1 00:00:00,000 --> 00:00:02,300 If you think about the scale of data, we think about the 2 00:00:02,300 --> 00:00:04,400 diversity of human beings across the world. 3 00:00:04,600 --> 00:00:06,800 No two people are going to think about privacy the same. 4 00:00:06,800 --> 00:00:09,600 So how do you as a company factor in the first part of 5 00:00:09,600 --> 00:00:11,300 respect? And the second part of scale and 6 00:00:11,300 --> 00:00:13,600 governance and maturity? That is for me privacy. 7 00:00:13,700 --> 00:00:16,400 Making sure that people aren't surprised - that people aren't 8 00:00:16,400 --> 00:00:18,500 disrespected. Your business is handled 9 00:00:18,500 --> 00:00:21,200 courteously and professionally. So privacy is about handling 10 00:00:21,200 --> 00:00:24,100 data in a way that builds for both compliance, and Trust 11 00:00:24,400 --> 00:00:31,700 maturity and transparency. Hey everyone. 12 00:00:32,200 --> 00:00:34,100 My name is Henry Surya, we Robin. 13 00:00:35,800 --> 00:00:38,600 And you're listening to the technology, you know, podcast 14 00:00:39,000 --> 00:00:41,400 the show where I'll be bringing you the greatest technical 15 00:00:41,400 --> 00:00:45,200 leaders practitioners and thought leaders in the industry 16 00:00:45,600 --> 00:00:49,900 to discuss about their Journey ideas and practices that we all 17 00:00:49,900 --> 00:00:53,500 can learn and apply to build a highly performing technical team 18 00:00:54,000 --> 00:00:56,400 and to make an impact in your personal work. 19 00:00:56,800 --> 00:01:04,500 So let's dive into our Journal. Hey everyone. 20 00:01:04,599 --> 00:01:07,600 Welcome back to the technology. You know, podcast the podcast 21 00:01:07,600 --> 00:01:09,500 where you can learn about technical leadership and 22 00:01:09,500 --> 00:01:11,800 Excellence from my conversations, with great 23 00:01:11,800 --> 00:01:13,600 thought leaders in the tech industry. 24 00:01:14,000 --> 00:01:16,900 If you haven't, please follow the show on your podcast app and 25 00:01:16,900 --> 00:01:19,800 social media on LinkedIn. Twitter and Instagram. 26 00:01:20,200 --> 00:01:22,200 And to appreciate and support my work. 27 00:01:22,200 --> 00:01:25,700 Subscribe as a patron at technology, not Dev slash Patron 28 00:01:26,100 --> 00:01:27,700 or buy me a coffee at technology. 29 00:01:27,700 --> 00:01:29,300 No deaths. Last tip. 30 00:01:30,400 --> 00:01:34,400 My guess what today's episode is Nissan badge area, Nissan is 31 00:01:34,400 --> 00:01:38,400 cyber security and data privacy executive and the author of data 32 00:01:38,400 --> 00:01:42,600 privacy, a run book for engineers in this episode. 33 00:01:42,700 --> 00:01:45,800 We discussed the importance of data, privacy, and privacy, 34 00:01:45,800 --> 00:01:50,000 engineering, Nashawn described his definition of data privacy, 35 00:01:50,200 --> 00:01:53,800 and why it is becoming a key concern for users companies and 36 00:01:53,800 --> 00:01:56,600 Regulators. He explained why doing data 37 00:01:56,600 --> 00:01:59,800 privacy is hard and how companies can build a privacy 38 00:01:59,800 --> 00:02:02,900 fence As culture Niche. And also, covered are the data 39 00:02:02,900 --> 00:02:06,700 privacy topics, including data classification, data sharing 40 00:02:06,900 --> 00:02:10,500 data, content and data privacy applied to machine learning. 41 00:02:11,300 --> 00:02:14,100 I hope you enjoy listening to this episode and learning a lot 42 00:02:14,100 --> 00:02:16,900 from it, as much as I learned from this conversation. 43 00:02:17,300 --> 00:02:20,000 And if you do, please share this with your colleagues, your 44 00:02:20,000 --> 00:02:22,900 friends, and your communities, and also leave a five star 45 00:02:22,900 --> 00:02:26,000 rating and review on Apple podcast and Spotify. 46 00:02:26,300 --> 00:02:29,000 It will help me a lot in getting more people, discover this 47 00:02:29,000 --> 00:02:31,400 podcast. Let's go to the conversation 48 00:02:31,400 --> 00:02:34,700 with me Sean after hearing a few words from our sponsors. 49 00:02:35,400 --> 00:02:37,300 Are you looking for a new cool swag? 50 00:02:37,600 --> 00:02:40,200 Pacolet Journal. Now offers you some swags that 51 00:02:40,200 --> 00:02:44,000 you can purchase online? These wax are printed on demand 52 00:02:44,000 --> 00:02:47,400 based on your preference and will be delivered safely to you 53 00:02:47,500 --> 00:02:50,000 all over the world. We're shipping is available. 54 00:02:50,400 --> 00:02:53,000 Check out all the cool tracks available by visiting 55 00:02:53,000 --> 00:02:56,400 technology, you know that, death / shop and don't forget to break 56 00:02:56,400 --> 00:02:58,600 yourself. Once you receive any of those 57 00:02:58,600 --> 00:03:03,200 wrecks, Hello everyone. Welcome back to another new 58 00:03:03,200 --> 00:03:05,500 episode of the technology on our podcast today. 59 00:03:05,500 --> 00:03:09,600 I have with me an author of a book titled data privacy. 60 00:03:09,800 --> 00:03:12,500 It is actually quite an interesting topic because we 61 00:03:12,500 --> 00:03:15,300 will be covering a lot about. What is data privacy is the 62 00:03:15,300 --> 00:03:17,500 fasting. And what we can do from the 63 00:03:17,500 --> 00:03:20,500 engineering team from the product, TEAM stands in order to 64 00:03:20,500 --> 00:03:24,400 protect our users data. So nice on Bulgaria is here with 65 00:03:24,400 --> 00:03:26,900 me, and I'm really looking forward for this conversation. 66 00:03:27,000 --> 00:03:28,300 Hi Nation. Hello. 67 00:03:28,300 --> 00:03:30,500 Thank you. In the Beginning, I would like 68 00:03:30,500 --> 00:03:33,400 to ask you maybe if you can share your career Journey, may 69 00:03:33,400 --> 00:03:36,200 be sharing about your highlights or turning points with audience 70 00:03:36,200 --> 00:03:37,900 so that they can hear from your story. 71 00:03:38,500 --> 00:03:39,900 Yeah. Thank you for having me here. 72 00:03:39,900 --> 00:03:42,300 I appreciate the opportunity to talk about the book and my 73 00:03:42,300 --> 00:03:45,100 career Journey here. So, I am one of those people 74 00:03:45,100 --> 00:03:46,900 that did not quite fit into one lane. 75 00:03:46,900 --> 00:03:49,900 When you work for companies anywhere in the US or anywhere 76 00:03:49,900 --> 00:03:52,000 else in the world. For that matter, they think of 77 00:03:52,000 --> 00:03:54,800 you in terms of your skill, set your ladder, so accounting, 78 00:03:55,100 --> 00:03:57,700 engineering, non-engineering legal, Etc. 79 00:03:57,900 --> 00:04:00,700 I'm one of those people that likes to In multiple rounds at 80 00:04:00,700 --> 00:04:03,800 the same time because companies become large and vast the 81 00:04:03,800 --> 00:04:06,200 opportunities exist where people don't see them before. 82 00:04:06,200 --> 00:04:09,500 So I career Journey began as an engineer working for Intel that 83 00:04:09,500 --> 00:04:12,700 was my first job after graduate school and then I made a switch 84 00:04:12,700 --> 00:04:16,000 in the late 2008, 2009 time, frame away from interval will be 85 00:04:16,000 --> 00:04:19,100 from semiconductor development to healthcare at the time. 86 00:04:19,100 --> 00:04:21,500 It felt like a pretty unwise move because I was leaving an 87 00:04:21,507 --> 00:04:23,700 extremely secure job in the middle of what was going to 88 00:04:23,707 --> 00:04:25,600 become a pretty deep economic recession. 89 00:04:26,000 --> 00:04:28,500 And in the short term, it did feel that way cause I had to go 90 00:04:28,500 --> 00:04:30,500 through some instability or a lot of new learning. 91 00:04:30,700 --> 00:04:33,000 But then I learned a lot about health care about product 92 00:04:33,000 --> 00:04:35,100 management about security about compliance about. 93 00:04:35,100 --> 00:04:38,100 How do you do things that represent the entire spectrum of 94 00:04:38,100 --> 00:04:40,900 the company rather than just working on the one area that I 95 00:04:40,907 --> 00:04:43,900 would have done it until so that diversification enable me to, 96 00:04:43,900 --> 00:04:46,600 then gradually make the pivot to product management, program 97 00:04:46,600 --> 00:04:49,600 management, run big teams, big organizations, really massive 98 00:04:49,600 --> 00:04:52,300 cross-functional initiatives and then over time, that became a 99 00:04:52,300 --> 00:04:55,500 full-on segue into a more detailed security privacy 100 00:04:55,500 --> 00:04:57,900 engineering. So essentially helping protect 101 00:04:57,900 --> 00:04:59,500 the company from a business compliance. 102 00:04:59,700 --> 00:05:02,400 Active on the one side, while leveraging data to deliver 103 00:05:02,400 --> 00:05:04,800 features to customers without hurting the privacy and 104 00:05:04,800 --> 00:05:06,800 security. So, essentially, I was able to 105 00:05:06,800 --> 00:05:09,200 represent the interest of the business from a commercial, and 106 00:05:09,200 --> 00:05:12,300 risk perspective on the one side while building for trust in 107 00:05:12,300 --> 00:05:14,800 compliance or the other side, you have to remember as you rise 108 00:05:14,800 --> 00:05:17,200 in the company, you are multiple customers, your internal 109 00:05:17,300 --> 00:05:19,500 stakeholders our customers, but they need external. 110 00:05:19,500 --> 00:05:21,700 Customers are also your customers as well, but then 111 00:05:21,700 --> 00:05:24,400 people in the press in the media and the regulatory circles, they 112 00:05:24,400 --> 00:05:26,000 also represent your customer base. 113 00:05:26,200 --> 00:05:28,700 So how do you support multiple people at the same time? 114 00:05:28,700 --> 00:05:30,600 And I love this game. Oh, I love the challenge. 115 00:05:30,600 --> 00:05:33,500 I love understanding whether it's a product or a problem from 116 00:05:33,500 --> 00:05:36,700 multiple perspectives, so my career Journey, basically spans, 117 00:05:37,000 --> 00:05:39,500 not just different skill sets different companies, but also 118 00:05:39,500 --> 00:05:42,200 different levels of detail and different levels of strategic, 119 00:05:42,200 --> 00:05:45,000 Focus across the company and across the sector as a whole. 120 00:05:45,700 --> 00:05:48,300 Thanks for sharing your story and maybe the story about your 121 00:05:48,300 --> 00:05:51,300 book tour, you started your journey in security and privacy 122 00:05:51,300 --> 00:05:53,300 engineering maybe in this Healthcare Company. 123 00:05:53,300 --> 00:05:55,400 How did you come about writing the book? 124 00:05:55,400 --> 00:05:57,200 What kind of problems did you see back then? 125 00:05:57,200 --> 00:05:59,500 And why did you decide to write the book? 126 00:06:00,200 --> 00:06:02,600 So this is the question where people normally have an 127 00:06:02,600 --> 00:06:04,600 inspiring story when it comes to the book. 128 00:06:05,000 --> 00:06:06,900 I don't have one, I wrote the book because it was the 129 00:06:06,900 --> 00:06:09,800 beginning of the covid pandemic and I didn't have anything 130 00:06:09,800 --> 00:06:11,900 better to do. I couldn't bake bread to save my 131 00:06:11,900 --> 00:06:13,100 life. So, rather than turning the 132 00:06:13,100 --> 00:06:15,800 house into an hour and like, setting it on fire, I thought, 133 00:06:15,800 --> 00:06:19,400 writing a book would be risk-free Venture and I never 134 00:06:19,400 --> 00:06:22,400 anticipated the book to do. Well, I never anticipated that I 135 00:06:22,400 --> 00:06:24,400 would finish the book for one thing because I had never 136 00:06:24,400 --> 00:06:26,500 written one before. In fact, I had not even written 137 00:06:26,500 --> 00:06:29,400 a proposal before, and the publisher told me most books. 138 00:06:29,600 --> 00:06:32,100 End up being abandoned even if they're started on by an author 139 00:06:32,100 --> 00:06:33,900 who has one or two books behind their name. 140 00:06:34,200 --> 00:06:36,800 In my case, I didn't have any experience running a book. 141 00:06:36,800 --> 00:06:39,700 I had caught a lot of privacy security and career management 142 00:06:39,700 --> 00:06:41,300 courses on LinkedIn learning before. 143 00:06:41,600 --> 00:06:45,400 But having a to our course is one thing writing, a book is 144 00:06:45,400 --> 00:06:48,300 something totally different. So I wanted to say, do some 145 00:06:48,300 --> 00:06:51,300 research, make some connections and take a first stab at writing 146 00:06:51,300 --> 00:06:53,100 a book thinking that maybe the next time around. 147 00:06:53,100 --> 00:06:55,600 I'll be a lot more prepared. But once I started writing the 148 00:06:55,600 --> 00:06:57,800 book, once I started working with the editing team in London, 149 00:06:57,800 --> 00:07:00,700 once I started getting feedback from Even read individual 150 00:07:00,700 --> 00:07:03,100 chapters of the book. I realized how far I had to go 151 00:07:03,100 --> 00:07:05,300 in terms of being able to articulate My Views in a way 152 00:07:05,300 --> 00:07:08,200 that people understood, but I also realized I had a lot of 153 00:07:08,200 --> 00:07:10,900 experience, I have learned a lot of things both good and bad 154 00:07:11,000 --> 00:07:13,900 throughout my own career and there was a real opportunity to 155 00:07:13,900 --> 00:07:16,500 add something to the popular knowledge about security and 156 00:07:16,500 --> 00:07:18,500 privacy. How do you build stuff that's 157 00:07:18,500 --> 00:07:20,600 going to force people to work together in a way that people 158 00:07:20,600 --> 00:07:23,200 typically didn't people tend to be within their silos there. 159 00:07:23,200 --> 00:07:24,500 Okay. Ours their metrics, their 160 00:07:24,500 --> 00:07:25,800 products, their commitments, right. 161 00:07:26,000 --> 00:07:28,600 How do you build something that is not for one product? 162 00:07:28,600 --> 00:07:31,200 But for the entire class, Form. How do you build stuff that is 163 00:07:31,200 --> 00:07:33,500 not reactive from a risk perspective, but proactive from 164 00:07:33,500 --> 00:07:36,700 an innovation perspective. So all I had to do is figure out 165 00:07:36,700 --> 00:07:38,800 how to leverage the lessons of my career. 166 00:07:38,800 --> 00:07:42,900 Over a lifetime into a 350-page book in my case, 380 page book, 167 00:07:42,900 --> 00:07:44,600 that would benefit everybody at the same time. 168 00:07:45,000 --> 00:07:47,400 So it began as sort of let me do something fun. 169 00:07:47,400 --> 00:07:50,000 In the middle of this extremely challenging pandemic and it 170 00:07:50,000 --> 00:07:51,600 became something a lot more inspirational. 171 00:07:51,800 --> 00:07:54,900 The funny thing Henry is that this whole journey began, not 172 00:07:54,900 --> 00:07:56,600 with the book for me. What with LinkedIn learning and 173 00:07:56,600 --> 00:07:58,600 teaching. My first course on privacy, I 174 00:07:58,600 --> 00:08:01,100 was in the middle of Like leaving one job and joining. 175 00:08:01,100 --> 00:08:04,400 Another one, when I happen to be on LinkedIn one morning and I 176 00:08:04,407 --> 00:08:06,700 saw somebody from LinkedIn learning post a comment on 177 00:08:06,700 --> 00:08:09,000 somebody else's war and say, hey, what teaching this course 178 00:08:09,000 --> 00:08:11,200 on privacy, but we don't have anybody to teach it yet. 179 00:08:11,200 --> 00:08:13,400 Like we're thinking about this course, we have approval to put 180 00:08:13,400 --> 00:08:16,500 this course out there and the person from LinkedIn and left 181 00:08:16,500 --> 00:08:18,300 this comment on the wall of high profile C. 182 00:08:18,300 --> 00:08:21,300 So in Silicon Valley and they had not responded yet the sea. 183 00:08:21,300 --> 00:08:23,900 So I hadn't responded yet. So I contacted this person on 184 00:08:23,900 --> 00:08:26,000 LinkedIn learning and said, hey, if this person doesn't respond, 185 00:08:26,000 --> 00:08:27,900 can you bring me? Because I'm interested and I had 186 00:08:27,900 --> 00:08:29,400 no shame. I had no reluctance to be 187 00:08:29,500 --> 00:08:31,400 Desperate because you know, you only live one time. 188 00:08:31,400 --> 00:08:33,900 You have to sort of take your chances and as it turned out 189 00:08:33,900 --> 00:08:36,100 that person didn't respond and I got the course. 190 00:08:36,500 --> 00:08:39,600 And that course, did very well in led to three other courses 191 00:08:39,799 --> 00:08:42,400 and those three courses and their feedback by Learners on 192 00:08:42,400 --> 00:08:44,500 LinkedIn learning made Manning Publications. 