PII Data Privacy in
Software Development
Summary
New challenges around security functions
Ensure the safety of PII for everyone
What you can do about it?
What is PII
Personally Identifiable Information
clearly classify PII
potentially PII
Full name
Address
Identify number
Credit card numbers
Telephone
....
First or last name
Country, state, post code
Age
Gender
Medical records
Criminal records
....
Consequences
of non-protection
Fines $
Reputation
Customer trust
Cost of cleanup
SAMP ads
Unsafe life
Blackmail
Financial loss
Telephone harassment
Incidents
SONY PSN services 102 million records
Heartland Payment Systems 130 million records
$ 171 million to cleanup
130 million credit and debit cards
Dropbox 68 million email and passwords
File leak from employee account
Build PII Policy
Employee needs PII data to do their job
Regulatory mandates
Rules and policy for data transfer
Data vulnerabilities
Data on mobile, portable devices
Transfer data to 3rd parties?
Data aggregation and backup
User agreement
Find
Arrange
Create
Educate
PII Data Lifecycle
1. Consider whether it is actually, collect and hold only necessary
2. How PII will be handled by embedding privacy
4. Take appropriate steps to protect PII that you hold
5. Destroy or de-indentiy the PII when no longer needed
3. Collect new risks and innovate business usual
STORE
PROCESS
TRANSMIT
Build Security in DNA
Policy
Knowledge
Employee
PII is a big part of Build Security in DNA in Thoughtworks.
Build that is a long-term work, which requires all people are aware of the significance, with the policy, law and long time cooperation.
Protect the PII is protecting the company itself.
In software development
- collect
- presist
- retention policy
- role
- permission
- clean-up
- infrastructure support
- encryption
- intrusion detection
- limited privilege
- data persistence protection
- data aggregation
- Implement with PII policy
- code review
- security scan
- dev tool safety
- log/record data without PII
- mishandling check
- permission check
- environment check
- data persistence check
- aggregation check
Inception
Architecture
Development
QA & Release
Practice
Sales would like to verify the email is sent to consumer with the correct content in system
We should detect the PII and define policy, PII should be invisible in this case.
Yea, the tax account, specify url, user name, numbers, financial information.
And we also want a audit function to trace someone check the content.
A lot changes, for example we'd replace the sensitive data with asterisk, all records should be checked and replace before go to the data store.
Practice II
Sometimes sales sent wrong email to consumer which expose another consumers personal information, and according to our PII policy we should avoid this.
Developers log user's actions in our log center, username email and the other PII info could be found in 3rd service with a simple search.
We have a lot of systems expose PII info to employee, a trace function will help us to find out the data leak source. For example, record who view this data.
Double Review System
Log assertion for instead
Cleanup
Add stamp for resource
Record action
How do we deal with agreement, we should notice consumer it changes in different devices, and refuse to serve without confirmed.
Update agreement push strategy
Thanks!
Q & A
PII
By Yuchen Zhang
PII
- 461