Privacy Threat Modeling with DoorDash’s Nandita Rao Narla

Privacy threat modeling is a structured approach to identifying and assessing potential privacy risks associated with a particular system, application, or process. It involves analyzing how personal data flows through a system, identifying potential vulnerabilities or weaknesses, and evaluating the potential consequences of a privacy breach.

The goal of privacy threat modeling is to identify and prioritize potential privacy risks and to develop effective strategies for mitigating those risks. This process involves considering various aspects of the system or process being analyzed, including the data that is collected, how it is stored and processed, who has access to it, and how it is transmitted.

Privacy threat modeling can help organizations better understand their privacy risks and make more informed decisions about how to protect personal data. Implementing privacy measures and conducting regular privacy threat modeling can help organizations minimize the risk of a privacy breach and ultimately save them money in the long run.

Nandita Rao Narla, Head of Technical Privacy & Governance at DoorDash, joins the show to explain privacy threat modeling, the common misconceptions, and how to make a privacy threat model program successful.

Topics:

• What is privacy threat modeling?
• How do you balance the need to collect and use data with the need to protect privacy, and what role does privacy threat modeling play in this process?
• Who typically owns this process in an organization?
• What are some of the typical approaches companies follow to privacy threat modeling?
• How should companies think about setting up a process to continually iterate and evolve the model?
• Once you’ve performed this process, how do you go about fixing the identified issues?
• What are some common misconceptions about privacy threat modeling, and how would you address those misconceptions?
• How do you determine which threats to prioritize when conducting privacy threat modeling, and what factors do you consider when making these decisions?
• How do you involve stakeholders (e.g. customers, employees, regulators) in the privacy threat modeling process, and what benefits do you see in doing so?
• What challenges have you encountered when conducting privacy threat modeling, and how have you overcome these challenges?
• How does privacy threat modeling differ from other types of risk assessments (e.g. security risk assessments), and what unique challenges does it present?
• What advice would you give to other companies looking to implement privacy threat modeling as part of their privacy and security strategy?
• How do you see privacy threat modeling evolving in the future?

Resources:

• Shostack and Associates Blog
• Strategic Privacy by Design
• LINDDUN privacy engineering