Build Systems that Drive Business
June 11–12, 2018: Training
June 12–14, 2018: Tutorials & Conference
San Jose, CA

Deleting data for fun and profit^H^H^H^H^H^H loss avoidance

Scott Wimer (Smartsheet)
11:25am–12:05pm Wednesday, June 13, 2018
Building Secure Systems
 Location: LL21 E/F Level: Intermediate
Secondary topics: Systems Architecture & Infrastructure

Prerequisite knowledge

  • A basic understanding of data modeling and system design

What you'll learn

  • Learn how to support the GDPR’s Right to be Forgotten through targeted, secure data destruction

Description

As of May 25, the European Union’s General Data Protection Regulation (GDPR) is in effect, with crippling fines ranging up to the greater of €20 million of 4% of annual revenue. What was previously a competitive advantage has become a critical challenge. If you process or store personal data of EU citizens, you had better be prepared to delete it and make sure it is deleted. This requirement is especially challenging when applied to architectures that store data in a log of immutable events.

Scott Wimer explains how to support the GDPR’s Right to be Forgotten through targeted, secure data destruction, with a special focus on retrofitting an existing system to support the GDPR’s Right to be Forgotten requirements.

Topics include:

  • What data needs to be destroyable?
  • Secure deletion through encryption key deletion
  • Rebuilding downstream data representations
  • Reducing latency
  • Avoiding single points of failure
  • Restoration from backups and other gotchas
Photo of Scott Wimer

Scott Wimer

Smartsheet

Scott Wimer is a principal systems engineer at Smartsheet. Scott has been nerding for money since 1995. In that time, he’s done technical support, built PCs, built networks, written code for money in 13 different languages, spent more than a decade working on operating system kernels and device drivers, built and lead technical teams, obtained a few patents, published some papers, given away open source code, developed and taught classes in Perl, Python, IPv6 networking, and Linux virtualization with KVM, designed distributed systems, spoken at a few conferences, mentored peers and proteges, written business plans, done sales cold calls, raised angel capital, and basically trod the road of a technology generalist addicted to learning.