Mission

Search

Privacy by Design with Ethyca CEO, Cillian Kieran

Play episode

Or listen in your favorite podcast app

Apple Podcasts  /  Google Podcasts Spotify

Never before have companies adopted digital transformations at such a rapid pace. But as the speed of those digital agendas are accelerated, should engineers and software developers around the globe be the ones responsible for protecting your data?

“We would look at privacy as the tools or the layer of the system in terms of business logic that ensure that data is collected, processed and used in a way that is ethical and respectful of the user who gave permission to use that information. So a huge part of that is security, of course, right? You can’t, you can’t possibly be handling a user’s data with respect if you’re not securing it as a fundamental tenant of that.”

That’s Cillian Kieran, CEO and Co-founder of Ethyca, a company focused on helping enterprises with managing their privacy concerns by automating the process. Cillian joined IT Visionaries to discuss a host of topics including how companies can protect their users through simple design functions, the confusion between security and privacy, and why an autonomous digital presence may never exist again.

Main Takeaways

  • You Gotta Comply: As governments get a better handle on how information gathering needs to be regulated, companies can no longer rely on manually updated data maps. It’s important to have a clear and concise understanding of where your data is coming from, who has access to your data, and how that data is being used.
  • Designed with You in Mind: Software has v become part of the central infrastructure for society over the last 30 years. Software engineers can no longer be cavalier about how they collect their data. Instead, they need to understand that the fundamental way that systems are built and designed has to be with privacy in mind. If engineers don’t make this shift themselves, they’ll be forced to make the change by regulations.
  • Right Tool for the Job: In order for engineers to keep up with regulations surrounding privacy, they need to be empowered with the proper tool for the job. An ecosystem of designed software built with privacy in mind that maps data appropriately will help organizations keep up with the changing environment.

—–

For a more in-depth look at this episode, check out the article below.


 

Never before have companies adopted digital transformations at such a rapid pace. But as the speed of those digital agenda’s are accelerated, are engineers and software developers around the globe being forced to compromise something — your privacy?

“We would look at privacy as the tools or the layer of the system in terms of business logic that ensure that data is collected, processed and used in a way that is ethical and respectful of the user who gave permission to use that information,” Cillian Kieran said. “A huge part of that is security, of course. You can’t possibly be handling a user’s data with respect if you’re not securing it as a fundamental tenet of that.”

Kieran is the  CEO and Co-founder of Ethyca, a company focused on helping enterprises with managing their privacy concerns by automating the process. Kieran joined IT Visionaries and discussed a host of topics including how companies can protect their users through simple design functions, the confusion between security and privacy, and why an autonomous digital presence may never exist again.

Ethyca focuses on the idea that data privacy and security is a problem rooted in code and design, but not regulation. So Kieran helped design a platform that could provide tools that let developers implement processes to help them automate their privacy workflow. 

“If you are a data-driven business collecting customer information, you’ve got to comply with these regulations,” Kieran said. “There are a bunch of things that businesses have to do with data. So the first of those is you’ve got to understand what personal information you collect as a business.”

Kieran mentioned that businesses are collecting data that they may not even be aware that they are storing. This includes information such as email addresses, customer names, and other bits of information. So the challenge that enterprises are encountering is once they have this information, they have to understand what that data is being used for and who within the business has access to the data. This process is called data mapping, and it’s something that has been done by most businesses manually.

“Most businesses do [data mapping] manually,” Kieran said. “Basically, they have a spreadsheet, they audit, they analyze schema for storage systems, they audit third-party vendors and they generate this bird’s nest view of where data sits in the organization.”

As governments get a handle on how information sharing should be regulated — a process that has already been started with the implementation of GDPR in Europe and California’s Consumer Privacy Act — they need to have a better understanding of their data in order to comply with forthcoming regulations. And if businesses fail to automate their data mapping, it could end up being a very expensive process for them.

“Doing this manually would be a mechanical turk,” Kieran said. “You’d have engineers dedicated to just looking up users by identity matching records across systems, through foreign keys, and then erasing the data security. And that’s just basic data privacy. Then it gets more complicated thresholds.”

Data privacy regulations are fundamentally meant to be about how systems collect and process data and how they federate and regulate access to that information. But Kieran argued the whole point of data privacy regulations is to ensure that technologies within businesses build safer systems. So he set out to build a better system that help deal with the issue of privacy by design.

“When I founded Ethyca, the ultimate goal was to borrow from the Stripe or Twilio playbook,” he said. “Which is an infrastructure solution to what is clearly an engineering problem…If you’re an engineer working in software, touching data in any way, you should over the next five to 10 years, depending on the pace at which regulation unfolds by jurisdiction, understand the regulation rules in place.”

Kieran stressed the burden has been put on engineers to not only understand how the platform works, but then be responsible for understanding all the intricacies that come with comprehending the evolving regulations that are being placed on data.

“The issue that we have is software has very quickly, but quietly, over 30 years become central infrastructure for society,” he said. “Thirty years ago, software engineers built peripheral technology. Today software engineers are going to start to be asked by governments globally to hold themselves to the same standards of other engineering disciplines because the stakes are too high. [Engineers] need to get used to the idea that the fundamental way we build systems, or design and implement software systems, will be changed forever because the risks are now too high. So either we change and adapt ourselves as engineers, or we’ll be forced to by regulations.” 

As user privacy moves to the forefront of consumer and business conversations, there is a growing divide in the understanding of the difference between privacy and protection. Kieran said the difference between the two can be correlated to that of a Venn diagram, where the heart of a well-designed system sees crossover in three key areas: security, privacy, and protection.

“We look at privacy as the tools that ensure that data is collected, processed and used in a way that is ethical and respectful of the user who gave permission to use that information,” he said. “A huge part of that is security. You can’t possibly be handling a user’s data with respect if you’re not securing it as a fundamental tenet of that.”

Kieran went on to say that the big issue with building secure systems is that while you’re asking engineers to build safer systems, those same engineers are not necessarily provided with the proper framework or tools to build them successfully. 

“We have the idea of agility and agile workflows,” Kieran said. “But we don’t have the right tools to build safer systems. So we would argue to build better and more respectful systems is not to force engineers to follow like checkboxes and checklists, but rather to provide them with better tools in the build process, and allow them to more easily build safer systems.” 

So as the landscape continues to evolve, how are engineers expected to keep up with changing regulations? Kieran said that the first step is having a better understanding of what they are dealing with.

“We need to move toward an understanding of privacy by design as a fundamental pillar of the software design and implementation process,” he said. “We shouldn’t be designing systems that don’t adhere to privacy by design. If every product in the market or platform that’s integrating with each other follows basic standards of how it should behave, how they should interact with each other, and how they federate access to data within each system, you can make a more respectful design. I think the term that a lot of privacy specialists recognize is a respectful system, one that naturally cares about or thinks about the user.”

Want to hear more about the future of data privacy? Check out the full episode of IT Visionaries.

To hear the entire discussion, tune into IT Visionaries here

Menu

Episode 221