Partially Redacted: Data, AI, Security, and Privacy

Partially Redacted brings together leaders in engineering, data, AI, security, and privacy to share knowledge, best practices, and real world experiences. Each episode provides an in-depth conversation with an industry expert who dives into their background and experience. They’ll share practical advice and insights about the techniques, tools, and technologies that every company – and every technology professional – should know about. Learn from an amazing array of founders, engineers, architects, and leaders in the data and AI space. Subscribe to the podcast and join the community at https://skyflow.com/community to stay up to date on the latest trends in data and AI, and to learn what lies ahead.

Listen on:

  • Apple Podcasts
  • Podbean App
  • Spotify
  • Amazon Music
  • iHeartRadio
  • PlayerFM
  • Samsung
  • Podchaser

Episodes

Wednesday Jan 24, 2024

In this episode, Sanjeev Sharma, Product Lead from Skyflow, joins the show to explore the complex landscape of payment data residency regulations in India, focusing on the Reserve Bank of India's (RBI) 2018 mandate for local data storage and its impact on digital payments. The discussion covers the regulatory roles of RBI and NPCI, the challenges international businesses face in adapting to these regulations, and the implications for consumer data protection and business continuity.
Sanjeev and Sean delve into the technical and operational hurdles companies encounter, such as interpreting intricate payment flows and modifying global IT systems for local compliance. The episode also highlights the influence of technological innovations on payment systems, like mobile penetration and UPI, and offers strategic advice for entrepreneurs navigating this regulatory environment.
The episode provides a comprehensive overview of the evolving digital payment sector in India, emphasizing the importance of regulatory compliance for fostering innovation and security.

Wednesday Jan 17, 2024

In this episode a stellar panel of privacy engineering experts delve into the evolving world of privacy engineering. Saima Fancy, Senior Privacy Specialist for Ontario Health, Jay Averitt, Privacy Product Manager and Engineer at Microsoft, and Mira Olson, Privacy Architect at Doordash, bring diverse perspectives from their extensive experience in the field. They kick off the discussion with personal introductions, shedding light on their roles and contributions to privacy engineering.
Jay helps tackle the fundamental question, "What is a privacy engineer?" sparking a thoughtful debate. Mira builds on this by reflecting on the evolution of the role and emerging trends in privacy engineering. Saima assesses the current maturity of the profession, highlighting areas of progress and those needing improvement.
The panel discusses the challenges and opportunities facing privacy engineers, with each guest offering insights from their unique vantage points. They explore the core responsibilities and misconceptions about the role, the need for specialized skills and certifications, and the importance of interdisciplinary collaboration. Ethical considerations and the balance between user privacy and technological innovation are also dissected.
The discussion dives into the growing privacy concerns surrounding AI and whether we need specialized regulations. Finally, the panel looks towards the future of privacy engineering over the next decade and what they’d change and impact they’d like to see.

Wednesday Dec 06, 2023

In this episode, Pramod Raghavendran, a privacy engineering expert with prior experience at Google and Coinbase, joins the show. Together, Sean and Pramod discuss the dynamic landscape of privacy engineering, addressing hot topics and changes since Pramod's last appearance.
The conversation delves into the unique role of privacy engineers compared to security engineers, emphasizing collaboration between privacy and security teams. Pramod shares insights into how privacy functions intersect with security, governance, and data platforms. The episode also explores real-world examples, best practices, and future trends, offering a concise yet comprehensive look at the evolving relationship between privacy and other functions within organizations.

Wednesday Nov 15, 2023

In this episode, Roshmik Saha, Co-founder and CTO of Skyflow, discusses the critical importance of Personally Identifiable Information (PII) data isolation. The principle is straightforward—separate sensitive and non-sensitive data for effective data governance and privacy. The conversation covers historical origins, government use, and real-world examples from companies like Apple and Google.
The episode explores why PII isolation is vital, detailing risks and consequences of not implementing it effectively. Roshmik contrasts data isolation with encryption and access control, emphasizing practicality. "Zero trust" in data security is introduced as a verification-centric approach. Challenges in isolating PII are acknowledged, with a focus on security principles.
Best practices for PII isolation include a "need to know" basis and fine-grained access control. Roshmik provides advice for organizations, urging them to prioritize isolation, avoid integration pitfalls, and adopt a zero-trust mindset for enhanced data security.