193 00:08:44,500 --> 00:08:46,400 Catch me in there, like with this guy, must know to do 194 00:08:46,400 --> 00:08:48,300 something. So I took initiative the first 195 00:08:48,300 --> 00:08:51,300 time that led to courses that led to the book and that led to 196 00:08:51,500 --> 00:08:53,500 a lot of interesting opportunities including this 197 00:08:53,500 --> 00:08:55,400 podcast. So the lesson here is if you 198 00:08:55,400 --> 00:08:58,700 want to be a leader in the trust security and compliance faced 199 00:08:58,700 --> 00:09:01,500 you have to take Chances you have to write your own book in a 200 00:09:01,500 --> 00:09:03,700 manner of speaking, because there is no handbook. 201 00:09:03,700 --> 00:09:06,300 There is no course that teaches you how to catch these 202 00:09:06,300 --> 00:09:07,400 opportunities and make a difference. 203 00:09:07,800 --> 00:09:09,900 The second thing is there is a lot of people with the same 204 00:09:09,900 --> 00:09:12,300 questions that are a lot of people struggling with 205 00:09:12,300 --> 00:09:14,400 questions, I had seven, eight, nine years ago because the book 206 00:09:14,400 --> 00:09:17,100 didn't exist, my wondered. I wish somebody had a book or 207 00:09:17,100 --> 00:09:18,600 some Google resource that I could. 208 00:09:18,600 --> 00:09:21,000 Learn from turned out. I didn't have that benefit but 209 00:09:21,000 --> 00:09:23,600 the LinkedIn learning courses. The podcast, I do the book I 210 00:09:23,600 --> 00:09:26,500 have done, hopefully, serve as a resource for the next Nishant 211 00:09:26,500 --> 00:09:28,900 who's going to hopefully do even much better than me because 212 00:09:28,900 --> 00:09:31,800 sometimes you ask questions, sometimes you ask and answer 213 00:09:31,800 --> 00:09:34,300 those questions and I chose to do the ladder pal. 214 00:09:34,300 --> 00:09:35,700 Thank you for sharing your story. 215 00:09:35,700 --> 00:09:38,200 I think that's a very good message for the listeners here, 216 00:09:38,200 --> 00:09:39,900 right? So sometimes we have to create 217 00:09:39,900 --> 00:09:43,100 our own opportunity, not to say that we wait for opportunity to 218 00:09:43,100 --> 00:09:46,400 come being offered to us and we do so, I think that's a really 219 00:09:46,400 --> 00:09:49,200 good thing and you started from the LinkedIn course. 220 00:09:49,200 --> 00:09:52,600 Which I think many people would also have done creating courses 221 00:09:52,600 --> 00:09:55,100 and things like that, which I think I find very interesting 222 00:09:55,100 --> 00:09:58,600 because not everyone has the confidence right being 223 00:09:58,600 --> 00:10:01,200 comfortable. Writing courses by themselves 224 00:10:01,400 --> 00:10:03,300 and Publishing it. So, I think thanks for sharing 225 00:10:03,300 --> 00:10:04,900 this story. Welcome to Alaska. 226 00:10:05,000 --> 00:10:06,700 Can I just make one more point about the courses? 227 00:10:07,100 --> 00:10:08,400 Yeah, sure. Let's go. 228 00:10:08,500 --> 00:10:10,600 LinkedIn learning as an excellent program for that, and 229 00:10:10,600 --> 00:10:13,800 they help you build out the table of contents, the courses, 230 00:10:13,900 --> 00:10:15,400 the scripts. It's interesting. 231 00:10:15,400 --> 00:10:17,600 Like, when you teach these courses, you have to, 232 00:10:17,600 --> 00:10:19,000 essentially combine three things. 233 00:10:19,000 --> 00:10:21,500 You have to combine sort of the actual course, material itself, 234 00:10:21,500 --> 00:10:24,000 the domain. If you talk about security or AI 235 00:10:24,000 --> 00:10:26,700 or Career Development, whatever that happens to be, you have to 236 00:10:26,700 --> 00:10:29,200 have your core content. Because unless you do that, 237 00:10:29,200 --> 00:10:30,800 there's no point in the course being there. 238 00:10:31,000 --> 00:10:32,600 The second thing is, you need to have a narrative. 239 00:10:32,600 --> 00:10:34,600 You cannot just throw instructions that people go to 240 00:10:34,700 --> 00:10:36,900 when we were kids, we have fond memories of our childhood 241 00:10:36,900 --> 00:10:39,100 because we remember our teachers, our parents 242 00:10:39,200 --> 00:10:40,700 grandparents, counselors, whatever. 243 00:10:40,700 --> 00:10:43,800 Teaching us the stories because human beings fix it around 244 00:10:43,800 --> 00:10:45,200 stories. Like, Richard Nixon. 245 00:10:45,200 --> 00:10:47,800 Former president said that you campaign in poetry, you govern 246 00:10:47,800 --> 00:10:50,400 in prose or most of us live, our daily lives on Pros, like we 247 00:10:50,400 --> 00:10:53,200 have to get our job done, pay our bills, wake up in the 248 00:10:53,200 --> 00:10:55,500 morning for her arms, show up to meetings on time, there's a lot 249 00:10:55,500 --> 00:10:58,600 of Pros, but you really think of your favorite moments as the 250 00:10:58,600 --> 00:11:01,300 ones that having fun, You know, the first time somebody gave you 251 00:11:01,300 --> 00:11:03,600 a promotion, the first time somebody listened to your idea. 252 00:11:03,700 --> 00:11:05,600 The first time you made a mistake and learn from it. 253 00:11:05,600 --> 00:11:08,100 So the second thing I'll say when it comes to these LinkedIn 254 00:11:08,100 --> 00:11:10,600 learning courses have a narrative, like people whooping 255 00:11:10,600 --> 00:11:12,500 me for compliments. Tell me that they remember the 256 00:11:12,500 --> 00:11:15,400 stories, my life experiences things that are did well, things 257 00:11:15,400 --> 00:11:16,900 that I didn't do well. So that's number two. 258 00:11:17,300 --> 00:11:19,500 The third thing is the ability to promote these stories. 259 00:11:19,500 --> 00:11:21,300 Be able to help people who have taught this course. 260 00:11:21,300 --> 00:11:23,800 Here's who I am not, here's what I've learned from the process. 261 00:11:23,800 --> 00:11:26,300 So have the core competencies covered. 262 00:11:26,400 --> 00:11:28,800 Tell the stories and be ready to sort of really promote your 263 00:11:28,800 --> 00:11:30,200 work. Otherwise, As there's so much 264 00:11:30,200 --> 00:11:32,400 content out there that people won't catch it building. 265 00:11:32,400 --> 00:11:34,900 The course itself was a learning experience in that, leveraged 266 00:11:34,900 --> 00:11:37,100 everything I learned in college, including in the classroom, 267 00:11:37,100 --> 00:11:38,900 outside the classroom in the debate team Etc. 268 00:11:39,100 --> 00:11:41,400 So I would urge people to think of privacy and security through 269 00:11:41,400 --> 00:11:43,500 that route because it's one thing for people to say, I 270 00:11:43,500 --> 00:11:45,100 believe in security, I believe in privacy. 271 00:11:45,100 --> 00:11:46,400 First principles, do the right thing. 272 00:11:46,400 --> 00:11:49,400 Everybody says that, but how do you tell the stories, how do you 273 00:11:49,400 --> 00:11:50,900 build the course material? How do you come up with the 274 00:11:50,908 --> 00:11:52,300 dashboards? How do you build the products? 275 00:11:52,300 --> 00:11:54,400 How do you convince people that give you a chance, right? 276 00:11:54,500 --> 00:11:56,200 All those things are very important as well. 277 00:11:57,000 --> 00:11:59,200 Thank you for that tip so I think that's a really very 278 00:11:59,200 --> 00:12:00,300 important. The right to build, the 279 00:12:00,300 --> 00:12:04,500 narratives, not just splitting theories and points to share 280 00:12:04,500 --> 00:12:06,800 with the people to I think building your own narrative, 281 00:12:06,800 --> 00:12:09,000 sharing your stories, I think it's very powerful. 282 00:12:09,200 --> 00:12:11,800 And also, especially if you can be vulnerable and share your 283 00:12:11,800 --> 00:12:13,800 not. So successful stories, I believe 284 00:12:13,900 --> 00:12:16,600 so that people can relate and actually find that it is 285 00:12:16,600 --> 00:12:18,900 actually relevant to them. Right here them all the time. 286 00:12:18,900 --> 00:12:21,300 I'm going to be very generous with my mistakes so that you can 287 00:12:21,300 --> 00:12:23,900 make new mistakes of your own rather than what I have made. 288 00:12:24,100 --> 00:12:26,000 So then I can learn from your mistakes other than just 289 00:12:26,000 --> 00:12:28,200 learning from my own. So I think there is a lot of 290 00:12:28,200 --> 00:12:30,200 value in telling people. About your mistakes. 291 00:12:30,200 --> 00:12:32,800 Because for every 10 people in Silicon Valley who pretended, 292 00:12:32,800 --> 00:12:35,000 they know what they're talking about, there are like 100 out 293 00:12:35,000 --> 00:12:37,600 there who are afraid to ask the right question because they are 294 00:12:37,600 --> 00:12:40,300 concerned, that they will not look as smart as the people 295 00:12:40,300 --> 00:12:42,000 think they are. So this imposter syndrome is 296 00:12:42,000 --> 00:12:44,900 real, but these fields like, security and privacy are putting 297 00:12:44,900 --> 00:12:46,700 brand new. Like, a lot of what we know 298 00:12:46,700 --> 00:12:50,100 today was in known 10 years ago. The idea of having open IDs 299 00:12:50,100 --> 00:12:52,700 wasn't as big ten years ago. Global internet was not as 300 00:12:52,700 --> 00:12:55,500 penetrative as it is right now. In fact, even the smartphone is 301 00:12:55,500 --> 00:12:57,400 something that happened in a sequence, right? 302 00:12:57,400 --> 00:12:59,300 Like Blackberry tried it first, I remember h. 303 00:12:59,500 --> 00:13:02,100 P released the aipac. So Innovation happens in Peaks 304 00:13:02,100 --> 00:13:04,100 and valleys. So it's important for you to be 305 00:13:04,100 --> 00:13:07,300 honest with yourself and with others because you may look 306 00:13:07,300 --> 00:13:10,000 stupid initially, but I feel in the long sweep of History, you 307 00:13:10,000 --> 00:13:13,300 will benefit people a lot more if you can be very comprehensive 308 00:13:13,300 --> 00:13:14,800 about your mistakes and your successes. 309 00:13:15,000 --> 00:13:17,700 Obviously, when you work for big companies, like I often, do you 310 00:13:17,700 --> 00:13:19,700 have to work with your comms team to make sure that you don't 311 00:13:19,700 --> 00:13:22,000 end up revealing something that is IP or trade secret or 312 00:13:22,000 --> 00:13:24,900 whatever, but I feel like there is a lot of value in telling 313 00:13:24,900 --> 00:13:27,100 those stories and learning and helping others learn, as well. 314 00:13:27,900 --> 00:13:28,900 Right. I hope, one day. 315 00:13:28,900 --> 00:13:31,400 I could also do the same, you know, publish my own course, 316 00:13:31,400 --> 00:13:34,500 telling my stories and let people learn from it and I don't 317 00:13:34,500 --> 00:13:36,500 want them to this podcast, you can get on LinkedIn and maybe 318 00:13:36,500 --> 00:13:37,900 there's somebody else thinking obvious. 319 00:13:37,900 --> 00:13:40,500 And you can intrude like iron and say if this person doesn't 320 00:13:40,500 --> 00:13:42,500 respond, give me the course that find work. 321 00:13:43,100 --> 00:13:45,600 So Nation are the topics of data privacy itself. 322 00:13:45,600 --> 00:13:48,700 I find is pretty rare to find good resources about it. 323 00:13:48,700 --> 00:13:52,000 So when I see your book, right? I think it's pretty, maybe it's 324 00:13:52,000 --> 00:13:55,000 one of the thing that I just bumped into but actually, the 325 00:13:55,000 --> 00:13:57,100 topic is pretty hot. These days when people talk 326 00:13:57,100 --> 00:14:00,900 about the Data people talk about like GDP are in the Europe here 327 00:14:00,900 --> 00:14:02,700 in Singapore. We also have something similar 328 00:14:02,700 --> 00:14:07,300 called pdpa and also users have becoming more aware that data. 329 00:14:07,300 --> 00:14:10,700 Privacy is a key thing for them. And I think when I see your 330 00:14:10,700 --> 00:14:12,100 book, I find it very interesting. 331 00:14:12,100 --> 00:14:15,200 And the first thing that I would ask you is actually to Define. 332 00:14:15,400 --> 00:14:18,400 What is this data privacy? And there's an equivalent 333 00:14:18,400 --> 00:14:20,300 privacy engineering associated with it. 334 00:14:20,300 --> 00:14:23,100 Maybe if you can describe what those are, that will be great. 335 00:14:23,600 --> 00:14:26,700 Yeah, so privacy does not have a definition per se. 336 00:14:26,800 --> 00:14:29,800 That is you Actually accepted. So I think of it as two 337 00:14:29,800 --> 00:14:31,900 different definitions and hopefully, we can overlap the 338 00:14:31,900 --> 00:14:33,900 two over the course of this conversation. 339 00:14:34,100 --> 00:14:36,700 So, from a user perspective, from a customer's perspective, I 340 00:14:36,708 --> 00:14:39,100 like to think about people, like my parents, my siblings, my 341 00:14:39,100 --> 00:14:41,700 grandparents, my spouse, her dad for them. 342 00:14:41,700 --> 00:14:45,000 Privacy is about being treated with respect like being able to 343 00:14:45,000 --> 00:14:48,000 make informed decisions with their own data and not be caught 344 00:14:48,000 --> 00:14:49,500 by surprise. Like this should not be an 345 00:14:49,508 --> 00:14:52,600 example where somebody intentionally willfully or 346 00:14:52,600 --> 00:14:55,100 continuously and carelessly did something with your data that 347 00:14:55,100 --> 00:14:58,100 you would not have wanted to, or in other words, I shouldn't do 348 00:14:58,100 --> 00:15:00,000 something with somebody else's data that I wouldn't want 349 00:15:00,000 --> 00:15:03,700 somebody else to do with mine. So there's a very human visceral 350 00:15:03,700 --> 00:15:06,100 definition. That may not be quantifiable but 351 00:15:06,100 --> 00:15:07,800 something that is easily understandable, right? 352 00:15:07,800 --> 00:15:09,900 That's the first definition. The second thing I would say for 353 00:15:09,900 --> 00:15:12,900 privacy is as a company as an institution, as a government. 354 00:15:12,900 --> 00:15:15,400 You want to make sure that you use somebody's data in a way 355 00:15:15,400 --> 00:15:17,200 that is respectful, that is transparent. 356 00:15:17,200 --> 00:15:20,000 That is compliant, that is continuously improved. 357 00:15:20,000 --> 00:15:22,700 If you think about the scale of data, if you think about the 358 00:15:22,700 --> 00:15:25,000 nature of human engagement, we think about the diversity of 359 00:15:25,000 --> 00:15:28,000 human beings across the world. No two people have Think about 360 00:15:28,000 --> 00:15:30,400 privacy the same. So how do you as a company 361 00:15:30,500 --> 00:15:32,000 factor in the first part of respect? 362 00:15:32,000 --> 00:15:34,200 And the second part of scale and governance and maturity? 363 00:15:34,200 --> 00:15:36,800 That is for me privacy. Making sure that people aren't 364 00:15:36,800 --> 00:15:40,000 surprised - that people aren't disrespected your businesses 365 00:15:40,000 --> 00:15:41,700 handle courteously and professionally. 366 00:15:41,900 --> 00:15:44,300 So privacy is about handling data in a way that builds for 367 00:15:44,300 --> 00:15:47,900 both compliance and Trust maturity and transparency, 368 00:15:48,500 --> 00:15:49,900 right? Thanks for really great, 369 00:15:49,900 --> 00:15:52,700 definition or so, the few key things that I picked up is about 370 00:15:52,700 --> 00:15:54,700 trust. It's about treating, our users 371 00:15:54,700 --> 00:15:57,700 with respect, right? And also treating others like 372 00:15:57,700 --> 00:16:00,000 what you want to be treated, I guess, right? 373 00:16:00,000 --> 00:16:02,500 So if you don't want your data to be shared, maybe don't do 374 00:16:02,500 --> 00:16:05,400 that, but with people as well. I think in the past I don't know 375 00:16:05,400 --> 00:16:09,700 maybe the last five or ten years or so people start to share 376 00:16:09,700 --> 00:16:11,800 their data on the internet more and more, right? 377 00:16:11,800 --> 00:16:15,400 Maybe with the introductions of new websites new applications, 378 00:16:15,500 --> 00:16:18,600 people start to share more data and in the last few years or so 379 00:16:18,600 --> 00:16:21,500 we can see so many data breaches in the news, right. 380 00:16:21,600 --> 00:16:23,900 And there are also people who are becoming more concerned 381 00:16:23,900 --> 00:16:25,900 about it. Maybe if you can summarize all 382 00:16:25,900 --> 00:16:29,400 these what are actually the Incense from the company's point 383 00:16:29,400 --> 00:16:31,900 of view, and also, from the users point of view, why they 384 00:16:31,900 --> 00:16:35,100 should think a lot more about data privacy these days. 385 00:16:35,800 --> 00:16:38,500 So I think I'll start with something a lot more high level 386 00:16:38,500 --> 00:16:40,600 and then going to Horn in on the very specific example. 