Log In
Join for free

Engineering Privacy 101

Safe data management and governance in Africa, digital transformation, data security, compliance, and analytics at Data Governance Africa.

Transcript

1. Opening & Introductions

  • Host (Bomu):
    • Welcomed attendees, noted slight delay.
    • Q&A Instructions: Use chat or Q&A (anonymous/named options).
    • Moderators: Shanice (lead) + Howard (tech support).
  • Speaker Intro (Ben Gunji):
    • Data Protection Technology Lead at KCB Bank Group.
    • Expertise: Privacy-by-design, AI governance, cybersecurity.
    • Focus: Bridging legal requirements with technical implementation.

2. Key Concepts

A. Privacy Engineering Defined:

  • Translates legal terms (e.g., “reasonable measures”) into actionable technical controls.
  • Example: Consent collection in apps—ensuring granularity, transparency, and backend proof.

B. Critical Tools:

  • DPIAs (Data Protection Impact Assessments):
    • Required for high-risk processing (e.g., AI, large datasets).
    • Collaborative process: Involves product owners, architects, legal teams.
  • Threat Modeling:
    • Identifies risks in data flows (e.g., linkability, identifiability).

C. Privacy-by-Design:

  • Minimize data collection; encrypt in transit/at rest.
  • Retention Policies: Align with regulations (e.g., purge incomplete onboarding data after 90 days).

3. Challenges & Solutions

ChallengeSolution
Legal vs. engineering disconnectJoint workshops; plain-language training
DPIAs seen as bureaucraticIntegrate into agile sprints
Off-the-shelf software risksVendor assessments + contract clauses

Emerging Tech (AI/IoT):

  • Ensure explainability, bias testing, and data residency compliance.

4. Q&A Highlights

Q1: Tools for DPIAs?

  • A: ODPC templates, Power Apps for automation, shared collaborative platforms.

Q2: When does privacy engineering apply in SDLC?

  • Custom Software: Requirement-gathering phase.
  • Off-the-Shelf: Vendor selection (ensure privacy-by-design).

Q3: Why should vehicle diagnostic software care about privacy?

  • A: Connected cars collect location/data—requires:
    • Granular user controls (e.g., opt-out of tracking).
    • Clear retention policies (e.g., delete data after 30 days).
    • Encryption for cloud-stored data.

5. Upcoming Events

  • Aug 5: Cross-border data transfers (ODPC).
  • Aug 12: Data governance careers (Student Clubs).
  • Aug 19: Data sharing agreements (ODPC).

6. Closing Notes

  • Certifications: IAPP’s Privacy Engineering courses, Open University resources.
  • Key Takeaway: Privacy engineering is collaborative—align legal, technical, and business teams early.

Host: “Thank you, Ben! Members, stay tuned for future sessions.”

Tags:
I O

I O

Ian Olwana supports African organisations in turning data protection laws into practical, sustainable governance practices.

http://datagovernance.africa

Leave a Reply

Your email address will not be published. Required fields are marked *