Wednesday Nov 08, 2023

In this episode, we delve into developer experience (DX) and its pivotal role in data protection, security, and privacy. Ram Muthukrishnan, a product manager at Skyflow, joins the show again to share insights into DX's definition, the key elements of a great DX, and notable companies excelling in this domain. We explore the challenges developers face in implementing secure and privacy-respecting software, emphasizing the need to strike a balance between efficiency and robust security measures.
The conversation extends to how a developer's role evolves when tasked with integrating privacy and security into their code and essential skills for this role. We discuss best practices for infusing privacy and security considerations into the software development process, with a reference to Google's approach in product launches.
We also address common misconceptions, challenges with security tools, and how a better DX can enhance adoption. Furthermore, we highlight the significance of a positive DX in shaping data protection, especially in sectors like healthcare and finance. This episode offers a concise yet comprehensive exploration of DX's technical underpinnings and its profound impact on data security and privacy.

Wednesday Nov 01, 2023

Robin Andruss, Skyflow’s Chief Privacy Officer is back to talk about AI governance and responsible AI. We touch on recent talks Robin gave at InfoGov World and IAPP PSR on privacy-enhancing technologies and AI governance.
In this episode, Robin sheds light on the pressing issues of data privacy within this new era of AI-driven product and consumer experiences. She discusses the key privacy challenges inherent to AI, highlighting the concerns voiced by privacy professionals as they navigate this evolving landscape. Robin explores how AI differs from previous technologies in terms of regulation and shares best practices for organizations to ensure data privacy when implementing AI solutions.
Topics:
How does data privacy relate to AI, and what are the key privacy challenges associated with AI?
What are you seeing amongst the privacy professionals in terms of concern around AI?
Why is AI different from perhaps other forms of technology that we’ve developed regulations for in the past?
What is AI governance?
What are the ethical considerations when implementing AI technologies?
Can you share some real-world examples of AI applications that have raised ethical concerns?
What do companies working in the AI space or those interested in integrating with AI platforms or building out new products be thinking about when it comes to AI, privacy, and governance?
Why is transparency and explainability important in AI, and how can organizations achieve these goals?
Are there specific tools or methodologies that can help in making AI systems more transparent and understandable?
What do you think the future looks like in terms of regulating AI?

Wednesday Oct 25, 2023

In this episode, we discuss the evolving landscape of data protection, especially in the context of India's DPDP law. Kuldeep Tomar, the Head of Information Security at Games24x7, delves into the significance of safeguarding data beyond just access control, highlighting the importance of data protection itself. He discusses how data protection is a critical facet of a Chief Information Security Officer's (CISO) responsibilities and how a robust data protection strategy can enhance an organization's ability to respond effectively to data breaches, aligning with the DPDP's mandates.
Topics:
Many people think of cybersecurity as primarily controlling who has access to data. Why is it important to emphasize the protection of the data itself, beyond just access control?
How does a strong data protection strategy improve an organization's ability to respond to data breaches or security incidents as mandated by DPDP?
Discuss the importance of continuous monitoring and auditing of data access and usage, and its alignment with DPDP compliance.
DPDP encourages the principle of data minimization. Can you explain what this means and how it can be practically implemented?
For organizations with a global presence, how can they ensure compliance with DPDP when transferring data internationally, considering data sovereignty?
What are the biggest challenges companies face when it comes to complying with data privacy regulations in APAC?
What are the key challenges that companies operating in India face when it comes to complying with data privacy regulations?
How do cultural differences across APAC impact data privacy practices and regulations?
What do you anticipate happening in APAC with regards to privacy regulations or the focus on privacy for companies over the next 3-5 years?