387 00:16:40,900 --> 00:16:43,300 So what has happened in the last 10? 388 00:16:43,300 --> 00:16:46,300 13 years is pretty significant because multiple forces have 389 00:16:46,300 --> 00:16:48,700 colluded together to change our world in ways that often makes 390 00:16:48,700 --> 00:16:50,900 it hard to recognize the world we live in compared to where we 391 00:16:50,900 --> 00:16:54,300 were like just a generation ago. We had an expansion of internet 392 00:16:54,300 --> 00:16:57,300 access unlike any time before in human history we had a switch 393 00:16:57,500 --> 00:17:01,100 From Pure laptop, desktop functions to mobile devices. 394 00:17:01,400 --> 00:17:03,500 We had the explosion of global ID. 395 00:17:03,500 --> 00:17:06,000 So in the past where you have to create a username password, 396 00:17:06,000 --> 00:17:08,500 every single time you can authenticate using your Google 397 00:17:08,500 --> 00:17:11,800 ID or a bunch of other IDs, you had the ability to build 398 00:17:11,800 --> 00:17:15,099 platforms to help provide people capabilities or to provide other 399 00:17:15,099 --> 00:17:17,900 people capabilities to select stuff to customers at scale. 400 00:17:18,200 --> 00:17:21,200 Now, in the past, you had major changes happen in small 401 00:17:21,200 --> 00:17:23,700 increments so you had Intel switch from memory to 402 00:17:23,700 --> 00:17:25,200 processing, which is a pretty big shift. 403 00:17:25,200 --> 00:17:27,400 For it's time. We had this amazing Tech bubble. 404 00:17:27,599 --> 00:17:31,100 In the late 1990s but that was an example of innovation in 405 00:17:31,100 --> 00:17:34,000 search of actual utilization. You had people building amazing 406 00:17:34,000 --> 00:17:36,600 stuff but there was no market for it but in the last 10 years 407 00:17:36,600 --> 00:17:39,400 we had several changes of that scale happen at the same time 408 00:17:39,600 --> 00:17:41,900 and I don't think we have fully understood how much Humanity has 409 00:17:41,900 --> 00:17:43,100 changed. Because in the last ten years, a 410 00:17:43,108 --> 00:17:45,100 bunch of other things. I've also changed that for 411 00:17:45,100 --> 00:17:48,500 misinformation abuse of trust power consolidation in the tech 412 00:17:48,500 --> 00:17:50,600 sector. We've also seen examples of 413 00:17:50,600 --> 00:17:53,400 unstable democracies essentially teetering on the brink people 414 00:17:53,400 --> 00:17:54,900 saying stuff. That is factually not true. 415 00:17:55,000 --> 00:17:57,600 So because all of these things that have happened at the Same 416 00:17:57,600 --> 00:18:00,200 time, it is very hard to scale. Anything on measure things that 417 00:18:00,200 --> 00:18:02,400 are meaningful fashion. So we have examples of people 418 00:18:02,400 --> 00:18:04,600 Behaving Badly of people behaving carelessly and 419 00:18:04,600 --> 00:18:07,800 sometimes both at the same time as a result of which I can say, 420 00:18:07,800 --> 00:18:10,700 we live in a world where our computational processing power, 421 00:18:10,700 --> 00:18:12,500 far exceeds our model processing power. 422 00:18:12,700 --> 00:18:15,400 So the ability to measure change, the ability to balance 423 00:18:15,400 --> 00:18:19,000 Innovation and personalization on the one side with competition 424 00:18:19,000 --> 00:18:20,800 and compliance on the other is very hard to do. 425 00:18:21,000 --> 00:18:23,300 So I feel like companies need to worry about this because you 426 00:18:23,300 --> 00:18:25,900 could have things happen to you in a way that you cannot fully 427 00:18:25,900 --> 00:18:28,900 predict at a time and place. Is not of your choosing and 428 00:18:28,900 --> 00:18:31,200 whether you are a company that's collecting the data and building 429 00:18:31,200 --> 00:18:33,800 the products on the one side or your customer, who wants 430 00:18:33,800 --> 00:18:35,800 privacy. But also low latency. 431 00:18:35,800 --> 00:18:38,600 At the same time, you have a bunch of things, bunch of 432 00:18:38,600 --> 00:18:41,100 expectations, and a bunch of actions that are collectively 433 00:18:41,100 --> 00:18:43,200 incompatible with each other. And yet somehow, we have to 434 00:18:43,200 --> 00:18:44,600 figure out how to make sense of this world. 435 00:18:44,600 --> 00:18:47,500 We live in because everybody wants everything all the time. 436 00:18:47,800 --> 00:18:50,400 So that's the challenge. Your, how do you catch these 437 00:18:50,400 --> 00:18:51,900 things before something bad happens? 438 00:18:51,900 --> 00:18:53,100 How do you build the right tools? 439 00:18:53,100 --> 00:18:54,300 How do you build the right products? 440 00:18:54,600 --> 00:18:56,000 How do you course-correct before things? 441 00:18:56,000 --> 00:18:57,300 Go badly? How do you? 442 00:18:57,400 --> 00:19:00,100 You offer training and compliance at the same time, the 443 00:19:00,100 --> 00:19:02,900 lack of understanding in the lack of scaling and the lack of 444 00:19:02,900 --> 00:19:05,000 ability to undo things is the Big Challenge. 445 00:19:05,000 --> 00:19:08,700 So, my advice to companies tends to be, you should get things 446 00:19:08,700 --> 00:19:10,800 done correctly before you go too far down the path. 447 00:19:10,800 --> 00:19:13,100 I remember, we're in my undergraduate college days, one 448 00:19:13,100 --> 00:19:15,000 of our computer science professor, she had a sign 449 00:19:15,000 --> 00:19:18,100 outside her door saying days, and days of P, bugging saved you 450 00:19:18,100 --> 00:19:20,600 hours and hours of planning, or hours, and hours of testing. 451 00:19:20,800 --> 00:19:23,800 And I think that analogy is an operative even more. 452 00:19:23,800 --> 00:19:26,800 Today, especially considering the volume of data, the scale of 453 00:19:26,800 --> 00:19:30,700 data, The prophecy of bad actors and the sheer complexity of the 454 00:19:30,700 --> 00:19:34,000 regulations and the TxTag we operated and how about from the 455 00:19:34,000 --> 00:19:36,900 user site. So what would be your summary of 456 00:19:36,900 --> 00:19:39,400 the concerns that people should think about now from the users 457 00:19:39,400 --> 00:19:43,600 perspective about data privacy? I remember this was in 2003, I 458 00:19:43,600 --> 00:19:47,500 was an RA in college dorm and I remember this was the first time 459 00:19:47,500 --> 00:19:50,500 people had something akin to an online photo Journal that was 460 00:19:50,700 --> 00:19:53,400 hosted by the University's intranet and as an RA you are 461 00:19:53,400 --> 00:19:55,600 not allow to drink. In fact, I remember correctly. 462 00:19:55,700 --> 00:19:57,300 Nobody was allowed to drink in the college. 463 00:19:57,400 --> 00:20:01,000 Or and this guy thought it was a good idea to have an open bottle 464 00:20:01,000 --> 00:20:04,300 of alcohol, but like this guy was not 21 and allow himself to 465 00:20:04,300 --> 00:20:07,000 be photographed with that bottle and let somebody upload that 466 00:20:07,000 --> 00:20:09,600 photograph in our newsletter. He lost his job the next day, 467 00:20:09,900 --> 00:20:13,400 but there are so many of us who may have done not me obviously 468 00:20:13,400 --> 00:20:16,000 cuz I'm smart that way. But so many of us that have done 469 00:20:16,000 --> 00:20:18,600 things that may not be great from today's perspective but 470 00:20:18,600 --> 00:20:20,600 there is no online record of it, right? 471 00:20:20,900 --> 00:20:23,600 That was the first example that what do you do in a confined? 472 00:20:23,600 --> 00:20:25,300 Space may not remain private for too long. 473 00:20:25,600 --> 00:20:28,500 So I feel like that's the lesson here from a Respect to, right? 474 00:20:28,600 --> 00:20:30,900 How do you make Intelligent Decisions with your data? 475 00:20:31,100 --> 00:20:34,000 But the challenges, unlike somebody holding a beer bottle 476 00:20:34,000 --> 00:20:36,600 in their teens. The complexity now is like, you 477 00:20:36,600 --> 00:20:39,300 may end up doing saying something online that may come 478 00:20:39,300 --> 00:20:42,600 back to haunt you or you may want things like when you open 479 00:20:42,600 --> 00:20:44,300 the Netflix app, for example, how would you like it? 480 00:20:44,300 --> 00:20:47,200 If the app takes 10 minutes to load, do you want to go on 481 00:20:47,200 --> 00:20:49,200 Netflix online and you want to find something within the first 482 00:20:49,200 --> 00:20:51,200 10 15 seconds? So you can get on with it and 483 00:20:51,200 --> 00:20:53,200 get on with your evening. So you can fix and chill right 484 00:20:53,400 --> 00:20:56,200 with the customers is the same thing as the incompatibility of 485 00:20:56,200 --> 00:20:58,600 expectations. Around privacy and security on 486 00:20:58,600 --> 00:21:01,400 the one side and expectations around quick, performance of 487 00:21:01,400 --> 00:21:02,800 your service ended up on the other side, right? 488 00:21:02,800 --> 00:21:05,200 That's the Challenger and the other aspect is a lot of 489 00:21:05,200 --> 00:21:06,800 customers. Don't fully understand how the 490 00:21:06,800 --> 00:21:10,300 internet works, how online services get funded, because the 491 00:21:10,300 --> 00:21:12,700 domain has grown really quickly. And I think the tech sector has 492 00:21:12,700 --> 00:21:14,400 to do a much better job of telling people. 493 00:21:14,400 --> 00:21:16,600 Hey, here's how we make the internet work. 494 00:21:16,600 --> 00:21:20,300 Here's how your data gets used, so the lack of patience, the 495 00:21:20,400 --> 00:21:22,600 abundance of complexity. Collectively means it's very 496 00:21:22,600 --> 00:21:25,500 hard for customers often to make an informed decision and 497 00:21:25,500 --> 00:21:28,000 everything moves really quickly. There are too many In the pie, 498 00:21:28,000 --> 00:21:29,800 too many people in the kitchen at the same time. 499 00:21:30,300 --> 00:21:33,900 And also the regulatory State. The tools that are being built 500 00:21:33,900 --> 00:21:36,100 to protect the customers at the government level and the company 501 00:21:36,100 --> 00:21:38,500 level, don't fully appreciate the complexity and the volume of 502 00:21:38,500 --> 00:21:40,200 data. So everybody is moving very 503 00:21:40,200 --> 00:21:43,000 fast, the volumes of data, and the number of transactions are 504 00:21:43,000 --> 00:21:44,900 going pretty fast. And as a result customers cannot 505 00:21:44,900 --> 00:21:48,900 always make informed decisions. Like how many of us read forget 506 00:21:48,900 --> 00:21:50,800 online for a second? When you get a new credit card, 507 00:21:50,800 --> 00:21:53,600 you get the credit card, bill in the mail and alongside the 508 00:21:53,600 --> 00:21:56,200 building at ten pages of small print, which is the governance 509 00:21:56,200 --> 00:21:59,000 in terms and conditions. How many people really read that 510 00:21:59,000 --> 00:22:01,500 stuff, right? The level of clarity, the level 511 00:22:01,500 --> 00:22:03,500 of understanding and the implications, and the gap 512 00:22:03,500 --> 00:22:06,300 between the two is, I think the big challenge for customers to 513 00:22:06,300 --> 00:22:08,900 reconcile right now. And you mentioned about 514 00:22:08,900 --> 00:22:11,300 regulations, right? I think I also feel that the 515 00:22:11,308 --> 00:22:15,700 regulations came up pretty late to take some actions before all 516 00:22:15,700 --> 00:22:18,200 these things become a messy kind of situations. 517 00:22:18,500 --> 00:22:21,200 I myself. Don't have familiarity with all 518 00:22:21,200 --> 00:22:23,600 these data, privacy, rules, regulations, and things like 519 00:22:23,600 --> 00:22:25,700 that. Maybe if you can also share. 520 00:22:25,800 --> 00:22:28,600 What are some of the things? Concrete things that some 521 00:22:28,600 --> 00:22:32,100 countries have done in terms of protecting their citizens, their 522 00:22:32,100 --> 00:22:36,500 users for data, privacy related. So I know one thing gdpr but are 523 00:22:36,508 --> 00:22:39,400 there other countries that are at the Forefront of all these 524 00:22:39,400 --> 00:22:42,500 things? So I would force me qualify my 525 00:22:42,500 --> 00:22:44,600 answer by saying that when it comes to regulation, there are 526 00:22:44,600 --> 00:22:46,800 two perspectives. The one is let's come up with 527 00:22:46,800 --> 00:22:49,700 something quick to address the most pressing issue in the land. 528 00:22:49,900 --> 00:22:52,000 But the second perspective, which is something the policy 529 00:22:52,000 --> 00:22:54,900 folks that I work with, in the past, have educated me on, is 530 00:22:54,900 --> 00:22:57,200 the fact that you only get loose so much. 531 00:22:57,300 --> 00:22:58,900 The system. And if you look at the US 532 00:22:58,900 --> 00:23:02,000 government system, you have a House of Representatives 435 533 00:23:02,000 --> 00:23:04,700 members, you need a majority of 218 to pass something. 534 00:23:04,900 --> 00:23:07,100 And then you have the cell in which is the second half of the 535 00:23:07,100 --> 00:23:09,600 legislative branch of government, you have a body of 536 00:23:09,600 --> 00:23:11,900 hundred Senators to pour straight 50 states, 100 537 00:23:11,900 --> 00:23:15,000 senators, and you need 51 votes to pass something, but you need 538 00:23:15,000 --> 00:23:17,900 60 in essence to pass anything to make sure that something 539 00:23:17,900 --> 00:23:20,800 could actually get to the threshold by 51 votes can be to 540 00:23:20,800 --> 00:23:22,600 passage. And then you have the executive 541 00:23:22,600 --> 00:23:25,000 that is a president who may or may not sign it and then you 542 00:23:25,000 --> 00:23:27,500 have the Judiciary, which is multiple courts across The 543 00:23:27,500 --> 00:23:30,300 country leading up to the Supreme Court, essentially that 544 00:23:30,300 --> 00:23:32,500 decides whether the law is constitutional or not. 545 00:23:32,500 --> 00:23:34,800 The system is very complex. To what regular is want to do is 546 00:23:34,800 --> 00:23:37,800 pass something in an Omnibus fashion that covers as many use 547 00:23:37,800 --> 00:23:40,300 cases, as possible because the idea that you can pass something 548 00:23:40,300 --> 00:23:42,700 once and then pass something a second time, and a third time is 549 00:23:42,700 --> 00:23:45,400 not always viable because you have multiple bodies to 550 00:23:45,400 --> 00:23:47,600 convince, right? So if you look at sort of tax 551 00:23:47,600 --> 00:23:50,100 law, it only gets past once a generation typically. 552 00:23:50,500 --> 00:23:53,400 I think the last immigration law that was passed of any 553 00:23:53,400 --> 00:23:56,000 consequence was in the 60s, if I remember correctly. 554 00:23:56,300 --> 00:23:58,800 So, you have this. This extremely complex judicial 555 00:23:58,800 --> 00:24:01,500 system that has to pass and then enforce regulations and it's 556 00:24:01,500 --> 00:24:03,400 very hard to do. So that is when you say that, it 557 00:24:03,400 --> 00:24:05,800 took a long time. It's because the systems that 558 00:24:05,800 --> 00:24:08,400 are required to work together to pass, regulations are extremely 559 00:24:08,400 --> 00:24:09,500 complex. That's number one. 560 00:24:09,800 --> 00:24:12,900 Second thing and says, a lot of the people who build complex 561 00:24:12,900 --> 00:24:15,500 Technical Systems in the people who pass regulations are living 562 00:24:15,500 --> 00:24:18,200 in very different universes. The people who pass these laws 563 00:24:18,200 --> 00:24:20,400 tend to be policymakers attorneys, who don't always 564 00:24:20,400 --> 00:24:22,600 understand technology. And the people who build these 565 00:24:22,600 --> 00:24:25,000 tools collect, this data are often Engineers who are 566 00:24:25,000 --> 00:24:27,200 understand the world of policy. So the gap. 567 00:24:27,400 --> 00:24:29,600 Between the doors and the builders on the one side and the 568 00:24:29,600 --> 00:24:31,200 enforcers. On the other side is a 569 00:24:31,208 --> 00:24:33,100 challenge. Now that may not have been such 570 00:24:33,100 --> 00:24:36,100 a big deal. 2015 years ago. When, as I mentioned before 571 00:24:36,100 --> 00:24:38,300 cloud computing didn't exist. Global IDs didn't exist. 