Scenario One

You are the responsible adult for an activity with children after school. You've been using your personal phone to collect parent contact information for children. When you came into the school today, you noticed immigration and customs enforcement officers parked outside. You're pretty sure some of your students are undocumented or have complicated residency status.

What do you do now?

You can go back in time 12 months.

What preventative steps do you take?

We Are

Allison Ivey

Robert Friedman

Bill Fitzgerald

And you are?

Why This Session? Why Now?

Successes?

Over the last 6 months?

Over the last 12 months?

Challenges?

In the next 6 months?

In the next 24 months?

What Resources Would Be Helpful?

What Assets Do You Already Have?

Risk Assessment

• What do you want to protect?

• Who do you need to protect it from?

• How much energy is required to protect it (implied question: is it worth it)

• What protections are currently in place?

• What are the consequences if the protections fail?

Personal
vs/and Organizational

Impacts can include

• Compliance issues
• Headlines (usually local, sometimes national)
• Parent complaints
• Social media attention
• Mistrust from community and partners

How does this
impact the
trajectory of youth,
and their families?

Scenario Two

You are doing a review of the contact information for the youth who participate in your club. While doing a search, you discover that a document in your Google drive is included in the search results. When you check the file, you notice that the folder’s permissions (who is allowed access to it) have been altered so that all the contents in the folder are publicly visible. This folder contains spreadsheets that contain both personal contact information and health information about students.

What do you do now?

You can go back in time 12 months.

What preventative steps do you take?

Things We Can Do Today

Personal Tech Inventory

• What do you use?
• What do you use it for?
• What does it know about you?
• What does it know about your friends?

Personal Risk Assessment

• How "private" do you want to be?
• Who are your least private friends?
• We are all in this together

Clean up our browsing

• Blocking trackers
• Blocking javascript
• Rethinking how we search
• Prioritizing browsing
• Browser personas
• Tor
• VPNs

Clean up our
mobile devices

• What apps do we need?
• What permissions do they require?
• What data do they collect?
• Turn off bluetooth, wifi, location
• Reset advertising IDs

Data hygiene

• Password managers
• Delete or archive stale data
• Identify all backup locations
• Identify who has access to key systems
• Create plans to check on all of the above

Make a plan

• Do today

• Do this month

• Do in six months

Map the Personal
to the
Organizational

Check Your Organization's Breach Notification Plan

Resources Available at:

https://is.gd/mozfest_privacy

Scenario Three

Your phone rings, and when you pick up you are speaking with a concerned parent who has just received a threatening email about his child. You reassure the parent and promise you will look into it.

You check your email, and have a message that demands a ransom or more parents will get more messages. The ransom note also specifies that the author has accessed contact, medical, and educational information.

What do you do now?

You can go back in time 12 months.

What preventative steps do you take?

Training Staff and Volunteers

What's Realistic?

Goals

• Description

• Value/Impact

• Anticipated Difficulty - why?

• Time required (estimated)

Goals for next week

To meet this goal in 7 days, what do you need to do tomorrow?

Goals for next month

To meet this goal in 30 days:

• What needs to happen tomorrow?

• What additional steps need to occur?

Goals for 6 months

To meet this goal in 180 days:

• What needs to happen next week?

• What consensus or buy-in is needed?

• What additional steps need to occur?