're dealing with certain challenges in the market, as opposed to, you know, more of the legal and challenges that are out there, which are, you know, there's plenty of those as well. So it's, you know, for a fun audience that's really starting to get into the weeds and, you know, push this industry forward. And we're seeing people coming from all over the place. They're not just privacy experts. Some of them are from security. Some of them are just engineers with a really good idea but they just don't know how they don't understand yet. The Privacy market and or the market for overall privacy, how to how do buyers make decisions about buying for privacy tech, right things along those lines? That's that's a lot of where I help them not as part of the podcast, but as part of principled LLC, which is my, my organization that I founded. 


Punit 34:33   
Absolutely. Thank you so much. I think it's wonderful to have this conversation around privacy tech, the work you do and everything that you're bringing to your clients. Thank you. essence of time, I would say is the one one minute message you would have for anybody listening on privacy tech, to those people, especially those who are in business. 

Debra 34:57  
Yeah, so those who are in business NIS, I would say plug into the rise of privacy tech, make sure that you're aware of what is going on for that organization. It's like this. It's a rise of privacy tech.com, we recently published a white paper. And in that white paper, we define the privacy tech space. And we even come up with the rise of privacy Tech, we called troped, the troped privacy tech stack landscape. And in that you get a visual picture of like the b2b landscape, the b2c landscape and even the b2b to see landscape currently, as it's shaping up for privacy tech. And so I think, right now, I think it's the most comprehensive document that on privacy tech out there, and we really only talk about companies that the that troped has assessed and actually had a real live privacy tech buyer user, you know, we hired them to go and and evaluate the tech make sure it's not just marketing bells and whistles, and that it's actually doing certain things that it claims to do. So these are vetted. It's not just a list of companies, and we have that in, you know, a visual way that you can kind of consume this information to understand what's b2b, what's on the left side, or the right side of the tech stack, pre production post production kind of thing. And I think that's it, you know, we put a lot of effort into that. And I think it'd be super helpful for businesses. It's the whole reason we wrote it was because we saw that the investors in privacy tech didn't really understand the space, you know, like that their their thesis was very wrong, like, oh, it's either, you know, big ID and I don't know, you know, maybe another company, the two of those companies alone, pretty much, you know, that's privacy Tech, we don't need anymore. And it's like, that's a really myopic kind of view of privacy. And so our goal was to educate investors, educate buyers, educate, even the founders themselves. And so this will help the founders with their marketing and how they pitch themselves. So hopefully, they don't go and all sound the same again. Right. And then, you know, I think it helps to define what is privacy adjacent versus, you know, maybe like AI, for instance, versus privacy tech proper. And I think, you know, it's it really is helpful for defining the market, defining. Yeah. 

Punit 37:33   
So in essence of time, I would say thank you so much for sharing your thoughts, sharing your input on privacy, tech, my pleasure, all the best with you and your podcast and the work that you're doing. Thank you so much.

Debra 37:46
   
Thank you. Well, it was a pleasure to be here today. And, you know, just glad to have the opportunity to talk with your audience and educate them on my little slice of the world. It's a pleasure.

ABOUT THE GUEST 

Debra J. Farber is a globally-recognized Privacy, Security and Ethical Tech Advisor and CEO of Principled LLC. She has 17+ years of privacy & security leadership experience in the tech sector, including at Amazon, AWS, BigID, Visa, TrustArc, IBM, & American Express. Debra serves on several tech Advisory Boards, such as The Rise of Privacy Tech, D-ID, Privacy Request, and Sibly, among others. As a Consultant, Debra guides privacy-1st tech companies on: product-market fit; go-to-market strategy; effectively selling to the CPO, DPO, CISO, & CDO; privacy-by-design & default strategies; and product marketing messaging. As an Angel investor, Debra invests in disruptive business models and privacy-1st technology. Debra thrives when she pours her passionate energy into building ethical ecosystems and communities. She also has her own podcast, called ‘Shifting Privacy Left’: www.shiftingprivacyleft.com

ABOUT THE HOST 

Punit Bhatia is one of the leading privacy experts, who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentor and coach privacy professionals. Punit is the author of books “Be Ready for GDPR” which was rated as the best GDPR Book, “AI & Privacy – How To Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts. As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one’s value to have joy in life. He has developed the philosophy named ‘ABC for joy of life’ which passionately shares. Punit is based out of Belgium, the heart of Europe.  

RESOURCES 

Podcast www.fit4privacy.com/podcast 
Blog www.fit4privacy.com/blog 
YouTube Channel youtube.com/fit4privacy 
Email [email protected]  

The Rise of Privacy Tech: Defining the Privacy Tech Landscape Whitepaper:
www.riseofprivacytech.com/definingprivacytechwhitepaper2021

Listen to the top ranked EU GDPR based privacy podcast...

Stay connected with the views of leading data privacy professionals and business leaders in today's world on a broad range of topics like setting global privacy programs for private sector companies, role of Data Protection Officer (DPO), EU Representative role, Data Protection Impact Assessments (DPIA), Records of Processing Activity (ROPA), security of personal information, data security, personal security, privacy and security overlaps, prevention of personal data breaches, reporting a data breach, securing data transfers, privacy shield invalidation, new Standard Contractual Clauses (SCCs), guidelines from European Commission and other bodies like European Data Protection Board (EDPB), implementing regulations and laws (like EU General Data Protection Regulation or GDPR, California's Consumer Privacy Act or CCPA, Canada's Personal Information Protection and Electronic Documents Act or PIPEDA, China's Personal Information Protection Law or PIPL, India's Personal Data Protection Bill or PDPB), different types of solutions, even new laws and legal framework(s) to comply with a privacy law and much more.
Created with