572 00:24:38,300 --> 00:24:39,800 Mobile Computing was not a big deal. 573 00:24:40,000 --> 00:24:42,800 It may not be have been a big deal at the time but now with 574 00:24:42,800 --> 00:24:44,900 the volume of data with the number of good actors in Bad 575 00:24:44,900 --> 00:24:47,500 actors, the amount of innovation taking place it's extremely 576 00:24:47,500 --> 00:24:50,100 challenging. So I think it is very easy to 577 00:24:50,100 --> 00:24:52,600 criticize the fact that the governments of the world have 578 00:24:52,600 --> 00:24:55,900 not move fast enough but I feel like the challenges do you move 579 00:24:55,900 --> 00:24:57,200 too fast and break something or do? 580 00:24:57,300 --> 00:24:59,100 You move too slow and come late to the party. 581 00:24:59,100 --> 00:25:00,900 There's a bit of a bad choice on both sides, right? 582 00:25:00,900 --> 00:25:03,500 Nobody wants to be the person that over-promised and 583 00:25:03,500 --> 00:25:05,300 under-delivered. The other thing I would say is 584 00:25:05,400 --> 00:25:08,700 no country in the world wants to be responsible for passing laws. 585 00:25:08,700 --> 00:25:10,800 That stymie. Their own local Tech sector 586 00:25:10,900 --> 00:25:13,400 while allowing companies in a different country and unfair 587 00:25:13,400 --> 00:25:15,800 Advantage. So there is the antitrust aspect 588 00:25:15,800 --> 00:25:19,100 to it as well and I would say gdpr is a good start CPR is a 589 00:25:19,100 --> 00:25:21,200 good start. The iso standard that I was part 590 00:25:21,200 --> 00:25:24,200 of when I was at Google back in the days it was a good start but 591 00:25:24,200 --> 00:25:27,200 I feel like we're going to have to rethink the idea of how to 592 00:25:27,400 --> 00:25:29,500 Pass regulation. In this case, one of the reasons 593 00:25:29,500 --> 00:25:32,500 I wrote the book was hoping that I can have the attorneys, the 594 00:25:32,508 --> 00:25:34,900 policy people on the one side and the engineer's product 595 00:25:34,900 --> 00:25:37,600 manager on the other side, come together to sort of, really 596 00:25:37,600 --> 00:25:39,700 think about regulation. In a meaningful fashion, not 597 00:25:39,700 --> 00:25:42,800 pass regulation necessarily, but tell the regulatory state that, 598 00:25:42,800 --> 00:25:45,000 hey, we were able to work internally in the company. 599 00:25:45,100 --> 00:25:47,800 And here's how we think regulations can be better and I 600 00:25:47,800 --> 00:25:50,300 want the regulatory state to read the book and say, hey now, 601 00:25:50,300 --> 00:25:52,200 we have an engineering perspective because the name of 602 00:25:52,200 --> 00:25:54,800 the book is data, privacy or unbook for engineers. 603 00:25:55,000 --> 00:25:57,100 I want these folks to work with each other and say. 604 00:25:57,300 --> 00:25:59,600 Hey, here's what the next tab. The next year if you are should 605 00:25:59,600 --> 00:26:01,900 look like because I want engineers and on Engineers to 606 00:26:01,900 --> 00:26:04,900 work together in the company to meet their current obligations 607 00:26:05,100 --> 00:26:08,100 and use that Corporation. Use those learnings to 608 00:26:08,100 --> 00:26:10,100 contribute to the next generation of regulations. 609 00:26:10,300 --> 00:26:12,800 Which will in turn improve the next generation of innovation 610 00:26:12,900 --> 00:26:16,100 and make that virtuous circle happen, without distress without 611 00:26:16,100 --> 00:26:19,500 talking past each other, right? So, I think that's a pretty good 612 00:26:19,500 --> 00:26:22,000 objective rights out to have people build more awareness, 613 00:26:22,000 --> 00:26:24,800 including the government side. So, you mentioned this book is 614 00:26:24,800 --> 00:26:27,800 targeted for engineers in the first place, and I feel A lot of 615 00:26:27,800 --> 00:26:30,400 companies product companies, especially when they built 616 00:26:30,400 --> 00:26:32,900 product, they may not start thinking about data privacy 617 00:26:32,900 --> 00:26:34,400 first. I don't know whether maybe some 618 00:26:34,400 --> 00:26:37,200 companies are doing that, but a lot of times, they actually 619 00:26:37,200 --> 00:26:39,600 focus on the features, the functional requirements. 620 00:26:39,600 --> 00:26:42,600 So to speak of what the product would do, in your book, actually 621 00:26:42,600 --> 00:26:46,100 in the first few chapters, you mentioned that data privacy is 622 00:26:46,100 --> 00:26:48,600 something that is hard to do, right? 623 00:26:48,600 --> 00:26:51,300 So for people to start and you start the book by saying data 624 00:26:51,300 --> 00:26:53,600 privacy, is that maybe you can explain a little bit. 625 00:26:53,600 --> 00:26:57,200 What is the complexity required to start working on privacy? 626 00:26:57,300 --> 00:26:59,500 Engineering. So, even though the book is 627 00:26:59,500 --> 00:27:02,400 primarily targeted towards engineer Henry, I think the book 628 00:27:02,400 --> 00:27:04,400 is aimed at a lot more people than just Engineers. 629 00:27:04,600 --> 00:27:07,100 So I think of the book as three different books fuse together, 630 00:27:07,300 --> 00:27:10,000 the first one third of the book is aimed at engineer's attorneys 631 00:27:10,000 --> 00:27:13,300 policymakers together to understand set context are a 632 00:27:13,308 --> 00:27:16,300 common vocabulary and have a common sort of shared set of 633 00:27:16,300 --> 00:27:18,500 facts to start with the middle one. 634 00:27:18,500 --> 00:27:20,900 Third is aim primarily Engineers to build the tools in the 635 00:27:20,900 --> 00:27:24,300 systems and some examples from a privacy security perspective. 636 00:27:24,500 --> 00:27:28,200 The last 1/3 is aimed at policymakers Is and Senior 637 00:27:28,200 --> 00:27:30,300 Engineers because then you want to build things at scale. 638 00:27:30,300 --> 00:27:32,400 Think about maturity. Think about, how do you build 639 00:27:32,400 --> 00:27:34,600 for trust? How do you think about reusing 640 00:27:34,600 --> 00:27:36,000 tools? How do you make privacy 641 00:27:36,000 --> 00:27:37,500 efficient? Which is sort of a big topic 642 00:27:37,500 --> 00:27:39,700 these days about how do you use resources efficiently. 643 00:27:40,200 --> 00:27:42,700 So, I think, even though the book is aimed at Engineers, it 644 00:27:42,700 --> 00:27:45,300 is aimed at a much bigger Universe because I think the end 645 00:27:45,300 --> 00:27:48,700 goal of the book is threefold. First is build better Engineers 646 00:27:48,700 --> 00:27:52,000 who can focus on, not just depth, but breath close, the gap 647 00:27:52,000 --> 00:27:54,300 between the ngos and the non-engineers, and the third is 648 00:27:54,300 --> 00:27:57,100 to set the conversation on how we need to do this. 649 00:27:57,200 --> 00:28:00,400 These things not just because privacy security are the right 650 00:28:00,400 --> 00:28:02,600 thing to do, but because it's good for business, it's good for 651 00:28:02,600 --> 00:28:05,300 National Security, it's good for the company's bottom line. 652 00:28:05,500 --> 00:28:08,300 So if you can make those three things happen at the same time, 653 00:28:08,500 --> 00:28:11,700 build better Engineers, bring people together, and make sure 654 00:28:11,700 --> 00:28:14,000 that good privacy and security are seen as good business. 655 00:28:14,300 --> 00:28:16,500 Then this will become not a problem, but something that 656 00:28:16,500 --> 00:28:19,000 people see as an opportunity right now. 657 00:28:19,000 --> 00:28:22,000 So, the other thing that I asked us, now, how do we get started 658 00:28:22,000 --> 00:28:24,300 right for most companies? I would say that they may not 659 00:28:24,300 --> 00:28:26,800 know the challenge. The kind of complexity that they 660 00:28:26,800 --> 00:28:29,200 have to With whenever they think about data, privacy, and 661 00:28:29,200 --> 00:28:30,900 privacy, engineering, so to speak. 662 00:28:31,000 --> 00:28:34,000 So maybe if you can elaborate a little bit more, like why data 663 00:28:34,000 --> 00:28:37,200 privacy could be hard for engineers or product companies 664 00:28:37,200 --> 00:28:40,000 to start thinking about, I would like to quote, another 665 00:28:40,000 --> 00:28:41,700 president. I quoted President Nixon once 666 00:28:41,700 --> 00:28:43,200 and quote, President Kennedy who said that? 667 00:28:43,200 --> 00:28:45,700 The best time to fix the roof is, when the sun is shining, the 668 00:28:45,700 --> 00:28:48,700 reason privacy is hard, is because people buy really big 669 00:28:48,700 --> 00:28:50,200 house. They want to make sure it looks 670 00:28:50,200 --> 00:28:52,600 really nice on the outside. They buy amazing expensive, 671 00:28:52,600 --> 00:28:56,000 furniture kitchen cabinets, with granite Etc, but they forget to 672 00:28:56,000 --> 00:28:57,900 fix the roof. And it's not a big deal because 673 00:28:57,900 --> 00:29:00,100 they moved in the summer because that's when most people move 674 00:29:00,100 --> 00:29:01,700 because it's break from school, right? 675 00:29:01,700 --> 00:29:04,200 And then the rain comes in the winter, the snow falls down. 676 00:29:04,200 --> 00:29:06,700 And then you realize the fact that you didn't have a good roof 677 00:29:06,700 --> 00:29:09,100 means that your home is not flooded perhaps, he's kind of 678 00:29:09,100 --> 00:29:11,500 like, having that flooded house because you didn't fix your roof 679 00:29:11,500 --> 00:29:12,800 in time. That's challenge. 680 00:29:12,800 --> 00:29:14,400 You're right? So, that is why it's hard. 681 00:29:14,400 --> 00:29:17,100 Cause by the time you focus on privacy, your home is flooded. 682 00:29:17,100 --> 00:29:19,200 The street is full of Snows. The people who want to fix the 683 00:29:19,200 --> 00:29:21,500 roof can get your house in time, and as a result, the flood water 684 00:29:21,500 --> 00:29:23,400 keeps Rising. So privacy is hard because 685 00:29:23,400 --> 00:29:25,800 people start to late quite frankly because people don't 686 00:29:25,800 --> 00:29:28,600 understand that privacy and Already risks are not something 687 00:29:28,600 --> 00:29:30,300 you happen to come upon in one day. 688 00:29:30,600 --> 00:29:34,000 It is the combination of risks. You have built over time, bad 689 00:29:34,000 --> 00:29:36,600 decisions, you made good decisions, you didn't make 690 00:29:36,600 --> 00:29:39,500 things, you delayed things, you knew or a problem, but you chose 691 00:29:39,500 --> 00:29:42,000 to look the other way. So it is a combination of a lot 692 00:29:42,000 --> 00:29:44,700 of different risks and I think people sometimes feel like 693 00:29:44,700 --> 00:29:46,400 fixing privacy is all about hiring. 694 00:29:46,400 --> 00:29:48,900 Somebody like me or buying my book but that's like saying that 695 00:29:48,900 --> 00:29:51,700 you can eat badly or day all year and then on the first of 696 00:29:51,700 --> 00:29:53,700 the year, you will pass on Year's resolution you jump on 697 00:29:53,700 --> 00:29:56,100 the treadmill for 10 minutes and then wonder why you didn't lose 698 00:29:56,100 --> 00:29:57,900 the 40 pounds you gained Over the right. 699 00:29:57,900 --> 00:30:00,900 Sometimes it's about cumulating risk over a long period of time 700 00:30:00,900 --> 00:30:03,500 and then trying to do a quick fix that will not fix the issue 701 00:30:03,500 --> 00:30:03,900 at hand. Right? 702 00:30:03,900 --> 00:30:06,200 So that's why privacy is our the good thing is that there are 703 00:30:06,200 --> 00:30:08,600 things you can do incrementally, you can make the argument that 704 00:30:08,600 --> 00:30:10,600 collecting only. What you need is not just a 705 00:30:10,600 --> 00:30:13,600 privacy imperative, it sound business, like you don't buy 706 00:30:13,600 --> 00:30:16,000 food that you'll never eat. You don't buy a car that you 707 00:30:16,000 --> 00:30:18,000 will never drive. Why would you ship something 708 00:30:18,000 --> 00:30:19,800 that you'll never use? Why would you collect data that 709 00:30:19,800 --> 00:30:21,900 you wouldn't use? Why would you collect bad data? 710 00:30:21,900 --> 00:30:23,500 Why would you use data? That is outdated. 711 00:30:23,500 --> 00:30:27,000 So the things you do wrong from privacy perspective are also bad 712 00:30:27,000 --> 00:30:29,700 for Business perspective. So even if you don't understand 713 00:30:29,700 --> 00:30:32,400 the first thing about privacy, you should know that the things 714 00:30:32,400 --> 00:30:34,800 you fixed for privacy will also benefit some other part of your 715 00:30:34,808 --> 00:30:36,700 business. You should not be encrypting 716 00:30:36,700 --> 00:30:39,300 data that you will not be using. You should not give access to 717 00:30:39,300 --> 00:30:41,800 data for people who don't need access to that data, right? 718 00:30:41,800 --> 00:30:45,100 So if you think about privacy, not as just a regulatory 719 00:30:45,100 --> 00:30:48,300 concern, or a trust concern or a compliance concern, but as a 720 00:30:48,300 --> 00:30:51,000 business efficiency concerned, you are already off to a good 721 00:30:51,000 --> 00:30:54,400 start just as you build privacy risk over time by not thinking 722 00:30:54,400 --> 00:30:57,400 about the business efficiency aspect of things you start 723 00:30:57,400 --> 00:30:59,700 addressing privacy concerns by asking yourself. 724 00:30:59,700 --> 00:31:01,900 What can I do that? Is right from a privacy, trust 725 00:31:01,900 --> 00:31:04,300 perspective, but also read from a business perspective. 726 00:31:04,300 --> 00:31:07,100 It's so thinking of privacy and business, not as competitive 727 00:31:07,100 --> 00:31:10,000 tension issues, but as business efficiency issues is the way to 728 00:31:10,000 --> 00:31:12,400 go. I like the way that you frame, 729 00:31:12,400 --> 00:31:15,500 this privacy is also something good for the business, right? 730 00:31:15,500 --> 00:31:18,300 It's not something just to comply with regulations or 731 00:31:18,300 --> 00:31:21,100 comply with the user's needs, but actually it's also good for 732 00:31:21,100 --> 00:31:22,500 the business. Exactly. 733 00:31:22,900 --> 00:31:26,200 So in terms of the actual details about privacy or in your 734 00:31:26,200 --> 00:31:28,900 book, you mentioned, Fundamentals actually privacy is 735 00:31:28,900 --> 00:31:30,800 all about handling, the data, right? 736 00:31:30,800 --> 00:31:32,700 How do you collect the data? How do you store data, 737 00:31:32,700 --> 00:31:35,000 classifying things like that in terms of implementation? 738 00:31:35,000 --> 00:31:38,400 Maybe if you can give a little bit of explanation for engineers 739 00:31:38,500 --> 00:31:41,800 who are the listeners, hear what should be their concerns, or 740 00:31:41,800 --> 00:31:44,100 what they should think about, maybe during the design, maybe 741 00:31:44,100 --> 00:31:47,600 during implementation, and maybe during how they handle the data 742 00:31:47,600 --> 00:31:51,000 within their whole ecosystem of systems within the product 743 00:31:51,000 --> 00:31:52,900 company. So let me give you a very 744 00:31:52,900 --> 00:31:57,000 specific example here, Andre, so I think of privacy as security. 745 00:31:57,200 --> 00:31:59,600 Plus and I know people get really mad in the Privacy domain 746 00:31:59,600 --> 00:32:01,800 because we don't like it when people love busted security and 747 00:32:01,800 --> 00:32:04,000 what separate. But honestly, if you think about 748 00:32:04,000 --> 00:32:06,200 traditional security were talking about firewalls 749 00:32:06,200 --> 00:32:08,600 certificates, encryption Keys, things like that, the assumption 750 00:32:08,600 --> 00:32:10,100 is, that's all you need to protect data. 751 00:32:10,100 --> 00:32:13,100 With a problem with privacy is you have to think of security as 752 00:32:13,100 --> 00:32:14,600 privacy the. So if something is a security 753 00:32:14,600 --> 00:32:16,100 risk, it is by definition of privacy to. 754 00:32:16,100 --> 00:32:18,500 So if you in an unauthorized fashion, get into a company's 755 00:32:18,500 --> 00:32:20,900 database and you steal somebody's data, that's 756 00:32:20,900 --> 00:32:23,300 obviously a security risk and of privacy risk at the same time, 757 00:32:23,300 --> 00:32:25,700 right? But what happens if you are able 758 00:32:25,700 --> 00:32:28,400 to bypass security either? As you are an employee of the 759 00:32:28,400 --> 00:32:31,200 company or because you got into the company's domain, in a 760 00:32:31,200 --> 00:32:35,500 sneaky fashion, what happens if you get authorization to the 761 00:32:35,500 --> 00:32:37,200 data and then it gets used incorrectly. 