Ryan Tenorio, Brex
Technical privacy review ensures privacy needs are met throughout the product life cycle. From engineers looking for feedback to legal counsel completing DPIAs, the long list of stakeholders makes implementing a review program that is valuable to all audiences a challenge. By first understanding the needs of all stakeholders, the privacy engineer can determine what process is necessary to properly frame discussions around privacy harms and controls. By seeing how privacy review processes inform the actions of the people they serve, tools can be implemented to reduce friction, automate common needs, and scale a privacy program alongside its organization.
This lessons-learned talk will cover examples of how to take this people-first approach to technical privacy review through the use of working groups, review processes that work alongside engineers and other stakeholders, and tools that enable privacy review outcomes throughout the product life cycle.
Ryan Tenorio, Brex
Ryan Tenorio started his software engineering career working on anti-cheat solutions in the gaming industry. After receiving a master's degree in information and cybersecurity from UC Berkeley, he pivoted into a career in privacy as a privacy engineer at Meta focused on privacy incident response. He now works at Brex, covering all technical aspects of their privacy program.
author = {Ryan Tenorio},
title = {A {People-First} Approach to Introducing Process and Tools for Technical Privacy Review},
year = {2023},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = sep
}
