Partially Redacted: Data, AI, Security, and Privacy

Robin Andruss has spent her career working in and thinking about privacy and compliance. She's previously held privacy roles at Google, Yahoo!, and Twilio, where she served as the Global Director for Privacy and Data Protection. She's currently the Chief Privacy Officer for Skyflow.
In this episode, she discusses her background, how she got interested in privacy, privacy engineering, the responsibilities of a Chief Privacy Officer, and what every company needs to be thinking about when it comes to the ever changing privacy landscape.
Topics:
What are the responsibilities of a chief privacy officer?
How did you end up with an interest in working in the data privacy space? And what’s your work history in this space?
What is privacy engineering?
What is the typical background of someone that ends up working as a privacy engineer?
Where does privacy engineering typically sit in an organization
How does an engineering team typically work with the privacy function within an organization?
People tend to lump security and privacy together, what’s the difference?
If you were advising a startup today, what advice would you give them about how to navigate the ever changing privacy landscape?
What should every company be thinking about when it comes to data privacy?
Does every company need to hire a privacy specialist? If not, at what point does that make sense?
What are the big gaps in data privacy today? What future technology or development are you excited about?
Where should someone looking to learn more about the data privacy space begin?
Resources:
Effective Privacy is Always Proactive
NIST Framework
CMU Privacy Engineering Programming
Data Protocol Privacy Engineering Certificate Program
IAPP Privacy. Security. Risk. 2022
 

Daniel Wong has spent his career thinking about data security and privacy. He holds more than 50 patents on database security, and spent 8 years serving as Oracle's Director of Engineering, Security, pioneering much of the modern database security methods and techniques.
Daniel now serves as Skyflow's Head of Security and Compliance, where he makes sure Skyflow and Skyflow customers are compliant with the privacy rules and regulations around the world and that security best practices are followed and understood.
In this episode, Daniel discusses his background, the evolution of privacy and security from on-prem computing to the cloud, and also discusses the common mistakes companies make when it comes to data security and privacy. He touches on what impact that could have on their business and how can companies prevent these mistakes from happening.Topics:
What were some of the security technologies that you helped pioneer during your time at Oracle?
How has company privacy and security requirements and thinking changed throughout your career?
What do you do as the Head of Security and Compliance at Skyflow?
What are some of the common mistakes you see companies make when it comes to security and privacy?
What are the consequences of these mistakes?
How can companies prevent these mistakes from happening?
Is privacy just about compliance for companies or are they motivated by other factors?
What tools and technologies should companies be investing in?
At what point does it make sense for a company to hire a security and compliance expert?
What are the big gaps in data privacy today? What future technologies or development are you excited about?
Resources:
Skyflow Achieves PCI Level 1 Service Provider Certification
Five Essential Ingredients of a Data Privacy Vault
Demystifying Tokenization: What Every Engineer Should Know

Snowflake went public last year and is one of the fastest growing companies in the data cloud space. Businesses from all over the world are utilizing Snowflake for data storage, processing, and analytics.
Businesses using Snowflake are storing massive amounts of data, including regulated and highly sensitive customer data.
In this episode, Dan Myers, developer advocacy lead from Snowflake, joins the show to discuss how he ended up working in the data space, Snowflake's various configuration and deployment models, and what each means from a security perspective as well as some of the recent privacy features Snowflake announced during their conference this past June.
Topics:
How did you end up in the job you're in today?
Where did your interest in the data space begin?
What is Snowflake and how do people use it?
What are some of the features Snowflake provides to help protect customer data?
What are the different deployment models for Snowflake and how do they impact security?
When might it make sense for a business to use a multi-tenant versus single tenant cloud architecture?
How does Snowflake's data masking and external tokenization features work?
What are some of the tools Snowflake provides to facilitate secure data sharing?
What is tag-based data masking versus dynamic data masking?
Resources:
Snowflake Quickstarts
Snowflake Summit Announcements
Follow Dan on Twitter @jdanielmyers

Data Protocol is a developer education platform designed specifically to serve the learning styles and needs of engineers. The platform includes a live terminal environment and immersive platform to teach, train, and certify professionals.
Companies like Uber and Meta have created courses for the platform and employees serve as instructors. Data Protocol also includes many courses focused on data privacy and security, including the Privacy Engineering Certificate course led by the Head of Privacy Engineering at Uber, Nishant Bhajaria.
Jake Ward, CEO and Founder of Data Protocol joins the show to discuss his motivations for creating the platform, why focus on privacy, and how they were able to take Nishant's real world experience and turn it into a course.
Topics:
What's your background and how did you end up where you are today?
What is Data Protocol and what were your motivations for launching the platform?
Why are developers different? Why train and educate that audience specifically?
How did you get an interest in privacy and why focus training engineers in privacy?
What are some of the privacy-related courses and certifications offered on the platform?
How do these courses get designed and come together?
How are people and businesses using these courses?
What can someone expect from taking one of these courses?
Have you faced an educational challenge with generating interest in people taking privacy-related courses or are you seeing a shift to more interest in privacy?
Privacy and security are buzz words we hear more and more these days, are things really changing - if not / why not?
What’s next for Data Protocol? Anything exciting on the horizon that you can share?
Resources:
Data Protocol
Privacy Engineering Certificate Course
 

Both compliance regulations and consumer needs are creating increasing pressure on companies to do a better job of securing and managing their sensitive customer data. Yet, companies continue to struggle to comply with regulations, meet consumer privacy demands, and prevent data breaches.Anshu Sharma, CEO and founder of Skyflow, joins the show to discuss a radically different approach to privacy, the data privacy vault. With a data privacy vault, a company is making the architectural decision to move their sensitive customer data out of their existing infrastructure and into a vault. The vault is isolated and protected, becoming the single source of truth for all sensitive customer PII, effectively de-scoping existing systems from the responsibilities of compliance, data security, and data privacy.The data privacy vault makes the principles of privacy by design actionable, creating a system for engineers to implement the principles in the form of privacy by architecture.
Topics covered:
How did you end up with an interest in working in the data privacy space
Why should companies care about privacy?
Why is privacy hard for companies?
What is a data privacy vault?
Where did this technology come from?
How does the data privacy vault help with things like data security and compliance?
How is this different from just a dedicated encrypted database for PII?
Why haven't more companies built their own vaults?
Why is an API the right way to deliver this technology?
How does the vault facilitate data utility while still protecting the data?
Resources:
What is a Data Privacy Vault
What if privacy had an API?
Follow Anshu on Twitter @anshublog.

Welcome to the trailer episode for Partially Redacted.
In this episode, Sean Falconer, Head of Developer Relations at Skyflow, introduces the goals and motivations behind creating a podcast about privacy, what you can expect from each show, and a teaser for some upcoming episodes.
If you work in privacy, data, security, compliance, or related fields, make sure you subscribe. You can also join the conversation and community at https://skyflow.com/community.