762 00:32:37,200 --> 00:32:40,300 So, as an example, I collected your data to recommend to you 763 00:32:40,400 --> 00:32:42,800 shoes, or on amazon.com. The next thing you should 764 00:32:42,800 --> 00:32:45,000 purchase. If you want dog food, six weeks 765 00:32:45,000 --> 00:32:48,800 ago and your dog, typically needs that same food refresh 766 00:32:48,800 --> 00:32:52,000 once every six weeks, or once every eight weeks, then of the 767 00:32:52,000 --> 00:32:54,600 fourth week, it makes total sense for me to give you an ad 768 00:32:54,600 --> 00:32:56,600 saying by this. Now, that is totally legitimate 769 00:32:56,700 --> 00:32:58,300 as long. As we have consent and whatnot, 770 00:32:58,300 --> 00:33:00,100 right? But if I infer things about you 771 00:33:00,100 --> 00:33:01,600 like your race, your gender, Etc. 772 00:33:01,600 --> 00:33:03,400 That's a problem, right? So, from an engineering 773 00:33:03,400 --> 00:33:08,000 perspective, how do you think of privacy and security not just as 774 00:33:08,000 --> 00:33:11,100 infrastructure and protecting the company but about using the 775 00:33:11,100 --> 00:33:13,400 nuances of the data and protecting the customer as well? 776 00:33:13,500 --> 00:33:16,000 What happens is if you collect data that you should not have 777 00:33:16,000 --> 00:33:18,700 collected or if you collected data correctly, but now it is 778 00:33:18,700 --> 00:33:21,300 being used to do things that were not initially possible. 779 00:33:21,400 --> 00:33:23,900 So the challenge would data is data is a living breathing 780 00:33:23,900 --> 00:33:26,100 organism. If you collected my data three 781 00:33:26,100 --> 00:33:29,000 weeks ago and It was perfectly legitimate to collect that data, 782 00:33:29,000 --> 00:33:30,400 and use it for a certain purpose. 783 00:33:30,600 --> 00:33:33,400 But now, three weeks later, you also were able to obtain some 784 00:33:33,400 --> 00:33:35,800 other data about me from some other source on the internet. 785 00:33:36,100 --> 00:33:38,700 And both of those combined can tell you things about me that 786 00:33:38,700 --> 00:33:40,800 you may not have been able to infer with the first collection. 787 00:33:40,800 --> 00:33:43,900 Anyways, that's a problem because now you have 788 00:33:43,900 --> 00:33:46,600 possibilities to do stuff to me and my data that you couldn't do 789 00:33:46,608 --> 00:33:49,200 before, and I don't have the ability as a customer to know 790 00:33:49,200 --> 00:33:51,300 that. So my inside to engineer is 791 00:33:51,500 --> 00:33:55,200 continuously classify the data based on risk tag data based on 792 00:33:55,200 --> 00:33:58,300 your understanding of the risk. And S policies on an ongoing 793 00:33:58,300 --> 00:34:00,000 basis. Because if you do those things, 794 00:34:00,000 --> 00:34:02,900 then just as the data and the risk accumulates on an ongoing 795 00:34:02,900 --> 00:34:05,700 basis, your ability to understand that risk and protect 796 00:34:05,700 --> 00:34:07,800 your customer, from that risk. Also happens on an ongoing 797 00:34:07,800 --> 00:34:10,699 basis, it's a bit. Like when you let's assume you 798 00:34:10,699 --> 00:34:13,500 eat a lot or every single day like I do as long as you work 799 00:34:13,500 --> 00:34:16,100 out the next morning, there is a good chance that what you are 800 00:34:16,100 --> 00:34:18,600 accumulating in terms of calories is being burned in 801 00:34:18,600 --> 00:34:21,800 terms of your running. So just as you do everything in 802 00:34:21,800 --> 00:34:23,699 moderation and balance risk and rewards. 803 00:34:23,800 --> 00:34:26,300 If you do it in every other aspect of your life, if you have 804 00:34:26,300 --> 00:34:29,100 a big expense, And you cut back on something else. 805 00:34:29,300 --> 00:34:32,100 If you stay up all night watching a movie or something, 806 00:34:32,300 --> 00:34:33,800 you get some extra rest over the weekend. 807 00:34:34,100 --> 00:34:36,699 Life is about compensating to checks and balances, right? 808 00:34:36,699 --> 00:34:38,300 So should be privacy and security. 809 00:34:38,500 --> 00:34:41,900 So my advice to engineer is use tooling used processes, use 810 00:34:41,900 --> 00:34:44,800 cross-functional checks and balances to make sure that. 811 00:34:44,800 --> 00:34:47,900 Just as you innovate, you can also protect just as you 812 00:34:47,900 --> 00:34:50,300 collect. You can also destroy just as you 813 00:34:50,300 --> 00:34:53,000 provide surprises, your customers, you can provide them 814 00:34:53,000 --> 00:34:54,600 transparency and Trust in choices. 815 00:34:54,800 --> 00:34:57,000 It's all about making sure that there is a counterweight to 816 00:34:57,100 --> 00:34:58,600 Thing else you do on a daily basis? 817 00:34:58,800 --> 00:35:01,200 Wow, that thing that's a pretty good message, right for 818 00:35:01,200 --> 00:35:03,300 engineers here. Always be conscious trying to 819 00:35:03,300 --> 00:35:05,600 classify your data. The risks associated with the 820 00:35:05,600 --> 00:35:08,300 collection of the data and also thinking about compensating 821 00:35:08,300 --> 00:35:10,200 right? So if you collect more maybe one 822 00:35:10,200 --> 00:35:11,700 day you should think about destroying. 823 00:35:11,800 --> 00:35:15,800 So I had this one maybe advice in the past of my career, just 824 00:35:15,800 --> 00:35:18,200 collect the data, who knows? One day in the future we will 825 00:35:18,200 --> 00:35:20,300 need it, right? So I think that advice does not 826 00:35:20,300 --> 00:35:23,900 apply anymore in this data. Privacy related world and also 827 00:35:23,900 --> 00:35:27,000 one more thing is that how can we build a privacy fence? 828 00:35:27,200 --> 00:35:29,700 Culture within the company or maybe for developers. 829 00:35:29,700 --> 00:35:31,300 It's like privacy driven development. 830 00:35:31,300 --> 00:35:34,100 I don't know whether that term exists, but how can the company 831 00:35:34,100 --> 00:35:36,500 start building this culture? So that people whenever they 832 00:35:36,500 --> 00:35:39,000 work on feature, they will conduct a new product. 833 00:35:39,000 --> 00:35:41,600 They start thinking, okay, maybe we should put privacy at one of 834 00:35:41,600 --> 00:35:44,100 the Forefront of the concerns that we should think about, in 835 00:35:44,100 --> 00:35:46,500 the design, in the approval and things like that. 836 00:35:47,000 --> 00:35:48,500 So, I'm going to give you two answers. 837 00:35:48,500 --> 00:35:51,100 Your question first, is that the more strategic level and second 838 00:35:51,100 --> 00:35:54,200 is more, brass tacks examples. So I often tell people in this, 839 00:35:54,200 --> 00:35:56,100 I think it's become almost cliche for me to say this by 840 00:35:56,100 --> 00:35:59,000 now, you Would not have medicine without checking for the side 841 00:35:59,000 --> 00:36:00,400 effects. First, when you go to the 842 00:36:00,400 --> 00:36:02,600 grocery store and buy milk, you check the expiration date, 843 00:36:02,600 --> 00:36:02,900 right? All right. 844 00:36:02,900 --> 00:36:05,000 At least I do when you drive a car. 845 00:36:05,000 --> 00:36:07,100 And before you do hopefully before, although, in California, 846 00:36:07,100 --> 00:36:08,500 people don't do that and more people should. 847 00:36:08,500 --> 00:36:10,600 But this is California where nobody knows how to drive 848 00:36:10,900 --> 00:36:12,100 different topic for a different day. 849 00:36:12,300 --> 00:36:14,200 But before you turn left before you turn, right? 850 00:36:14,200 --> 00:36:16,000 You check the light and you check to make sure nobody's 851 00:36:16,000 --> 00:36:18,300 coming right in every other aspect of your life. 852 00:36:18,600 --> 00:36:21,300 Common Sense, dictates that you account for safety and your 853 00:36:21,300 --> 00:36:24,900 current, for some verification. Why on Earth would you collect 854 00:36:24,900 --> 00:36:28,900 ship cell share data without Because especially when it comes 855 00:36:28,900 --> 00:36:31,800 to real life, if you buy four dollars worth of milk and it 856 00:36:31,800 --> 00:36:33,800 turns out it's not great. You can always go back to the 857 00:36:33,800 --> 00:36:36,100 store and return it or worst case you're only out for 858 00:36:36,100 --> 00:36:38,000 dollars, you will not drink bad milk, right? 859 00:36:38,400 --> 00:36:40,300 Why would you behave in a fashion? 860 00:36:40,300 --> 00:36:43,200 That is Cavalier when it comes to large volumes of data? 861 00:36:43,300 --> 00:36:46,100 Especially since, if you make a mistake with that data, I could 862 00:36:46,100 --> 00:36:48,400 affect somebody's life, it could lead to a big fine for your 863 00:36:48,400 --> 00:36:49,700 business. It could lead to a consent 864 00:36:49,700 --> 00:36:51,400 decree. It could lead to roadmaps being 865 00:36:51,400 --> 00:36:54,400 permanently affected, right? So, just common sense from a 866 00:36:54,408 --> 00:36:56,500 business perspective, dictates you should ever become zero 867 00:36:56,500 --> 00:36:58,300 privacy. But the second thing is as I 868 00:36:58,308 --> 00:37:00,700 mentioned before when you build the tooling and the processes to 869 00:37:00,700 --> 00:37:03,600 protect privacy, you are also building tooling and processes 870 00:37:03,600 --> 00:37:06,200 to protect your business. If you collect data that you 871 00:37:06,200 --> 00:37:08,600 should not collect. Anyways, then when it comes to 872 00:37:08,600 --> 00:37:11,400 discovering their data and if you want to reuse the data for 873 00:37:11,400 --> 00:37:14,000 the wrong purposes, you will then have to spend a lot of time 874 00:37:14,000 --> 00:37:15,600 to understand. Okay, what did we do with it? 875 00:37:15,800 --> 00:37:17,500 How did this happen? How should we prepare in the 876 00:37:17,500 --> 00:37:18,800 future? And that is time. 877 00:37:18,800 --> 00:37:20,700 When you could have spent building the next product that 878 00:37:20,700 --> 00:37:23,500 will get you a ton of Engagement and revenue so, privacy 879 00:37:23,500 --> 00:37:26,200 mistakes, I will not only surprise you at the time of not 880 00:37:26,200 --> 00:37:29,100 your choosing But it will affect your ability to make money and 881 00:37:29,100 --> 00:37:30,700 build stuff that will help your company succeed. 882 00:37:30,800 --> 00:37:32,600 So having the right tools to check for privacy. 883 00:37:32,600 --> 00:37:35,600 Risks is extremely critical companies have invested in tools 884 00:37:35,600 --> 00:37:38,500 to make sure that you can block any code releases that will 885 00:37:38,500 --> 00:37:40,400 break your build. They will make sure that you 886 00:37:40,408 --> 00:37:43,000 don't release something on a Friday night before the weekend, 887 00:37:43,600 --> 00:37:46,200 if you work for a retail company, I bet you there are 888 00:37:46,200 --> 00:37:48,200 checks and balances to make sure that you don't release something 889 00:37:48,200 --> 00:37:50,100 the day before, Christmas, right? 890 00:37:50,300 --> 00:37:53,300 So my sense is building the tooling for the right privacy, 891 00:37:53,500 --> 00:37:55,600 honestly could help you build those other tools to protect 892 00:37:55,600 --> 00:37:58,000 your business right? Because This comes once a year 893 00:37:58,100 --> 00:38:00,700 so you want to be careful of that release when it comes to 894 00:38:00,700 --> 00:38:02,700 bad privacy risks. There is no such thing as 895 00:38:02,700 --> 00:38:05,000 Christmas or New Year's everyday, could be Friday night, 896 00:38:05,000 --> 00:38:06,200 right? So you want to make sure that 897 00:38:06,200 --> 00:38:08,500 you build the right tools to protect yourself and the 898 00:38:08,500 --> 00:38:10,500 company. So there is the Strategic 899 00:38:10,500 --> 00:38:12,900 business reason to protect privacy at all times. 900 00:38:13,000 --> 00:38:16,100 But there is also the ability to protect your roadmap, your own 901 00:38:16,100 --> 00:38:18,200 performance, your own bonus, your own release Cycles, you 902 00:38:18,200 --> 00:38:20,500 don't metrics. So whether you see from the do 903 00:38:20,500 --> 00:38:22,800 the right thing, business perspective, are you look at the 904 00:38:22,800 --> 00:38:24,700 right perspective from a business self-preservation 905 00:38:24,700 --> 00:38:26,600 perspective, you want to build a cultural privacy? 906 00:38:26,600 --> 00:38:28,900 It's The right tools, the right processes that I'd wear 907 00:38:28,900 --> 00:38:31,900 verification and fundamentally. I'm not talking about something 908 00:38:31,900 --> 00:38:33,900 that's rocket science. Everything I've talked about if 909 00:38:33,900 --> 00:38:37,100 privacy and gdpr didn't exist as topics people would still do 910 00:38:37,100 --> 00:38:38,600 them. Anyways, it's just so happens 911 00:38:38,600 --> 00:38:40,900 that privacy has become this big scary thing that people are 912 00:38:40,900 --> 00:38:43,200 afraid of. Honestly, I tell people that if 913 00:38:43,200 --> 00:38:45,800 most companies did the right thing from the basic 914 00:38:45,800 --> 00:38:48,900 perspective, I wouldn't have a job, you wouldn't need me. 915 00:38:49,100 --> 00:38:51,900 Now, I'm glad I have a job. I'm glad I exist, but the reason 916 00:38:51,900 --> 00:38:54,700 I had to do this to write the book and teach these courses is 917 00:38:54,700 --> 00:38:58,200 because companies often end up into Seems they either don't 918 00:38:58,200 --> 00:38:59,600 care about privacy and get surprised. 919 00:38:59,600 --> 00:39:01,400 And then have to spend the next 10 years trying to fix their 920 00:39:01,400 --> 00:39:04,300 mistakes or they become overcautious and piss everybody 921 00:39:04,300 --> 00:39:07,000 off and end up stifling the engineers in company with 922 00:39:07,000 --> 00:39:09,100 unnecessary process. My job here. 923 00:39:09,100 --> 00:39:11,800 My goal is to find that balance in the Middle where companies 924 00:39:11,800 --> 00:39:14,600 can make informed decision based on the right tooling make the 925 00:39:14,600 --> 00:39:17,800 case for intelligent regulation and intelligent Innovation and 926 00:39:17,800 --> 00:39:19,100 showcase their work to the customer. 927 00:39:19,100 --> 00:39:21,700 So they can get credit for doing the right thing from privacy and 928 00:39:21,707 --> 00:39:25,000 security perspective. I want to bring lady one recent 929 00:39:25,000 --> 00:39:27,900 Trend which I believe some people think In a different way, 930 00:39:27,900 --> 00:39:29,700 as well, in terms of collecting data. 931 00:39:29,800 --> 00:39:32,300 So we are talking about Ai and machine learning these days. 932 00:39:32,600 --> 00:39:34,800 So, as we all know, for this machine learning to work 933 00:39:34,800 --> 00:39:38,100 properly, you need to have lots of data, lots of labels tags. 934 00:39:38,100 --> 00:39:41,000 So, to speak, right? You need to classify the users 935 00:39:41,000 --> 00:39:43,900 with a lot more attributes. So, what's your take with all 936 00:39:43,900 --> 00:39:46,300 this new trend, right? Or people think that you have to 937 00:39:46,300 --> 00:39:48,800 collect more and more identify the users better. 938 00:39:48,800 --> 00:39:51,500 So that the machine learning model, becomes more accurate. 939 00:39:51,500 --> 00:39:55,700 Maybe you can help to give an advice here for people who think 940 00:39:55,700 --> 00:39:56,900 that actually for building machine. 941 00:39:57,000 --> 00:39:58,500 Learning, we need to have more data. 942 00:39:59,400 --> 00:40:02,700 So before I answer the question, I want to be a little snarky 943 00:40:02,700 --> 00:40:04,600 here. There are some words people use 944 00:40:04,600 --> 00:40:07,500 to appear smart so I remember when after I got married, my 945 00:40:07,500 --> 00:40:09,500 wife and I would go to nice grocery stores closed until then 946 00:40:09,500 --> 00:40:11,400 I would go to the cheapest grocery store but with her dad 947 00:40:11,400 --> 00:40:14,100 to go to nice places and a lot of products had words like 948 00:40:14,100 --> 00:40:17,200 Organic Farm Fresh. I still don't know what any of 949 00:40:17,200 --> 00:40:19,700 that actually means what people, often say things to sound smart 950 00:40:19,700 --> 00:40:21,900 in Silicon Valley, a year ago, you had to say, homomorphic 951 00:40:21,900 --> 00:40:24,100 encryption at least once in the first 10 seconds of people 952 00:40:24,100 --> 00:40:26,700 didn't think you were smart. Now, the topic is generative. 953 00:40:26,700 --> 00:40:28,800 AI Six months ago was governance, right? 