Privacy should not be left only to the legal department: every security specialist and software developer should know the basics to be able to design applications with Privacy by Design principles.
Threat modeling is a natural approach to Privacy by Design, since it's already an established practice in secure software development. In addition, the general idea of threat modeling - thinking what can go wrong and what can you do about it - is excellent, because even features added to increase privacy may bring new threats if implemented insecurely.
There are only a few existing privacy threat modeling methodologies, such as LINDDUN, but they don't take into account the lifecycle of personal data. A pure LINDDUN model works on data flow diagrams which easily become complicated and its approach to compliance-type threats is underdeveloped. Instead of focusing only on data flows, taking a higher-level look at functionality and business processes makes identifying threats easier.
This talk introduces a privacy threat modeling method that enables you to systematically detect threats from the five data lifecycle phases: collecting, storing, handling, anonymization and removal. The method combines elements from LINDDUN, TRIM and Persona non Grata approaches and takes into account the data breach victims for better coverage.
This talk explains what kind of threats are related to personal data from the moment of collecting it to the point of deletion. You will learn how to find privacy threats from each lifecycle phase, system features and architecture.
After this talk, you will be able to identify potential harm-doers and understand how people even with good intentions can cause privacy problems. You will get practical advice on running a privacy threat workshop and getting privacy features and controls implemented alongside functionality and security.