Deleting data at organization scale
Ask the Expert ft. Diogo Lucas
Synopsis:
Deleting a million records from a dataset can be hard. Deleting one record from a million datasets is often much harder. Stripe processes 1.3% of the world's GDP. To do that, the company operates a massive data infrastructure with many hundreds of thousands of datasets and hundreds of petabytes of data. So when it comes to observing a person's right to be forgotten, how can we find their information's needle in a company's data-hungry haystack? How can we do that in a world of architectural sprawl and data repurposing? And how do we do all that without breaking legitimate data usage cases?
Problem Statement:
In this session, we will evaluate the fundamental building blocks and practices that allow Stripe to guarantee our customer's (direct and indirect) rights for data deletion. Those include detection and attribution of sensitive data and its affiliation, impact analysis through exploration, and the combined use of deletion propagation and orchestration.
Pre-Discussion Resources:
Diogo Lucas
Diogo Lucas is an engineering lead in Stripe's privacy infrastructure team. He is deeply involved in privacy-related initiatives such as data deletion and sensitive data access controls. He has more than 20 years of industry experience, many of those dedicated to automating privacy and overall governance controls.
Moderator: Tiffany Soomdat
Tiffany Soomdat helps organizations navigate complex data protection landscapes and build scalable, business-aligned privacy programs that do more than check compliance boxes. She is a Trusted Advisor: Empowering Companies to Thrive Amidst Evolving Privacy and Compliance Regulations, Safeguarding Businesses and Customers in the Digital Age. Master of Studies in Law (MSL) in Corporate Compliance. Certified in CIPP/US and OneTrust.