Privacy by Design: Data Sharing

- [Instructor] A long time ago, I was an engineer at a tech company. Now if tech jobs were like food, my job was like cold and stale tofu with an extra side of kale. There was no fancy UI, no feature I could point to and say I built that. All I did was process large files sent by enterprise customers with names of users who were to get gift cards. Those users were typically employees of large companies who had completed their annual physical or achieved some other health related milestone, and their employer would give them a prepaid gift card. My job was to strip out useless data from that file, and write code to process the rewards. The conventional wisdom at the company was that no one doing this job would ever get promoted. This was professional Siberia. One such evening, the week before Thanksgiving, I was trying to get out a large batch of back end files processed. It was 7 p.m. and cold and snowing. I was wondering why I was still at work and whether a career that began with a high GPA and acclaim master's thesis was destined for such anonymity and lonely back end work. And then everything changed. I was the only person in the office and something caught my eye. This particular file was different. Normally these files had IDs of folks who are supposed to get rewards, and an email address. This file had a brand new column with no title. But the entries in the column had a specific pattern. Number, number, number, dash, number, number, dash, number, number, number, number. Yes, three numbers, a hyphen, two numbers, then another hyphen. And then four more numbers, a file with social security numbers attached to an email without any encryption or password protection. Suddenly, my job was no longer like tofu. It was spicier than any curry I've ever had. And I was already getting heartburn. As a junior engineer, I was not allowed to change the file. So my first instinct was to wait until the next day Then I realized this was a critical customer and I didn't want to be the person delaying the processing of the rewards cards before the holidays no less. At the same time. If I had processed the rewards with the file as is, I'd be risking exposure. Since many others, including contractors had access to that server. I decided to make an executive decision. I wrote a small macro that stripped out all the social security numbers, processed the rewards and left a note for my boss explaining why I had changed the file. The next morning, my boss invited me to his office and introduced me to his boss, the VP. It turned out that I had saved the company from a major headache, and I was being promoted for showing initiative and making an impact. This is how I got my first privacy job. My job had gone from being tofu to spicy curry to delicious cake. I ended up having my cake and eating it too. I often tell the story when I mentor folks, careers are about showing you care and then taking meaningful action. But there is another lesson here. This one about privacy. Data sharing can often create privacy risks. I handled all that data ethically, the partner you share data with may make different decisions. However, you will be held accountable for those. And that is why you need a privacy architecture for data sharing.