Secure Personal Information in a Strategic and User-Friendly Way

  • TYPE: Combined Session DATE: Tuesday, October 30, 2018 TIME: 13:30-14:30 LOCATION: Salon A & B
Track

Sessions:


 Privacy has become a global concern, with regulations such as GDPR coming into effect. In this context, e-commerce businesses that operate globally cannot simply adopt data protection regulations of a single country/region. Supporting each and every regulation as they emerge is challenging and greatly increases the maintenance cost. Furthermore, these kinds of regular modifications can lead to poor customer experiences.
Leveraging well-known privacy by design principles into your system design strategy is a long-term and sustainable solution for most of these privacy challenges. Once these principles are adopted, it is possible to achieve each individual privacy regulation compliance easily with minimum time and effort. This talk introduces a number of well-known privacy by design principles and explores how they implemented in real-world scenarios. This talk also highlights the benefits of each of these principles with potential implications. 

In the context of a high-level system architecture, separating personal and security data from other business and operational data is one of the core principles. The responsibility of managing personal and security data can be delegated to a specific module or dedicated IAM solution, as other components request for personal data in an on-demand and transient manner - usually through standard security tokens such as OpenID Connect, SAML or JWT token. 

Once personal and security data are isolated from other systems, it is possible to apply set of security and privacy best practices. These include data minimization when capturing and storing data, data anonymization when storing, pseudonymization during strong, the use of a system-generated ID during data sharing, encryption before storing, and storing hashes instead of the original value. 

Design and provide a user-centric experience are also key design principles. For example, all data processing activities have to be transparent for users and they need to be informed of these activities. Usually, these activities require clear and active consent from users. Systems should facilitate to review and revoke previously given consent. Systems should also provide means to modify or remove user profiles by themselves. The adoption of strong and adaptive authentication mechanisms, use of up-to-date cryptographic algorithms, and libraries also help to improve the end-to-end security of the system.

Key takeaways:

- Why you should invest and focus more on Privacy By Design (PbD) than individual privacy standards 
- Assess the impact of each PbD principle
- Learn proven industry level best practices to embody PbD principles into your system design

Speaker:

Sagara Gunathunga is a Director at WSO2 and part of the team that spearheads WSO2’s architecture efforts related to Identity and Access Management (IAM). Sagara has spoken on GDPR and privacy at workshops across the EU and WSO2Con in Europe, USA, and Asia. He will also deliver a...



In the digitalized world, passwords are not sufficient anymore to protect digital logins and transactions. What’s even worse: In 81 percent of all cases, they are the main reason for a hack. Once a password is stolen, it opens the doors to fraudulent use and data theft. Furthermore, since most consumers link their online accounts at Amazon, eBay or Twitter to their Facebook or Google account, attackers only have to hack one password in order to gain access to the entire range of applications. This also enables them to easily compromise the complete digital identity of a user. All these examples show, that passwords are outdated. Their single application for the protection of digital identities is not only careless, but very harmful. However, there is a remedy, which is reliable and widely available today: the 2- or multi-factor authentication (2FA/MFA). Providers of online portals and services can offer their users a broad range of easy-to-use tokens, which relieve consumers of the burden to remember another password – from push tokens that only have to be confirmed by tapping the “OK” field on the smartphone’s touchscreen to scanning a QR code with the smartphone’s camera. In his presentation, Dr. Amir Alsbih explains the latest challenges and solutions in the protection of digital identities and illustrates how consumers can benefit of new MFA technologies.

Speaker:

As CEO, Dr. Amir Alsbih manages the worldwide strategic and operational business, as well as the technological development of KeyIdentity GmbH. He is responsible for the global business processes and technological innovations of the leading provider of highly scalable and quickly deployable...



Watch videos:  
Log in to download presentations:  

Moderator:

Session Links

Privacy By Design in Practice

The End of the Password – How to Really Protect Digital Identity

Quick Links

Stay Connected

Information

Amsterdam, Netherlands

Conference

Consumer Identity World EUROPE 2018

Language:
English
Registration fee:
€1200.00 $1500.00 S$1920.00
Mastercard Visa American Express PayPal
Contact person:

Ms. Lauren Zuber
+49 211 23707725
lz@kuppingercole.com
  • Oct 29 - 31, 2018 Amsterdam, Netherlands

Partners

The Consumer Identity World EUROPE 2018 is proud to present a large number of partners
Learn more

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00