This week’s guest is Rebecca Balebako,  Founder and Principal Consultant at Balebako Privacy Engineer, where she enables data-driven organizations to build the privacy features that their customers love. In our conversation, we discuss all things privacy red teaming, including: how to disambiguate adversarial privacy tests from other software development tests; the importance of privacy-by-infrastructure; why privacy maturity influences the benefits received from investing in privacy red teaming; and why any database that identifies vulnerable populations should consider adversarial privacy as a form of protection.

We also discuss the 23andMe security incident that took place in October 2023 and affected over 1 mil Ashkenazi Jews (a genealogical ethnic group). Rebecca brings to light how Privacy Red Teaming and privacy threat modeling may have prevented this incident.  As we wrap up the episode, Rebecca gives her advice to Engineering Managers looking to set up a Privacy Red Team and shares key resources.

Topics Covered:

• How Rebecca switched from software development to a focus on privacy & adversarial privacy testing
• What motivated Debra to shift left from her legal training to privacy engineering
• What 'adversarial privacy tests' are; why they're important; and how they differ from other software development tests
• Defining 'Privacy Red Teams' (a type of adversarial privacy test) & what differentiates them from 'Security Red Teams'
• Why Privacy Red Teams are best for orgs with mature privacy programs
• The 3 steps for conducting a Privacy Red Team attack
• How a Red Team differs from other privacy tests like conducting a vulnerability analysis or managing a bug bounty program
• How 23andme's recent data leak, affecting 1 mil Ashkanazi Jews, may have been avoided via Privacy Red Team testing
• How BigTech companies are staffing up their Privacy Red Teams
• Frugal ways for small and mid-sized organizations to approach adversarial privacy testing
• The future of Privacy Red Teaming and whether we should upskill security engineers or train privacy engineers on adversarial testing
• Advice for Engineer Managers who seek to set up a Privacy Red Team for the first time
• Rebecca's Red Teaming resources for the audience

Resources Mentioned:

• Listen to: "S1E7: Privacy Engineers: The Next Generation" with Lorrie Cranor (CMU)
• Review Rebecca's Red Teaming Resources 

Guest Info:

• Connect with Rebecca on LinkedIn
• Visit Balebako Privacy Engineer's website

Privado.ai
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.

Shifting Privacy Left Media
Where privacy engineers gather, share, & learn

Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Copyright © 2022 - 2024 Principled LLC. All rights reserved.