Sarah H
Sarah is a recovering privacy engineering practitioner based out of the Toronto area. She leads (or has led) teams in security, privacy, and infrastructure engineering at large finance and e-commerce tech companies. She is also a core organizer for BSidesSF, overseeing the program and presenter operations.
Outside of work, she enjoys hanging out with her celebrity cat Sprinkles, playing video games, and playing the accordion poorly.
Session
Privacy compliance is a hot, top-of-mind topic for legal, security, and governance teams alike, especially with the advent of things like GDPR and the Trans-Atlantic Data Privacy Framework. Here in Canada, we have PIPEDA. In the US, we have CCPA/CPRA, NYPA, etc. What do these acronyms mean? What do the regulations cover? And more importantly, how can we navigate this new era of data regulations, across legal, security, and governance, that doesn't involve overwhelming ourselves with immense amounts of paperwork?
We'll walk through the basic fundamentals of a Privacy Program that cover the typical broad set of data/privacy regulations, in addition to how they may work well (or not well!) with other existing security compliance/legislations. We'll cover the core software components required to support such a Privacy Program. Finally, we'll talk through how to build a successful Privacy Engineering team within your security organization that both complements both your existing security engineering needs in tandem with your Privacy Legal functions.
And if we have time, we can talk about lessons learnt along the way. :)