954 00:40:28,900 --> 00:40:31,300 So what I would tell people is that first up. 955 00:40:31,300 --> 00:40:33,600 A lot of people are using these words without knowing exactly 956 00:40:33,600 --> 00:40:36,200 what they mean because that's how the world works these days. 957 00:40:36,400 --> 00:40:39,400 So don't be intimidated. Ask questions and try to make 958 00:40:39,400 --> 00:40:41,800 sure you have your facts in place before you make decisions 959 00:40:41,800 --> 00:40:45,000 about data or make case about having more or less data. 960 00:40:45,000 --> 00:40:47,200 That's Point. Number one, and I still don't 961 00:40:47,200 --> 00:40:49,700 know what a fun fresh actually means, but that doesn't stop me. 962 00:40:49,700 --> 00:40:51,700 From asking the question to answer your question, 963 00:40:51,700 --> 00:40:54,500 specifically, I would say Ai and data collection is extremely 964 00:40:54,500 --> 00:40:56,500 complex. On the one side, you have to 965 00:40:56,500 --> 00:40:59,100 collect Data to represent the sample size were accurately to 966 00:40:59,100 --> 00:41:02,400 govern for data quality to check against bias on the other side. 967 00:41:02,400 --> 00:41:04,800 I'm not as concerned about people collecting data for AI 968 00:41:04,800 --> 00:41:06,400 purposes. I'm more concerned about people 969 00:41:06,400 --> 00:41:09,100 collecting data, without caring about the data as long as you 970 00:41:09,100 --> 00:41:12,100 have the right controls to sound the utility of the data and then 971 00:41:12,100 --> 00:41:15,000 deleted, once its usage is complete, I'm okay, as long as 972 00:41:15,000 --> 00:41:17,200 people know what they're collecting and why and then deal 973 00:41:17,200 --> 00:41:19,700 with Access Control intelligently that concern goes 974 00:41:19,700 --> 00:41:21,600 down. So I think data collection and 975 00:41:21,600 --> 00:41:23,600 AI can be done, intelligently thoughtfully. 976 00:41:23,600 --> 00:41:26,400 As long as you have the controls in place, not just to protect 977 00:41:26,400 --> 00:41:28,100 people's privacy. You put to make sure that the 978 00:41:28,100 --> 00:41:29,900 data itself is useful and correct. 979 00:41:29,900 --> 00:41:31,900 That's number two. The third thing is from a 980 00:41:31,900 --> 00:41:33,600 security perspective. Data collection is also 981 00:41:33,600 --> 00:41:36,300 important because unless you have the right level of 982 00:41:36,300 --> 00:41:39,900 profiling of users, you cannot decide which user is about to 983 00:41:39,900 --> 00:41:43,200 DDOS, you verses, which user is getting an ethically improperly 984 00:41:43,200 --> 00:41:45,300 penalized. So I think it is less about 985 00:41:45,300 --> 00:41:48,200 collection but more about careless collection, less about 986 00:41:48,200 --> 00:41:51,000 volume of data and more about the lack of controls to enforce 987 00:41:51,000 --> 00:41:53,200 policies on the data, right? Because this is a continuously 988 00:41:53,200 --> 00:41:54,900 learning process. You collect the right kind of 989 00:41:54,900 --> 00:41:57,000 data. You check to make sure you A 990 00:41:57,008 --> 00:41:59,700 shortage in your collection processes or deficiencies and 991 00:41:59,700 --> 00:42:02,200 then you improve your collection processes and then you identify 992 00:42:02,200 --> 00:42:04,700 something that happens someplace else you improve your processes. 993 00:42:04,800 --> 00:42:08,200 So it's about teaching, your AI models to be a better 994 00:42:08,200 --> 00:42:10,500 representative factor of the customer data and better 995 00:42:10,500 --> 00:42:12,400 utilization of your engineering resources. 996 00:42:12,700 --> 00:42:15,700 It's about continuous learning for yourself for your business, 997 00:42:15,700 --> 00:42:17,200 for your tools and for your data itself. 998 00:42:17,400 --> 00:42:19,600 Remember AI is not this thing that fell from the sky. 999 00:42:19,600 --> 00:42:21,700 It's something that was built by human beings. 1000 00:42:21,700 --> 00:42:24,300 But with massive amounts of data and massive amounts of scale. 1001 00:42:24,500 --> 00:42:28,200 So you have to learn not just from Model perspective, but also 1002 00:42:28,200 --> 00:42:30,400 from yourself, in terms of building the model in the first 1003 00:42:30,400 --> 00:42:34,200 place, I think that's a very good insights from you about Ai 1004 00:42:34,200 --> 00:42:36,600 and generative AI. So, like also people talk about 1005 00:42:36,600 --> 00:42:39,500 it a lot these days, right? But maybe they are not familiar 1006 00:42:39,500 --> 00:42:42,800 with the whole thing and think about, like we just collect data 1007 00:42:42,800 --> 00:42:45,600 and maybe one day a male model will find it useful. 1008 00:42:45,900 --> 00:42:49,000 So you mentioned a couple of times now that it's important to 1009 00:42:49,000 --> 00:42:52,200 have tooling within the company. Maybe if you can give a brief 1010 00:42:52,200 --> 00:42:54,800 like what kind of toolings are available out there, is that 1011 00:42:54,800 --> 00:42:56,700 something that can be automated or is that? 1012 00:42:56,900 --> 00:43:00,100 Being more like a library client SDK that we can embed. 1013 00:43:00,100 --> 00:43:02,100 Or is it something that is more low level? 1014 00:43:02,300 --> 00:43:04,500 Maybe if you can share some of the tools that are available so 1015 00:43:04,500 --> 00:43:05,900 that people are familiar with them. 1016 00:43:06,600 --> 00:43:09,500 So the challenge is there is no definitive tool available from a 1017 00:43:09,500 --> 00:43:11,800 privacy perspective because there is no definitive single 1018 00:43:11,800 --> 00:43:13,400 privacy or for that matter in the u.s. 1019 00:43:13,400 --> 00:43:15,900 Via multiple breach notification laws that I think where you 1020 00:43:15,900 --> 00:43:17,200 state-by-state. I'm not an attorney is 1021 00:43:17,200 --> 00:43:18,800 protecting, my facts are in place here. 1022 00:43:19,000 --> 00:43:22,200 The absence of Allah means that there's absence of a proper 1023 00:43:22,200 --> 00:43:24,600 tool. I mean, in the u.s. we have very 1024 00:43:24,600 --> 00:43:28,500 complex, very archaic, tax law, and we Multiple tax, preparation 1025 00:43:28,500 --> 00:43:30,900 software that were written to basically scare the crap out of 1026 00:43:30,900 --> 00:43:32,200 me because it's extremely complex. 1027 00:43:32,200 --> 00:43:34,300 And I have no way of knowing if everything is correct. 1028 00:43:34,400 --> 00:43:35,900 I'm just hoping that the tool actually works. 1029 00:43:35,900 --> 00:43:39,600 With my only other choice is to go to a CPA or do it myself and 1030 00:43:39,600 --> 00:43:41,500 every option has downsides to it, right? 1031 00:43:41,800 --> 00:43:44,000 So there is no tool off the shelf which is part of the 1032 00:43:44,000 --> 00:43:46,300 reason I wrote my book, part of the reason I teach on my courses 1033 00:43:46,300 --> 00:43:49,000 online and the choices for companies are in the following 1034 00:43:49,400 --> 00:43:50,700 build. Something from the ground up 1035 00:43:50,700 --> 00:43:53,400 within the company that has the upside of having built by people 1036 00:43:53,400 --> 00:43:55,800 that have the tribal knowledge. But that is the downside of 1037 00:43:55,800 --> 00:43:57,900 essentially being built. By the same people that didn't 1038 00:43:57,900 --> 00:43:59,200 see it coming the first time around. 1039 00:43:59,200 --> 00:44:01,500 So, there is a trade-off that there are multiple off-the-shelf 1040 00:44:01,500 --> 00:44:04,400 Solutions, third-party tools. I advise some of these companies 1041 00:44:04,400 --> 00:44:07,000 to be totally honest with you and they are trying to fix these 1042 00:44:07,000 --> 00:44:09,000 problems from an outsider's perspective, but also make sure 1043 00:44:09,000 --> 00:44:11,800 that there is a standard in the industry, so that not everybody 1044 00:44:11,800 --> 00:44:14,000 has their own bespoke software. That's number two. 1045 00:44:14,200 --> 00:44:16,500 The third model is start with building something in our sin by 1046 00:44:16,500 --> 00:44:18,800 a third-party vendor or by a third party vendor and then 1047 00:44:18,800 --> 00:44:21,600 build something on top of that to provide coverage for their 1048 00:44:21,600 --> 00:44:23,900 own use cases. I don't think there is one 1049 00:44:23,900 --> 00:44:26,600 answer for any company. Hopefully, we get to a point 1050 00:44:26,600 --> 00:44:29,600 where On a sector-by-sector basis, or for different kinds of 1051 00:44:29,600 --> 00:44:31,300 data for different kinds of cloud vendors. 1052 00:44:31,500 --> 00:44:33,700 There are certain set of tools that work, but I think the 1053 00:44:33,700 --> 00:44:36,600 domain as you mentioned in the very beginning Henry is in its 1054 00:44:36,600 --> 00:44:38,700 relative infancy. So I don't think we're at a 1055 00:44:38,707 --> 00:44:41,800 point where we can just build something for everyone because 1056 00:44:41,800 --> 00:44:44,300 we don't have one law in a given country. 1057 00:44:44,900 --> 00:44:47,500 We don't have an example of how one law can be properly 1058 00:44:47,500 --> 00:44:51,100 verifiably complied with and we also don't have a common way of 1059 00:44:51,100 --> 00:44:52,400 doing things. Like there are companies that 1060 00:44:52,400 --> 00:44:53,700 are Legacy companies moving to Cloud. 1061 00:44:53,700 --> 00:44:56,000 For the first time, there are companies that for a whole host 1062 00:44:56,000 --> 00:44:58,200 of reasons prefer, and on Prem infrastructure, there are 1063 00:44:58,200 --> 00:44:59,700 companies that still have a mono report. 1064 00:44:59,700 --> 00:45:01,800 Other companies that have multiple reports, there are 1065 00:45:01,800 --> 00:45:03,700 companies that have single point of failure. 1066 00:45:03,700 --> 00:45:06,000 Other companies that have a multiple microservices model, 1067 00:45:06,200 --> 00:45:09,300 there is so much diversification and the engineering level at the 1068 00:45:09,300 --> 00:45:11,900 Privacy level, and the customer expectation level at the 1069 00:45:11,900 --> 00:45:14,700 international legal level. That is very hard to have one 1070 00:45:14,700 --> 00:45:17,700 tool, which is why again, I tell people shift left, start only, 1071 00:45:17,700 --> 00:45:20,200 keep improving, keep building their virtuous circle, and then 1072 00:45:20,200 --> 00:45:23,400 you can make this decision on an informal basis without being 1073 00:45:23,400 --> 00:45:26,600 forced to comply with the law. That may be expensive to comply 1074 00:45:26,600 --> 00:45:29,400 with And in the end will not protect yourself from others and 1075 00:45:29,400 --> 00:45:32,200 IP perspective and will not protect your customers, as well. 1076 00:45:32,800 --> 00:45:35,200 I think, I like the way you mentioned about shift left, so 1077 00:45:35,200 --> 00:45:38,200 as we have shift left with so many things, you know, like, 1078 00:45:38,300 --> 00:45:41,700 automation security, when things like that, I think privacy could 1079 00:45:41,700 --> 00:45:44,600 also be one area where we can shift life and do better 1080 00:45:44,600 --> 00:45:47,400 planning earlier. So one thing is about company 1081 00:45:47,400 --> 00:45:49,500 collecting the data for their own purpose, right? 1082 00:45:49,500 --> 00:45:52,900 I think these days, we can see a lot as well about data being 1083 00:45:52,900 --> 00:45:56,400 shared with other third-party apps or other users. 1084 00:45:56,400 --> 00:45:58,300 So they By sharing. I think it's also one thing that 1085 00:45:58,300 --> 00:46:00,000 we can discuss a lot about today. 1086 00:46:00,100 --> 00:46:02,500 What do you think about this aspect companies? 1087 00:46:02,500 --> 00:46:04,700 Collect data? And then it can share with other 1088 00:46:04,700 --> 00:46:06,000 people. You can think of it like the 1089 00:46:06,000 --> 00:46:09,500 Google having content screen. We will share your data to this 1090 00:46:09,500 --> 00:46:12,400 third party apps, or maybe even like some of the apps doing so 1091 00:46:12,400 --> 00:46:14,600 as well. So what will be your key message 1092 00:46:14,600 --> 00:46:17,000 here about data sharing do things? 1093 00:46:17,000 --> 00:46:19,900 You know what happens in Vegas may stay in Vegas but very 1094 00:46:19,900 --> 00:46:22,200 little that happens elsewhere stays in that location. 1095 00:46:22,400 --> 00:46:24,400 So that's number one. I'm sure I could have learned 1096 00:46:24,400 --> 00:46:27,100 that joke a bit better but the general Point remains that Need 1097 00:46:27,100 --> 00:46:29,600 him data leaves your system, that is data sharing. 1098 00:46:29,800 --> 00:46:32,200 So you turn on your TV and open the Netflix app. 1099 00:46:32,200 --> 00:46:34,800 There's a bunch of stuff about you going to the Netflix or is 1100 00:46:34,808 --> 00:46:37,800 now this is not creepy at all because Netflix needs that data. 1101 00:46:37,800 --> 00:46:39,100 They need to understand where you live. 1102 00:46:39,100 --> 00:46:41,500 Are you, who you say, you are your device ID or internet 1103 00:46:41,500 --> 00:46:44,300 connection, your browser type etcetera, because the streaming 1104 00:46:44,300 --> 00:46:46,600 experience has to be customized. It's not like a DVD, which, by 1105 00:46:46,600 --> 00:46:48,900 the way, the Netflix's folks shut the business down, right? 1106 00:46:49,000 --> 00:46:52,000 So, everything is now online from a streaming perspective 1107 00:46:52,000 --> 00:46:55,600 that is data driven, the problem starts, when that data now gets 1108 00:46:55,600 --> 00:46:57,400 shared and useful other, Purposes. 1109 00:46:57,700 --> 00:47:00,100 When you collect that data as a company and you give it to third 1110 00:47:00,100 --> 00:47:02,600 parties without an understanding of what happens to the data once 1111 00:47:02,600 --> 00:47:04,900 it gets there, does that third-party have good privacy 1112 00:47:04,900 --> 00:47:08,200 security practices, is there an attack possible in the middle 1113 00:47:08,200 --> 00:47:10,800 while the data is in transit? Does number two for me, the 1114 00:47:10,800 --> 00:47:12,900 biggest risk for third-party sharing perspective. 1115 00:47:12,900 --> 00:47:16,500 Is what happens when the data you shared the data that exist 1116 00:47:16,500 --> 00:47:19,000 on the dark web the data. The vendor may have all which 1117 00:47:19,000 --> 00:47:21,200 combined together to fundamentally change the risk 1118 00:47:21,200 --> 00:47:22,800 calculus. Remember, we talked about risk 1119 00:47:22,800 --> 00:47:24,900 analysis and the beginning stage of data collection, right? 1120 00:47:24,900 --> 00:47:27,800 We talk about classification. Inventory tag, Labeling Etc. 1121 00:47:28,100 --> 00:47:30,500 That happens once or twice in the company's history. 1122 00:47:30,700 --> 00:47:33,600 But then what happens is once that data gets pulled with other 1123 00:47:33,600 --> 00:47:36,300 data, the risk factor changes completely for people, listening 1124 00:47:36,300 --> 00:47:38,600 to this podcast. You guys should Google Mitt 1125 00:47:38,600 --> 00:47:41,700 Romney Twitter account, so MIT team It r0m. 1126 00:47:41,700 --> 00:47:45,000 Anyway, Romney Twitter account, Governor Romney or Senator 1127 00:47:45,000 --> 00:47:47,200 Romney is a former US presidential candidate. 1128 00:47:47,300 --> 00:47:49,400 He is a high place to official in the US government. 1129 00:47:49,400 --> 00:47:51,500 A very famous presidential candidate, a very successful 1130 00:47:51,500 --> 00:47:54,500 Venture capitalists he mentioned to a journalist I think three or 1131 00:47:54,500 --> 00:47:57,200 four years ago that he has a private Twitter account So he 1132 00:47:57,200 --> 00:47:59,200 has a public procurement because he works for the u.s. 1133 00:47:59,200 --> 00:48:00,900 government. But he also mentioned, he has a 1134 00:48:00,900 --> 00:48:03,600 private Twitter account, he didn't mention the handle and a 1135 00:48:03,600 --> 00:48:06,100 journalist who listen to that interview was able to identify 1136 00:48:06,100 --> 00:48:09,200 within a few hours want that Twitter account was, and that 1137 00:48:09,200 --> 00:48:11,800 was based on information about the Governor Romney that she 1138 00:48:11,800 --> 00:48:14,500 had, how many kids he has, what his business ventures? 1139 00:48:14,500 --> 00:48:17,300 Were what his history is including, where he served as a 1140 00:48:17,300 --> 00:48:20,200 missionary, for his church, in his younger years based on 1141 00:48:20,200 --> 00:48:21,700 Purely that piece of information. 1142 00:48:21,700 --> 00:48:23,300 She was able to figure out the account. 