PII Data Privacy in

Software Development

Summary

New challenges around security functions

Ensure the safety of PII for everyone

What you can do about it?

What is PII

Personally Identifiable Information

clearly classify PII

potentially PII

Full name

Address

Email

Identify number

Credit card numbers

Telephone

....

First or last name

Country, state, post code

Age

Gender

Medical records

Criminal records

....

Consequences

of non-protection

Fines $

Reputation

Customer trust

Cost of cleanup

SAMP ads

Unsafe life

Blackmail

Financial loss

Telephone harassment

Incidents

SONY PSN services 102 million records

Heartland Payment Systems 130 million records

$ 171 million to cleanup

130 million credit and debit cards

Dropbox 68 million email and passwords

File leak from employee account

Build PII Policy

Employee needs PII data to do their job

Regulatory mandates

Rules and policy for data transfer

Data vulnerabilities

Data on mobile, portable devices

Transfer data to 3rd parties?

Data aggregation and backup

User agreement

Find

Arrange

Create

Educate

PII Data Lifecycle

1. Consider whether it is actually, collect and hold only necessary

2. How PII will be handled by embedding privacy

4. Take appropriate steps to protect PII that you hold 

5. Destroy or  de-indentiy the PII when no longer needed

3. Collect new risks and innovate business usual

STORE

PROCESS

TRANSMIT

Build Security in DNA

Policy

Knowledge

Employee

PII is a big part of Build Security in DNA in Thoughtworks.

Build that is a long-term work, which requires all people are aware of the significance, with the policy, law and long time cooperation.

Protect the PII is protecting the company itself.

In software development

  •  collect
  •  presist
  •  retention policy
  •  role
  •  permission
  •  clean-up
  • infrastructure support
  • encryption
  • intrusion detection
  • limited privilege
  • data persistence protection
  • data aggregation
  • Implement with PII policy
  • code review
  • security scan
  • dev tool safety
  • log/record data without PII
  • mishandling check
  • permission check
  • environment check
  • data persistence check
  • aggregation check

Inception

Architecture

Development

QA & Release

Practice

Sales would like to verify the email is sent to consumer with the correct content in system

We should detect the PII and define policy, PII should be invisible in this case.

Yea, the tax account, specify url, user name, numbers, financial information.

And we also want a audit function to trace someone check the content.

A lot changes, for example we'd replace the sensitive data with asterisk, all records should be checked and replace before go to the data store.

Practice II

Sometimes sales sent wrong email to consumer which expose another consumers personal information, and according to our PII policy we should avoid this.

Developers log user's actions in our log center, username email and the other PII info could be found in 3rd service with a simple search.

We have a lot of systems expose PII info to employee, a trace function will help us to find out the data leak source.  For example, record who view this data.

Double Review System

Log assertion for instead

Cleanup 

Add stamp for resource

Record action

How do we deal with agreement, we should notice consumer it changes in different devices, and refuse to serve without confirmed.

Update agreement push strategy

Thanks!

Q & A

PII

By Yuchen Zhang

Made with Slides.com

PII

  • 458