Privacy, Consent and Security Within Modern Applications

Explore privacy, consent, and security considerations in modern application development in this conference talk. Delve into the challenges of regulatory compliance, particularly in light of GDPR, and learn how to navigate the complexities of open source development while maintaining user privacy. Discover strategies for identifying sensitive data, managing user consent throughout product lifecycles, and implementing effective data processing models. Gain insights into security expectations set by regulators, the impact of data breaches on reputation, and the intricacies of anonymizing shared data. Examine the evolving landscape of web service APIs and IoT development, and understand the importance of continuous security assessments during the development and build processes. Learn key takeaways for open source-centric development and how to select appropriate frameworks and environments to meet security targets and governance requirements.

Intro
Being a security target is costly
Equifax breach focused attention on open source risk
So what is "data" anyway?
What about "data privacy" then?
Example: New user with email identifier
Example: Assumption of valid email
"Consent" is a tricky concept
"Trust" is the most complex of the concepts
Top 12 questions when managing collected data
GOPR actions not just for data breaches
Reputational damage factors
Anonymizing shared data doesn't guarantee privacy
Web service APIs change risk dynamic
Managing consent can be complicated
loT development requires multiple disciplines
Identity security targets from platform requirements
Select development frameworks and environment
Continuous security assessments during development
Continuous security assessments during build
Confirm governance and security target progress
Key open source centric takeaways