1143 00:48:23,400 --> 00:48:26,000 Now, this is somebody who was not a computer science engineer, 1144 00:48:26,300 --> 00:48:28,600 this You don't have privacy domain expertise, and she was 1145 00:48:28,600 --> 00:48:29,900 able to figure out within two hours. 1146 00:48:30,300 --> 00:48:33,300 Think about what we can do to somebody's anonymity, somebody's 1147 00:48:33,300 --> 00:48:36,500 identity, somebody's physical safety at scale with massive 1148 00:48:36,500 --> 00:48:38,400 algorithms, massive compute power, right? 1149 00:48:38,600 --> 00:48:41,000 So I think that is kind of the challenge when it comes to data 1150 00:48:41,000 --> 00:48:42,900 sharing. As I mentioned before, data is 1151 00:48:42,900 --> 00:48:44,300 not static. It is a living. 1152 00:48:44,300 --> 00:48:46,700 Breathing organism data is not like tax law. 1153 00:48:46,700 --> 00:48:48,900 That only changes once every generation data changes. 1154 00:48:48,900 --> 00:48:52,400 Every single moment, your data. My data is changing as we speak 1155 00:48:52,400 --> 00:48:55,100 as more words come out of my mouth and can transcribe on your 1156 00:48:55,100 --> 00:48:57,100 system, right? So I think what people People 1157 00:48:57,100 --> 00:48:59,500 typically don't get from a sharing perspective, is they go 1158 00:48:59,500 --> 00:49:02,400 after hacking, they go after exploration, they go after a 1159 00:49:02,400 --> 00:49:04,000 tax. But the real risk is what 1160 00:49:04,000 --> 00:49:06,900 happens to the data and what happens to it without any 1161 00:49:06,900 --> 00:49:10,400 malfeasance intended by anyone or what happens based on 1162 00:49:10,400 --> 00:49:12,500 decisions that were made, two, three, four, five years ago, 1163 00:49:12,500 --> 00:49:15,100 that were totally legitimate decisions, based on what we knew 1164 00:49:15,100 --> 00:49:18,100 at the time, but with the Advent of new technology, new 1165 00:49:18,100 --> 00:49:21,000 algorithms, new manipulation systems, new AI Etc. 1166 00:49:21,200 --> 00:49:24,200 The fundamental risk calculus has changed and it's very hard 1167 00:49:24,200 --> 00:49:26,400 to reverse those decisions because the cats are the 1168 00:49:26,408 --> 00:49:28,300 daughter. Point, right? 1169 00:49:28,300 --> 00:49:31,100 And I so want to discuss from the end users point of view. 1170 00:49:31,100 --> 00:49:34,500 I find sometimes we are at the disadvantaged position, right? 1171 00:49:34,500 --> 00:49:37,700 So we all these, for example, if you see consent screen that an 1172 00:49:37,700 --> 00:49:40,800 application wants to access your data from Google, for example, 1173 00:49:40,900 --> 00:49:44,100 there's no option where you can say, no, if you say no that, 1174 00:49:44,100 --> 00:49:46,600 basically that means you can't use any of the pictures from the 1175 00:49:46,600 --> 00:49:48,600 apps. And also, for example cookies. 1176 00:49:48,600 --> 00:49:51,700 Now we have all these pop-up, but most of the time actually, 1177 00:49:51,700 --> 00:49:53,800 the option is like accept cookies, right? 1178 00:49:54,000 --> 00:49:57,300 So I think sometimes the end-users is at this Age, like 1179 00:49:57,300 --> 00:50:01,000 not having a good option, not to share their data consciously. 1180 00:50:01,000 --> 00:50:03,400 So what would be your message here for people? 1181 00:50:03,400 --> 00:50:06,700 Maybe for end-users about thinking before we actually give 1182 00:50:06,700 --> 00:50:09,800 consent to our data. So this question going to goes 1183 00:50:09,800 --> 00:50:11,000 into the legal term for a little bit. 1184 00:50:11,000 --> 00:50:14,800 So I'll be able to provide a very limited answer because when 1185 00:50:14,800 --> 00:50:17,000 consent is required, how it should be collected. 1186 00:50:17,100 --> 00:50:20,100 The clarity of the copy, that is more of a legal question. 1187 00:50:20,100 --> 00:50:22,800 And just as the attorneys, don't teach me how to write code and 1188 00:50:22,800 --> 00:50:24,300 build services and create metrics. 1189 00:50:24,300 --> 00:50:26,300 I probably shouldn't be Moonlighting as an attorney 1190 00:50:26,300 --> 00:50:28,100 anyways. What I will say is from the 1191 00:50:28,100 --> 00:50:31,100 engineering perspective, from a tool perspective, it is critical 1192 00:50:31,100 --> 00:50:33,600 to ask yourself. Are you giving the customer and 1193 00:50:33,600 --> 00:50:35,900 enough information? Are you giving the customer too 1194 00:50:35,900 --> 00:50:37,700 much information? Are you giving the customer? 1195 00:50:37,700 --> 00:50:40,100 I'm an informed choice because at the end of the day, this is a 1196 00:50:40,107 --> 00:50:42,700 combination of the tools. You build the copy in the 1197 00:50:42,700 --> 00:50:45,900 language, the clarity of the language itself, and the clarity 1198 00:50:45,900 --> 00:50:48,400 and the Integrity of the policy that's behind it. 1199 00:50:48,400 --> 00:50:50,200 Right? And honestly what happens is 1200 00:50:50,200 --> 00:50:52,300 people have to go through their life on a daily basis. 1201 00:50:52,300 --> 00:50:54,800 As I mentioned before, I don't remember ever reading or the 1202 00:50:54,800 --> 00:50:56,600 details of the credit card statement. 1203 00:50:56,800 --> 00:50:58,600 That gets sent to me. I pay my balance in full every 1204 00:50:58,600 --> 00:51:00,900 single month and my assumption is everything will work out 1205 00:51:00,900 --> 00:51:02,100 correctly. If I'm paying member bill in 1206 00:51:02,100 --> 00:51:04,700 full, they'll be no interest charge, no late fees charged. 1207 00:51:04,800 --> 00:51:07,100 But there are people who may not be able to pay the full balance 1208 00:51:07,100 --> 00:51:09,600 in for whom something in those policies might actually mean 1209 00:51:09,600 --> 00:51:11,700 something. So, this is not just about 1210 00:51:11,700 --> 00:51:14,200 privacy or security. It's about the complexity of the 1211 00:51:14,200 --> 00:51:16,000 law. It's about sort of the details 1212 00:51:16,000 --> 00:51:18,000 in there back. When I became a naturalized US 1213 00:51:18,000 --> 00:51:20,800 citizen, I was told multiple times and if there was ever a 1214 00:51:20,808 --> 00:51:23,500 misunderstanding of anything, it was my responsibility, as if I'm 1215 00:51:23,500 --> 00:51:25,700 supposed to single-handedly, understand the complexities of 1216 00:51:25,700 --> 00:51:29,400 immigration law, that was Asked in 1965, my parents were not 1217 00:51:29,400 --> 00:51:31,600 even double digits. From that law was passed and yet 1218 00:51:31,600 --> 00:51:33,200 I'm supposed to understand every single detail. 1219 00:51:33,200 --> 00:51:36,700 So I think people are honing in on privacy and consent a little 1220 00:51:36,700 --> 00:51:39,700 too much because this larger challenge between when it comes 1221 00:51:39,700 --> 00:51:41,800 to the disconnect between the people building the tools and 1222 00:51:41,800 --> 00:51:44,700 the people writing the laws, the people who use the products and 1223 00:51:44,700 --> 00:51:47,000 people who push out the policy, there is a significant 1224 00:51:47,000 --> 00:51:49,200 disconnect that did not begin with privacy. 1225 00:51:49,300 --> 00:51:51,800 The challenge is privacy is much bigger simply because of the 1226 00:51:51,800 --> 00:51:54,900 volume of data, but I think we have to as a community figure 1227 00:51:54,900 --> 00:51:57,200 out a way that the people who build stuff and the Fluoride 1228 00:51:57,200 --> 00:52:00,800 these policies are in the same sort of contextual framework, as 1229 00:52:00,800 --> 00:52:02,600 the people who say yes or no to these policies. 1230 00:52:02,600 --> 00:52:04,400 I don't think what they are. I don't have an easy answer 1231 00:52:04,400 --> 00:52:06,900 right now, because as I mentioned before, this challenge 1232 00:52:06,900 --> 00:52:09,600 predates, the emergence of privacy and security, as risk 1233 00:52:09,600 --> 00:52:12,400 areas, thanks for your valuable input. 1234 00:52:12,500 --> 00:52:15,300 So in terms of the data that we collect, you mentioned a couple 1235 00:52:15,300 --> 00:52:18,500 of times you need to do recent analysis, do classification and 1236 00:52:18,500 --> 00:52:20,500 in your book and latest chapters. 1237 00:52:20,500 --> 00:52:23,500 You also talk about privacy maturity model, maybe if you can 1238 00:52:23,500 --> 00:52:26,600 give a glimpse, how should people start categorizing? 1239 00:52:26,800 --> 00:52:29,900 Classifying, the data that they are collected in the company and 1240 00:52:29,900 --> 00:52:33,000 what kind of things that they could aspire to build as a 1241 00:52:33,000 --> 00:52:35,100 privacy maturity model within the company. 1242 00:52:35,800 --> 00:52:38,000 So let me give you a very specific example, right? 1243 00:52:38,400 --> 00:52:41,000 You want to make sure that your categorization of data is as 1244 00:52:41,000 --> 00:52:43,600 contextual as possible to as an example just to stick with a 1245 00:52:43,607 --> 00:52:45,500 Netflix. Use case, when you collect 1246 00:52:45,500 --> 00:52:48,200 customer data as a streaming platform, you could make the 1247 00:52:48,200 --> 00:52:51,000 argument that somebody's IP address is very sensitive 1248 00:52:51,000 --> 00:52:52,900 location data because you get their IP address. 1249 00:52:52,900 --> 00:52:55,500 You could pretty much identify where they live and then you can 1250 00:52:55,600 --> 00:52:57,800 infer from their gender. Or the erase from the streaming 1251 00:52:57,800 --> 00:53:01,200 data, you might be able to infer other details about them, things 1252 00:53:01,200 --> 00:53:04,200 like that, if you use their IP address only for the purposes of 1253 00:53:04,200 --> 00:53:05,700 personalization, that's a challenge. 1254 00:53:05,800 --> 00:53:08,000 But in that case, if you think about it, purely through the 1255 00:53:08,000 --> 00:53:10,900 lens of risk, IP address should be very, very sensitive data 1256 00:53:10,900 --> 00:53:14,000 which means collect and delete quickly minimize access things 1257 00:53:14,000 --> 00:53:16,200 like that. But if you only use the IP 1258 00:53:16,200 --> 00:53:19,100 address for security purposes to check from a DDOS perspective, 1259 00:53:19,200 --> 00:53:21,500 maybe it's better to have that data in a separate database, 1260 00:53:21,500 --> 00:53:23,800 keep it for a long time to study Trends and patterns. 1261 00:53:23,900 --> 00:53:27,200 But minimize access, if you collect IP address from And they 1262 00:53:27,200 --> 00:53:29,500 live in New York City where it's very densely populated and it's 1263 00:53:29,500 --> 00:53:32,100 very hard to hone in on somebody's specific location. 1264 00:53:32,100 --> 00:53:35,000 Maybe the IP address is not very sensitive because it's hard to 1265 00:53:35,000 --> 00:53:36,500 identify someone. But if you are like my 1266 00:53:36,500 --> 00:53:38,900 father-in-law, he lives in a small town of 600 people. 1267 00:53:39,100 --> 00:53:41,100 He genuinely believes the government is trying to keep an 1268 00:53:41,107 --> 00:53:42,900 eye on him. He's one of those paranoid type 1269 00:53:42,900 --> 00:53:45,600 of people, maybe, in that case. It is very sensitive because 1270 00:53:45,600 --> 00:53:47,300 there is an individual who's concerned. 1271 00:53:47,400 --> 00:53:49,400 But also the identification risk is very high. 1272 00:53:49,600 --> 00:53:51,900 The other example is, if you could collect somebody's IP 1273 00:53:51,900 --> 00:53:55,200 address, get consent for collection but lump that IP in a 1274 00:53:55,200 --> 00:53:58,000 group of a lot of people. So that identification risk for 1275 00:53:58,000 --> 00:54:00,500 individual users is very low, then the risk goes down. 1276 00:54:00,600 --> 00:54:03,000 So, when I'm generally saying, is, when you collect data before 1277 00:54:03,000 --> 00:54:05,800 you categorize it before you inventory it and tag it there 1278 00:54:05,800 --> 00:54:07,700 are decisions. You can make to the data about 1279 00:54:07,700 --> 00:54:09,800 the data, that might impact. How seriously you treat the 1280 00:54:09,808 --> 00:54:12,600 security or privacy of the data. You can reduce the risk, by 1281 00:54:12,600 --> 00:54:16,000 doing things, like aggregation, perturbation data, office 1282 00:54:16,000 --> 00:54:19,300 station, or some other modality of verification of data, you can 1283 00:54:19,300 --> 00:54:21,900 increase, in which case you can keep the data for a long time. 1284 00:54:22,000 --> 00:54:24,900 In other use cases, you can collect the data and not changed 1285 00:54:24,900 --> 00:54:26,600 at all. In other words take on the risk. 1286 00:54:26,900 --> 00:54:29,700 Identification, but keep the data for a very limited period 1287 00:54:29,700 --> 00:54:32,500 of time minimize access in which case the risk goes down. 1288 00:54:32,700 --> 00:54:35,500 So, there is a constant tug-of-war between the Precision 1289 00:54:35,500 --> 00:54:38,500 of the data and the retention of the data, the longevity of the 1290 00:54:38,500 --> 00:54:40,000 data and the Precision of the data, right? 1291 00:54:40,000 --> 00:54:42,700 So you have to sort of see what that balance, reflect View, and 1292 00:54:42,700 --> 00:54:45,300 then balance may change on a day-to-day basis week-by-week 1293 00:54:45,300 --> 00:54:48,200 basis, depending upon the volume of data, you have your risk 1294 00:54:48,200 --> 00:54:51,500 appetite, the nature of the customer, the kind of data the 1295 00:54:51,500 --> 00:54:52,800 stage of growth. You're going through the 1296 00:54:52,800 --> 00:54:53,800 country, you're doing business in. 1297 00:54:53,800 --> 00:54:56,500 So what is totally fine to do in Thailand may not be totally 1298 00:54:56,500 --> 00:54:58,000 fine. And in Germany, for example, 1299 00:54:58,000 --> 00:55:00,000 different, histories, different risk, tolerance, different 1300 00:55:00,000 --> 00:55:03,400 privacy sensibilities. So privacy is very contextual it 1301 00:55:03,400 --> 00:55:05,300 is very visceral. So you have to make sure that 1302 00:55:05,300 --> 00:55:07,400 the tooling and the processes that you built for. 1303 00:55:07,400 --> 00:55:10,200 It are responsive to that complex nature of privacy, 1304 00:55:10,800 --> 00:55:12,400 thanks for such elaborate answers. 1305 00:55:12,400 --> 00:55:15,100 Just by looking at IP address itself, there are so many 1306 00:55:15,100 --> 00:55:17,400 context where it can relate to it. 1307 00:55:17,400 --> 00:55:19,500 For example, is it very sensitive for some company, or 1308 00:55:19,500 --> 00:55:22,100 for some users? So, these things definitely are 1309 00:55:22,100 --> 00:55:25,900 not abstract, it's 100% always applicable to many companies, 1310 00:55:25,900 --> 00:55:27,900 many users. Sometimes think within your 1311 00:55:27,900 --> 00:55:31,600 context how the data could be used or misused and how do we 1312 00:55:31,600 --> 00:55:34,400 protect it right classify protected and maybe even 1313 00:55:34,400 --> 00:55:36,900 thinking about storing it differently from people not to 1314 00:55:36,900 --> 00:55:38,900 get access. By the way, I appreciate you 1315 00:55:38,900 --> 00:55:41,200 saying them as has an elaborate that's a polite way of saying 1316 00:55:41,200 --> 00:55:43,700 that I talk too much. I appreciate you, you deploying 1317 00:55:43,700 --> 00:55:47,300 euphemism a little bit there, right? 1318 00:55:47,300 --> 00:55:49,900 So, nice on. As we go to the last part of the 1319 00:55:49,900 --> 00:55:51,900 conversation. There's one question that I 1320 00:55:51,900 --> 00:55:54,500 would like to ask you, which I asked to all my guests. 1321 00:55:54,600 --> 00:55:56,600 This question, I call the three technical leadership. 1322 00:55:56,700 --> 00:55:58,700 The prism. So think of it like you want to 1323 00:55:58,700 --> 00:56:01,600 give some advice to people here so that they can learn from your 1324 00:56:01,600 --> 00:56:03,500 journey, they can learn from your experience. 1325 00:56:03,700 --> 00:56:06,100 So what will be your three technical leadership wisdom to 1326 00:56:06,100 --> 00:56:09,000 share here in sham? So when it comes to technical 1327 00:56:09,000 --> 00:56:10,400 wisdom to the extent, I have any. 1328 00:56:10,400 --> 00:56:12,900 I would say that when it comes to fixing for privacy and 1329 00:56:12,900 --> 00:56:16,200 security it is no different than any other Innovation think of 1330 00:56:16,207 --> 00:56:18,500 privacy as a product. Sometimes people who work in 1331 00:56:18,500 --> 00:56:20,900 privacy and security, make the mistake of thinking of privacy 1332 00:56:20,900 --> 00:56:22,900 and security as a cause as a moral issue. 