[ETR #25] GDPR, DSAR, PII & U


Extract. Transform. Read.

A newsletter from Pipeline.

Hi past, present or future data professional!

When I worked at Disney there was one line (aside from “Have a Magical Day”) that was borderline beaten into us: “We are all custodial employees.” The line meant, of course, to keep areas under your purview neat and presentable (“show ready” in Disney-speak).

Using the same logic, I’d like to emphasize that while the various data roles (data analyst, data scientist, data engineer, etc.) have their distinct responsibilities, we are all one thing:

Guardians of data security.

Ok, maybe that’s a bit dramatic. But to be even more dramatic, you should have 1.2 billion reasons to care about data privacy. That’s the amount Meta (the artist formerly known as Facebook) paid after violating perhaps the world’s most comprehensive data privacy framework, the EU’s General Data Protection Regulation (GDPR).

And if you think that’s an isolated incident, there are literally listicles being written about fines issued under just the GDPR; sure “20 biggest GDPR fines” doesn’t have the same ring as “30 Under 30”, but it is a stark compilation that should be taken seriously; it can happen to you (or your org).

As someone who has been the instigator of data privacy claims, I was shocked to find one (against a realtor illegally using my data for in-person solicitation) was taken deadly seriously while another (against a hospital that sent my wife’s health data to the wrong address) was met with a shrug.

Be the former. Doing that begins with understanding both your individual responsibility as someone who works with sensitive data AND understanding or spearheading any effort within your org to standardize sensitive data storage or encryption.

At an individual level

  • (Tactfully) Question requests that might unnecessarily require sensitive user data; do you really need a credit card and social security number?
  • Leverage cloud-based tools to encrypt data in-transit and at-rest; I’m partial to GCP’s Sensitive Data Protection suite
  • Work with your security team to restrict access to your data warehouse and any larger repositories that might contain sensitive data

At an organizational level

  • Hire or distinguish who is “in charge” of privacy; for the best results this probably shouldn’t be someone already busy like a director of data science
  • Define and adhere to a clear and consistent deletion policy (after x months we delete records)
  • Publicize your data privacy protection efforts and let your users know how to request a deletion

Aside from running an ethical operation and remaining transparent for users, why put this much effort into data protection?

To paraphrase Marshawn Lynch: I’m just doing this so I don’t get fined.

You won’t get fined if you don’t read these, but here are this week’s links.

Thanks for ingesting,

-Zach Quinn

Extract. Transform. Read.

Reaching 20k+ readers on Medium and over 3k learners by email, I draw on my 4 years of experience as a Senior Data Engineer to demystify data science, cloud and programming concepts while sharing job hunt strategies so you can land and excel in data-driven roles. Subscribe for 500 words of actionable advice every Thursday.

Read more from Extract. Transform. Read.

Hi fellow data professional! SQL Lite, the database you most likely learned SQL on, is built atop 100k lines of source code. Sound like a lot? Compare that to Chromium, the engine for Google Chrome, which boasts 30+ million lines of code under the hood. Shortly after acquiring Twitter/X, the world's first trillionaire, Elon Musk, famously asked engineers to tell him how many lines of code they wrote per day, igniting a debate among engineers throughout the software and data domains. When I...

Hi fellow data professional! If you read my note on Tuesday you’ll know I’m coming off of the data engineering week from hell that seeped into my personal life, and delayed the launch of something cool I was planning to share with you; if you want to know more about that, scroll to the end of this message. Last week a flagship data source had a major problem and since it’s within my ownership area, I was the one with the knowledge and responsibility to fix it. I wanted to share the experience...

Hi fellow data professional! Hardly a work day goes by without receiving a request from a data analyst. They range from the mundane “Can you add this column?” to the occasional emergency “The data didn’t load all weekend and the leadership call starts in 15 minutes!” At the end of a jam-packed week I received an unusual request: Help with a Python script. My teammate wanted to know: Best practices How to commit to GitHub What the best way to deploy is They admitted the task was simple,...