Training: 8–9 November 2016
Tutorials & Conference: 9–11 November 2016
Amsterdam, NL

Architectural design for legal analytics

Steven Touw (Immuta)
15:50–16:30 Thursday, 10 November, 2016
Security in context (security datasci)
Location: G104/105 Level: Beginner
Average rating: ***..
(3.50, 2 ratings)

Prerequisite knowledge

  • A general understanding of authentication and authorization
  • Basic familiarity with database technologies

What you'll learn

  • Understand how to build a data architecture that enforces data governance from the ground up and avoid common pitfalls


In this new world order, data collection must come with a corporate responsibility to protect data. Sometimes this is a legal requirement, as in the EU’s data protection regulation (aka GDPR), Russia’s federal law on personal data, and Germany’s Bundesdatenschutzgesetz (BDSG), but many times, it’s only a social responsibility, a quite complicated and gray area—it’s all about what you feel is “right.”

GDPR is not just a slap on the wrist. If you have a breach or misuse data, you may be fined up to €20,000,000 or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater. A well-built governance strategy begins with a consideration of data privacy and creates a workflow for the creation of advanced analytics with data privacy at the core of the design. Adding data privacy controls after designing models and analytics is very difficult and sometimes impossible—and at the very least incredibly risky. Enterprises must begin to separate security (encryption, defensive cyber controls, etc.) and privacy (a data management problem with a business process wrapped around it, which culminates into a data governance strategy for an organization), create new roles such as a data protection officer, data controllers, and data processors, and implement audit/compliance reporting that includes data lineage/provenance attached to data.

Steven Touw tackles the anti-patterns and best practices for a data architecture that helps answer these questions through technology, examining how to design your data and analytics architecture to keep your data science teams delivering results legally.

Topics include:

  • How to design models on top of regulated data without risking violating regulation, the privacy of the consumer, or having to spend a lot of time writing custom controls into your code
  • How to deploy models that run on top of data in which the policies on the data are constantly changing
  • How to audit data usage granularly to include justifications around access
  • An overview of the architectural strategy needed
  • Policies built into the disparate and changing data sources that can be changed dynamically
  • A common access layer to enforce policies, control data access, and audit all actions
  • Using technology to enable scaling of “data knowledge”
Photo of Steven Touw

Steven Touw


Steve Touw is the cofounder and CTO of Immuta. Steve has a long history of designing large-scale geotemporal analytics across the US intelligence community, including some of the very first Hadoop analytics, as well as frameworks to manage complex multitenant data policy controls. He and his cofounders at Immuta drew on this real-world experience to build a software product to make data security and privacy controls easier. Previously, Steve was the CTO of 42six (acquired by Computer Sciences Corporation), where he led a large big data services engineering team. Steve holds a BS in geography from the University of Maryland.