1333 00:56:22,900 --> 00:56:25,300 Now it is those things your decisions when it comes from 1334 00:56:25,300 --> 00:56:26,600 data, could affect somebody else's. 1335 00:56:26,900 --> 00:56:28,600 They would affect somebody's preferences, they would affect 1336 00:56:28,600 --> 00:56:30,200 somebody's physical security, right? 1337 00:56:30,400 --> 00:56:32,700 So it is a moral cost, but that is the beginning of the 1338 00:56:32,700 --> 00:56:34,500 conversation. If you went to any corporate 1339 00:56:34,500 --> 00:56:36,900 CEO, they will tell you, we care deeply about privacy and 1340 00:56:36,900 --> 00:56:38,900 security. Most important thing they will 1341 00:56:38,900 --> 00:56:41,100 also say we care deeply about growing our business and keeping 1342 00:56:41,100 --> 00:56:43,100 our employees. Well pay most important thing. 1343 00:56:43,300 --> 00:56:45,900 What happens when there is a conflict between those two wife 1344 00:56:45,900 --> 00:56:49,500 is about making choices, right? So recognize that and recognize 1345 00:56:49,500 --> 00:56:52,300 that, whether it's privacy security, misinformation, AI 1346 00:56:52,300 --> 00:56:55,200 fairness, Equity, whatever your causes they are looked at 1347 00:56:55,200 --> 00:56:57,700 through the prism of the business, So when you make the 1348 00:56:57,700 --> 00:57:00,800 case for funding for tooling, ask yourself, how do you make 1349 00:57:00,800 --> 00:57:03,300 the case in a way that responds to the needs of the business? 1350 00:57:03,300 --> 00:57:06,100 Now there will be examples where it is critical to do the right 1351 00:57:06,100 --> 00:57:08,000 thing from privacy and security perspective. 1352 00:57:08,100 --> 00:57:10,400 No matter the business cost, like you would not hire an 1353 00:57:10,400 --> 00:57:13,500 engineer who says it is, okay, to say bad things about people 1354 00:57:13,500 --> 00:57:15,000 based on their race. You would never hire somebody 1355 00:57:15,000 --> 00:57:17,100 like that, right? Even if they happen to be a very 1356 00:57:17,100 --> 00:57:19,900 good engineer from a coding perspective, but in some cases, 1357 00:57:19,900 --> 00:57:22,700 there are choices that are very critical to make but that is not 1358 00:57:22,700 --> 00:57:25,000 true in every use case like you don't have to run privacy and 1359 00:57:25,000 --> 00:57:26,500 Security in a way that hurts the business. 1360 00:57:26,800 --> 00:57:29,500 If you hire an engineer, who does not speak very good present 1361 00:57:29,500 --> 00:57:30,900 talk very well. You can coach them from a 1362 00:57:30,900 --> 00:57:33,500 communication perspective so it is one thing for you to say, I'm 1363 00:57:33,500 --> 00:57:35,800 not going to hire an engineer. Who has bad morals, which is 1364 00:57:35,800 --> 00:57:37,700 exactly the right thing to do. You should hire somebody like 1365 00:57:37,700 --> 00:57:40,200 that but you can't say no to everybody who is different than 1366 00:57:40,200 --> 00:57:42,100 you. So you have to have that level 1367 00:57:42,100 --> 00:57:44,500 of judgment when it comes to privacy and security, you need 1368 00:57:44,500 --> 00:57:46,400 to be very deliberate about telling the business we 1369 00:57:46,400 --> 00:57:48,800 shouldn't do this because of privacy or security issues. 1370 00:57:48,800 --> 00:57:51,200 No matter the cost of the business but there are 50 other 1371 00:57:51,200 --> 00:57:53,300 cases where you can say the business want sex. 1372 00:57:53,300 --> 00:57:55,400 But if you just do x a bit differently, we can get the 1373 00:57:55,400 --> 00:57:57,500 right privacy outcome. And in the long run, that's 1374 00:57:57,500 --> 00:58:00,100 better for the business. Anyways, so try to recognize 1375 00:58:00,200 --> 00:58:03,000 that there is sometimes a moral cause we made, but a lot of 1376 00:58:03,000 --> 00:58:05,000 other cases, there is a business sensitive case. 1377 00:58:05,000 --> 00:58:07,700 You can make that will make the right case for privacy and make 1378 00:58:07,700 --> 00:58:08,800 the right case for the business as well. 1379 00:58:08,808 --> 00:58:11,900 So that is my lesson, a lot of Engineers often get extra 1380 00:58:11,900 --> 00:58:14,100 careful and they heard the business with unnecessary 1381 00:58:14,100 --> 00:58:15,900 process. And in some cases they become 1382 00:58:15,900 --> 00:58:18,000 extra careless and they heard the business because they didn't 1383 00:58:18,000 --> 00:58:20,500 do the right thing. Recognize when it's important 1384 00:58:20,500 --> 00:58:22,400 from a moral perspective, when are you doing too little? 1385 00:58:22,500 --> 00:58:26,000 When I doing too much, my lesson to engineer's is ask questions, 1386 00:58:26,000 --> 00:58:29,100 seek the So, the legal team, the comms team document things 1387 00:58:29,100 --> 00:58:32,500 whenever possible, but if you have concerns say something, the 1388 00:58:32,500 --> 00:58:34,500 worst thing is, maybe you will ask the wrong question of the 1389 00:58:34,500 --> 00:58:36,500 wrong time. There is a lot of forgiveness in 1390 00:58:36,500 --> 00:58:39,100 my experience from asking the wrong question or taking 1391 00:58:39,100 --> 00:58:41,600 initiative, there will be a lot less forgiveness. 1392 00:58:41,600 --> 00:58:44,400 If you knew what the right thing was installed into it and I have 1393 00:58:44,400 --> 00:58:46,600 run my career the same way. I ask questions, I do my 1394 00:58:46,600 --> 00:58:49,200 research, I'm wrong. As often as I'm right, and I'm 1395 00:58:49,200 --> 00:58:50,900 still learning as well. This is a learning experience 1396 00:58:50,900 --> 00:58:53,400 for me as well. So be humble, be creative. 1397 00:58:53,400 --> 00:58:55,300 Be ethical. That's my advice to Engineers. 1398 00:58:55,400 --> 00:58:57,700 As I would give the same advice. Ice, no matter what question you 1399 00:58:57,700 --> 00:59:00,500 asked me privacy or otherwise the other advice I would give 1400 00:59:00,500 --> 00:59:02,900 is, don't wait for regulation, my general. 1401 00:59:02,900 --> 00:59:05,000 My big frustration in life. Honestly, when it comes to 1402 00:59:05,008 --> 00:59:07,800 Engineers, is Engineers have allowed themselves to be painted 1403 00:59:07,800 --> 00:59:09,800 into a corner. Now, if you watch movies, people 1404 00:59:09,800 --> 00:59:12,400 who play at Ernie's people who play every other profession gets 1405 00:59:12,400 --> 00:59:14,200 represented in a very, very glamorous way. 1406 00:59:14,400 --> 00:59:17,600 I don't remember the last time, an engineer was cast in a TV 1407 00:59:17,600 --> 00:59:20,600 sitcom or in a movie where the engineer was sort of the leading 1408 00:59:20,600 --> 00:59:21,800 War. I don't know if you watch the 1409 00:59:21,800 --> 00:59:25,000 u.s. sitcom Friends from the 1990s, the only person that was 1410 00:59:25,000 --> 00:59:27,600 a borderline engineer. There was Our skeleton play by 1411 00:59:27,600 --> 00:59:29,900 David Schwimmer and they made fun of dinosaurs. 1412 00:59:29,900 --> 00:59:31,700 They made fun of him as well for his profession. 1413 00:59:32,000 --> 00:59:35,000 So, I think, Engineers often accept the idea that their job 1414 00:59:35,000 --> 00:59:37,200 is to write code and do what somebody tells them to do. 1415 00:59:37,500 --> 00:59:40,100 No, I think engineer should be willing to understand what they 1416 00:59:40,100 --> 00:59:41,800 are doing. When data is extremely complex, 1417 00:59:42,100 --> 00:59:44,600 it has implications upon people's lives, but it also 1418 00:59:44,600 --> 00:59:45,800 makes the company a lot of money. 1419 00:59:46,000 --> 00:59:47,200 So don't wait for the regulations. 1420 00:59:47,200 --> 00:59:48,800 We should wait for the requirements, but don't always 1421 00:59:48,800 --> 00:59:51,600 wait for the regulations if you feel like you can make a more 1422 00:59:51,600 --> 00:59:54,200 intelligent way, build a more intelligent tool, come up with a 1423 00:59:54,207 --> 00:59:56,400 more intelligent process to protect privacy. 1424 00:59:56,600 --> 00:59:59,000 Make the case for it. Tell people what will happen 1425 00:59:59,000 --> 01:00:01,400 this way versus that we make the case Based on data, make the 1426 01:00:01,400 --> 01:00:04,400 case based on scenarios make the case, based on business impact 1427 01:00:04,500 --> 01:00:07,500 and recognize that engineering is business from technical lens 1428 01:00:07,600 --> 01:00:09,900 and the businesses engineering from a non-technical ends, the 1429 01:00:09,900 --> 01:00:12,700 two are connected. So, my advice to engineer's 1430 01:00:12,700 --> 01:00:15,600 would be think about somebody else's data as if it were your 1431 01:00:15,600 --> 01:00:18,400 own and ask yourself, how would you build the right tool for it? 1432 01:00:18,400 --> 01:00:21,800 So don't wait for regulation. Like if your house was on fire, 1433 01:00:21,800 --> 01:00:23,700 you wouldn't wait for the fire alarm to go off. 1434 01:00:23,700 --> 01:00:25,800 If you can see the fire, if you can feel the heat, you're 1435 01:00:25,800 --> 01:00:28,400 probably run for the door. Hopefully fixing privacy is not 1436 01:00:28,400 --> 01:00:31,000 like running out of a burning building but ask yourself. 1437 01:00:31,000 --> 01:00:32,400 Why not do the right thing today? 1438 01:00:32,400 --> 01:00:34,300 Rather than waiting, for the regulation was, it is entirely 1439 01:00:34,300 --> 01:00:36,200 possible that you have discovered something that The 1440 01:00:36,200 --> 01:00:39,100 Regulators have not, you can build the right tool and inform 1441 01:00:39,100 --> 01:00:41,500 the next regulation that will benefit a lot more people. 1442 01:00:41,600 --> 01:00:44,000 So this is a chance to do the right thing for your business, 1443 01:00:44,100 --> 01:00:46,800 for your customers and also, for your own career as well because 1444 01:00:46,800 --> 01:00:48,800 you've done something, nobody else has done so far. 1445 01:00:49,500 --> 01:00:53,700 Wow, I find it a very insightful and inspiring message for people 1446 01:00:53,800 --> 01:00:56,500 to start thinking data privacy as a product. 1447 01:00:56,600 --> 01:00:58,600 That's the first thing, right? The second thing is don't wait 1448 01:00:58,600 --> 01:01:01,500 for regulations. So whenever Engineers deal with 1449 01:01:01,500 --> 01:01:04,800 the data always think about privacy first write and think as 1450 01:01:04,800 --> 01:01:07,400 if like you are the users who are sharing the data with the 1451 01:01:07,400 --> 01:01:10,000 company, right? So I think that's a real key 1452 01:01:10,000 --> 01:01:11,500 message. It's been a very exciting 1453 01:01:11,500 --> 01:01:14,700 conversation Nation from people who would love to connect with 1454 01:01:14,700 --> 01:01:16,300 you. I'll see you more about data 1455 01:01:16,300 --> 01:01:18,800 privacy or learn from your courses and things like that. 1456 01:01:19,000 --> 01:01:21,100 So is there a place where they can find you online? 1457 01:01:21,500 --> 01:01:23,700 Yeah, they can go on LinkedIn and I'm the only person in the 1458 01:01:23,700 --> 01:01:25,800 universe that I know of whose first name is Michelle. 1459 01:01:25,800 --> 01:01:28,000 And the last name is, Area. So there's an irony that the 1460 01:01:28,000 --> 01:01:30,100 Privacy guy has a name that nobody else has. 1461 01:01:30,300 --> 01:01:33,000 So I have zero privacy online in that respect. 1462 01:01:33,000 --> 01:01:35,100 But yeah, I'm on LinkedIn. I get a lot of messages there. 1463 01:01:35,100 --> 01:01:38,000 My book is available on Amazon and I will say all proceeds from 1464 01:01:38,000 --> 01:01:39,500 my book. All proceeds from a LinkedIn 1465 01:01:39,500 --> 01:01:41,600 courses from royalty perspective, go straight to 1466 01:01:41,600 --> 01:01:43,500 Animal Welfare, which I care deeply about. 1467 01:01:43,600 --> 01:01:46,100 So if people wanted to buy the book, take the courses, they 1468 01:01:46,100 --> 01:01:48,100 have the benefit of building their own skill sets protecting 1469 01:01:48,100 --> 01:01:50,800 their business and their customers but also donating 1470 01:01:50,800 --> 01:01:52,100 money to charity indirectly as well. 1471 01:01:52,100 --> 01:01:53,500 So any help in that would be much. 1472 01:01:53,500 --> 01:01:57,100 Encouraged much appreciated. Wow, that's another great cause 1473 01:01:57,100 --> 01:01:58,900 that you're doing with the Animal Welfare. 1474 01:01:59,100 --> 01:02:02,000 So for people who want to check out nation's resources, please 1475 01:02:02,000 --> 01:02:03,900 do so I can just make one more point. 1476 01:02:03,900 --> 01:02:05,300 I care deeply about Animal Welfare. 1477 01:02:05,300 --> 01:02:07,800 I care about helping dogs, get out of high, kill shelters a 1478 01:02:07,800 --> 01:02:09,300 cause very close. My heart is elephant 1479 01:02:09,300 --> 01:02:11,300 conservation. So if you travel all over the 1480 01:02:11,300 --> 01:02:14,700 world don't ride elephants, don't use elephants in circuses, 1481 01:02:14,900 --> 01:02:17,300 they get beaten up horribly. So it's a cause very close to my 1482 01:02:17,300 --> 01:02:19,000 heart. So I know this doesn't have much 1483 01:02:19,000 --> 01:02:20,700 to do with privacy but if you think about the world, we live 1484 01:02:20,700 --> 01:02:22,600 in right now whether it's addressing, the next pandemic, 1485 01:02:22,600 --> 01:02:25,400 water, shortages, air pollution ecological conservation, 1486 01:02:25,400 --> 01:02:28,000 elephant welfare. They're all connected to each 1487 01:02:28,000 --> 01:02:30,500 other and if we have learned something from covid in the last 1488 01:02:30,500 --> 01:02:33,500 two or three years, it's about how the problems we will face in 1489 01:02:33,500 --> 01:02:35,600 the future are not going to be problems that we can easily fix 1490 01:02:35,600 --> 01:02:37,400 in one Fell Swoop. It's a very connected 1491 01:02:37,400 --> 01:02:40,800 intermingle complex ecosystem so I can replay about elephants and 1492 01:02:40,800 --> 01:02:42,400 animal rescue and the environment in general. 1493 01:02:42,400 --> 01:02:44,900 But it's a larger issue and it's going to be something that's 1494 01:02:44,900 --> 01:02:47,300 going to be very important in the years to come just like 1495 01:02:47,300 --> 01:02:49,000 privacy and security are from an engineering perspective. 1496 01:02:49,500 --> 01:02:53,000 Thanks for the important plot. Important message for people, I 1497 01:02:53,000 --> 01:02:55,400 didn't know about all these elephant being beaten up and 1498 01:02:55,400 --> 01:02:57,200 things like that. So I think that's I also new 1499 01:02:57,200 --> 01:02:58,700 information, maybe for some of us. 1500 01:02:58,800 --> 01:03:00,500 Sure, thanks for sharing that everybody. 1501 01:03:00,500 --> 01:03:01,300 Thank you. Yeah. 1502 01:03:01,300 --> 01:03:02,500 It's been a pleasant conversation. 1503 01:03:02,500 --> 01:03:04,900 Thank you so much for this talk. I learn a lot about data 1504 01:03:04,900 --> 01:03:06,800 privacy. So thank you again nation. 1505 01:03:07,200 --> 01:03:11,900 Thank you. Thank you for listening to this 1506 01:03:11,900 --> 01:03:15,300 episode and for staying, right until the end if you highly 1507 01:03:15,300 --> 01:03:17,700 enjoyed it. I would appreciate if you share 1508 01:03:17,700 --> 01:03:20,100 it with your friends and colleagues who you think would 1509 01:03:20,100 --> 01:03:22,500 also benefit from listening to this episode. 1510 01:03:22,800 --> 01:03:25,500 And if you are new to the podcast, make sure to subscribe 1511 01:03:25,500 --> 01:03:28,000 and leave me your valuable review and feedback. 1512 01:03:28,200 --> 01:03:31,200 It helps me a lot in order to grow this podcast better. 1513 01:03:31,600 --> 01:03:34,500 You can also find the full show notes of this conversation on 1514 01:03:34,500 --> 01:03:38,300 the episode page at tackling Journal .f website, including 1515 01:03:38,300 --> 01:03:42,000 the full transcript interesting. It's and links to the resources 1516 01:03:42,000 --> 01:03:46,000 mention from the conversation. And lastly, make sure to 1517 01:03:46,000 --> 01:03:48,300 subscribe to the show's mailing list on technology. 1518 01:03:48,300 --> 01:03:51,800 Not deaf to get notified for any future episodes. 1519 01:03:52,300 --> 01:03:54,700 Stay tuned for the next technology, another episode. 1520 01:03:55,000 --> 01:03:56,700 And until then goodbye,