LATT 2017


Planning for Privacy and Security

This presentation is licensed under a CC Attribution Share-Alike license.

Scenario One

You are the responsible adult for an activity with children after school. You've been using your personal phone to collect parent contact information for children. When you came into the school today, you noticed immigration and customs enforcement officers parked outside. You're pretty sure some of your students are undocumented or have complicated residency status.

What do you do now?

You can go back in time 12 months.

What preventative steps do you take?

We Are

Allison Ivey


Robert Friedman

Bill Fitzgerald

And you are?

Why This Session? Why Now?



Over the last 6 months?

Over the last 12 months?



In the next 6 months?

In the next 24 months?

What Resources Would Be Helpful?

What Assets Do You Already Have?

Risk Assessment

  • What do you want to protect?

  • Who do you need to protect it from?

  • How much energy is required to protect it (implied question: is it worth it)

  • What protections are currently in place?

  • What are the consequences if the protections fail?

vs/and Organizational

Impacts can include

  • Compliance issues
  • Headlines (usually local, sometimes national)
  • Parent complaints
  • Social media attention
  • Mistrust from community and partners

How does this
impact the
trajectory of youth,
and their families?


Scenario Two

You are doing a review of the contact information for the youth who participate in your club. While doing a search, you discover that a document in your Google drive is included in the search results. When you check the file, you notice that the folder’s permissions (who is allowed access to it) have been altered so that all the contents in the folder are publicly visible. This folder contains spreadsheets that contain both personal contact information and health information about students.

What do you do now?

You can go back in time 12 months.

What preventative steps do you take?

Things We Can Do Today

Personal Tech Inventory

  • What do you use?
  • What do you use it for?
  • What does it know about you?
  • What does it know about your friends?

Personal Risk Assessment

  • How "private" do you want to be?
  • Who are your least private friends?
  • We are all in this together

For better and worse.

Clean up our browsing

  • Blocking trackers
  • Blocking javascript
  • Rethinking how we search
  • Prioritizing browsing
  • Browser personas
  • Tor
  • VPNs

Clean up our
mobile devices

  • What apps do we need?
  • What permissions do they require?
  • What data do they collect?
  • Turn off bluetooth, wifi, location
  • Reset advertising IDs

Data hygiene

  • Password managers
  • Delete or archive stale data
  • Identify all backup locations
  • Identify who has access to key systems
  • Create plans to check on all of the above

Make a plan

  • Do today

  • Do this month

  • Do in six months

Write it down. Make it measurable. Revise as needed.

Map the Personal
to the

Check Your Organization's Breach Notification Plan

Resources Available at:


Scenario Three

Your phone rings, and when you pick up you are speaking with a concerned parent who has just received a threatening email about his child. You reassure the parent and promise you will look into it.


You check your email, and have a message that demands a ransom or more parents will get more messages. The ransom note also specifies that the author has accessed contact, medical, and educational information.

What do you do now?

You can go back in time 12 months.

What preventative steps do you take?

Training Staff and Volunteers

What's Realistic?


  • Description

  • Value/Impact

  • Anticipated Difficulty - why?

  • Time required (estimated)

Goals for next week

To meet this goal in 7 days, what do you need to do tomorrow?

Goals for next month

To meet this goal in 30 days:

  • What needs to happen tomorrow?

  • What additional steps need to occur?

Goals for 6 months

To meet this goal in 180 days:

  • What needs to happen next week?

  • What consensus or buy-in is needed?

  • What additional steps need to occur?

Closing/Q and A


By billfitzgerald


  • 336
Loading comments...

More from billfitzgerald