Wednesday Oct 18, 2023

Former Chief Compliance and Privacy Officer of GeneDx, Murali Mani, joins the show to discuss data privacy in healthcare. Murali spent over 15 years working in privacy and healthcare across companies like Philips, IBM, and GeneDx.
In this episode he shares his thoughts on common misconceptions about data privacy in healthcare, breaks down which regulations apply to which type of company, history of privacy in healthcare, and the challenges companies face with compliance and data protection.
Topics:
What are some common misconceptions or misunderstandings about data privacy in healthcare that you often encounter?
How has the landscape of healthcare data privacy evolved in recent years, and what new challenges have emerged
Traditionally security and privacy in health is not tightly controlled. Why is that?
Historically, how do pharma and drug companies manage and secure personal data?
What’s the problem with attempting to manage privacy challenges with purely written policies?
How can companies accelerate compliance and prioritizing privacy?
How can companies build trust and transparency with patients and data subjects?
How does gen AI play a role?
What’s the future look like for companies in this space? If you were advising a company today, what would your suggestion be for managing this problem?

Wednesday Oct 11, 2023

Sam Sternberg, Customer Programs Lead at Skyflow, joins the show to discuss the world of privacy and security at scale within large enterprises. We explore the complex infrastructure, regulatory challenges, and evolving technologies that these giants face in protecting customer and employee data. From managing expansive data infrastructures and international privacy regulations to securing data in the cloud, both multi-cloud and hybrid cloud and harnessing AI, we provide insights and best practices for safeguarding sensitive information.
Check out the episode to delve into the technology and people-centric approaches to privacy and security within the data landscape of large organizations.Topics:
When we’re talking about a large enterprise, can you paint a picture for what the infrastructure of these companies might look like? How many databases, servers, and people are involved?
What are the fundamental differences between data management in small to medium-sized businesses and large enterprise organizations, especially concerning security and privacy?
How does the scale and complexity of data infrastructure in large companies impact their ability to maintain data privacy and security effectively?
What are the main regulatory frameworks that enterprise companies must navigate, and how do these impact data management strategies?
Large enterprises often have extensive data lakes and warehouses. How can these organizations ensure the confidentiality, integrity, and availability of their data in such environments?
With the increasing adoption of cloud services, how should large enterprises approach cloud security and privacy concerns, especially in multi-cloud or hybrid cloud environments?
Could you share some best practices for securely managing customer and employee data, considering the unique challenges faced by big companies in this regard?
How has the adoption of artificial intelligence and machine learning impacted data security and privacy practices in large organizations, and what precautions should they take when implementing these technologies?
Many large enterprises operate globally. How does managing security and privacy requirements across different countries and regions impact their strategies and challenges?
What emerging trends or technologies do you foresee having a significant impact on data security and privacy in large enterprises in the near future?

Wednesday Sep 20, 2023

In this episode, Ram Muthukrishnan, Senior Product Manager at Skyflow, joins the show to delve into the fundamental aspects of data protection.
Ram demystified key concepts like redaction, masking, and encryption, shedding light on their significance in the world of data protection. Ram walked us through the practical applications of these techniques and their role in ensuring data privacy and security in today's digital landscape.
Topics:
Why is it important to protect sensitive customer data?
What are the key differences between redaction, masking, encryption, and tokenization as data protection techniques?
How does data redaction work, and in what scenarios is it typically used?
What’s it mean to mask data and what are the different approaches?
Can you break down the basics of encryption for our listeners?
What are the primary differences between symmetric and asymmetric encryption, and when should each be used
Tokenization is often associated with payment data. Could you explain how tokenization replaces sensitive data with tokens and its advantages?
When does it make sense to use tokenization versus something like encryption? What advantages or disadvantages are there to tokenization?
Access control is a critical aspect of data protection. How does it work, and what are some best practices for implementing effective access control measures?
How can organizations balance the need for data security with the requirement for data accessibility by authorized personnel?
Are there any common misconceptions or challenges when it comes to implementing these data protection techniques?
What are some emerging trends or technologies in the field of data protection that we should be aware of?
Resources:
Confidential Computing and Secure Enclaves with AWS's Arvind Raghu
Secure Multi-Party Computation Explained with Skyflow's Liz Acosta
Homomorphic Encryption with Skyflow’s Avradip Mandal

Copyright 2022 All rights reserved.

Podcast Powered By Podbean

Version: 20240731