Hello, I’m a student at National University of Computer and Emerging Sciences, Karachi, Pakistan. This semester we have a course called “Professional Issues in IT” we got an assignment where we are supposed to contact an organization and talk about some issue (e.g. Human resource issues, Organizational structures, cyber-crime, Data security, discrimination etc.).
I’ve chosen the topic of data privacy.
I was wondering if anybody at Netlify would be willing to take my questions. I haven’t made the questions yet, I’m supposed to first submit a proposal to my professor with my topic and organization.
I’ll have the questions ready by the weekend.
hi @BilalZ! Possibly! Can you tell me a bit more about this assignment?
What would the time commitment for this be?
Would the person be able to answer the questions via email?
What would the timeline be to get answers back to you?
Thank you for replying, @perry. It shouldn’t take a lot of time i don’t think possibly 30-40 minutes. Yes, you can definitely answer via email. I know you guys are busy, you can get back to me in 2-4 days. My deadline is on the 27th.
Edit: Just realized its almost holiday season in the west so happy holidays!
@perry These are the questions I could come up with. feel free to skip any and be as brief or detailed as you like.
How do you defend your customer against third party risks?
What sort of training are developers given regarding data privacy?
Is there any legal documentation or registration with a legal body needed to be able to store user data?
What Security mechanisms and techniques are generally used for data privacy?
What are the legal penalties faced by an organization if it fails to provide data privacy?
Is there a relationship between organizations and regulatory bodies/policy makers to craft sensible regulations and standards? How much of a say do organizations have in the drafting of these laws and who represents their interests?
How much time and effort is spent to make sure that the products of the organization are compliant with data privacy laws? For example, how did the European Court of Justice’s recent decision to invalidate the EU-US Privacy Shield framework have an effect on the development of your products?
Do you read the privacy policy whenever installing software on your home computer or making an online account?
Do all departments have access to your various data assets? How is the decision to grant certain departments certain access made?
Is the financial impact of high-risk data leaks calculated?
How do you monitor and detect security incidents? Do you develop your own solution or do you rely on third party solutions?