LATT 2017
Planning for Privacy and Security
This presentation is licensed under a CC Attribution Share-Alike license.

Scenario One
You are the responsible adult for an activity with children after school. You've been using your personal phone to collect parent contact information for children. When you came into the school today, you noticed immigration and customs enforcement officers parked outside. You're pretty sure some of your students are undocumented or have complicated residency status.
What do you do now?
You can go back in time 12 months.
What preventative steps do you take?
We Are
Allison Ivey
Robert Friedman
Bill Fitzgerald
And you are?
Why This Session? Why Now?
Successes?
Over the last 6 months?
Over the last 12 months?
Challenges?
In the next 6 months?
In the next 24 months?
What Resources Would Be Helpful?
What Assets Do You Already Have?
Risk Assessment
-
What do you want to protect?
-
Who do you need to protect it from?
-
How much energy is required to protect it (implied question: is it worth it)
-
What protections are currently in place?
-
What are the consequences if the protections fail?
Personal
vs/and Organizational
Impacts can include
- Compliance issues
- Headlines (usually local, sometimes national)
- Parent complaints
- Social media attention
- Mistrust from community and partners
How does this
impact the
trajectory of youth,
and their families?
Break
Scenario Two
You are doing a review of the contact information for the youth who participate in your club. While doing a search, you discover that a document in your Google drive is included in the search results. When you check the file, you notice that the folder’s permissions (who is allowed access to it) have been altered so that all the contents in the folder are publicly visible. This folder contains spreadsheets that contain both personal contact information and health information about students.
What do you do now?
You can go back in time 12 months.
What preventative steps do you take?
Things We Can Do Today
Personal Tech Inventory
- What do you use?
- What do you use it for?
- What does it know about you?
- What does it know about your friends?
Personal Risk Assessment
- How "private" do you want to be?
- Who are your least private friends?
- We are all in this together
For better and worse.
Clean up our browsing
- Blocking trackers
- Blocking javascript
- Rethinking how we search
- Prioritizing browsing
- Browser personas
- Tor
- VPNs
Clean up our
mobile devices
- What apps do we need?
- What permissions do they require?
- What data do they collect?
- Turn off bluetooth, wifi, location
- Reset advertising IDs
Data hygiene
- Password managers
- Delete or archive stale data
- Identify all backup locations
- Identify who has access to key systems
- Create plans to check on all of the above
Make a plan
-
Do today
-
Do this month
-
Do in six months
Write it down. Make it measurable. Revise as needed.
Map the Personal
to the
Organizational
Check Your Organization's Breach Notification Plan
Resources Available at:
Break
Scenario Three
Your phone rings, and when you pick up you are speaking with a concerned parent who has just received a threatening email about his child. You reassure the parent and promise you will look into it.
You check your email, and have a message that demands a ransom or more parents will get more messages. The ransom note also specifies that the author has accessed contact, medical, and educational information.
What do you do now?
You can go back in time 12 months.
What preventative steps do you take?
Training Staff and Volunteers
What's Realistic?
Goals
-
Description
-
Value/Impact
-
Anticipated Difficulty - why?
-
Time required (estimated)
Goals for next week
To meet this goal in 7 days, what do you need to do tomorrow?
Goals for next month
To meet this goal in 30 days:
-
What needs to happen tomorrow?
-
What additional steps need to occur?
Goals for 6 months
To meet this goal in 180 days:
-
What needs to happen next week?
-
What consensus or buy-in is needed?
-
What additional steps need to occur?
Closing/Q and A
LATT
By billfitzgerald