August 12, 2023
InfosecGirls Session - 12th August, 2023
Topic: Privacy engineering — data minimisation, retention policies, and privacy reviews alongside security design for new features.
Summary
- Data minimisation: collect only what you need and default to deletion schedules.
- Retention: legal holds vs product analytics; how to document exceptions.
- Privacy review checklist for new features: purpose, consent, transfers, and DPIA triggers.
- Partnering with security on shared threat models that include abuse and insider risk.