Building a Customized, Compliance-Focused Privacy ProgramUber One's Bhajaria Addresses Challenges, Offers Potential Workarounds
Cybersecurity and privacy are often thought to be two sides of the same coin. Like building a cybersecurity program, building a privacy program from scratch involves many moving parts that require customizations based on factors such as the geography the company is in, its size, the industry it belongs to and its future plans.
The challenges in building a privacy program to comply with laws and regulations across multiple jurisdictions and verticals are numerous, especially since much has changed in the past decade, said Nishant Bhajaria, director of privacy engineering, architecture and analytics at Uber One.
"In the last 10 years, we've had growth in terms of digital IDs, mobile computing, cloud storage, AI, analytics, etc. And now we have to figure out a way to get that level of growth while being disciplined with data. You have to force people to work together in a way that was not previously necessary," he said. Privacy security compliance, he added, "requires a level of cross-functional partnerships that historically have not happened. So that cultural change is a big challenge."
In this video interview with Information Security Media Group at RSA Conference 2023, Bhajaria also discusses:
- Building a culture of privacy in an organization;
- How compliance with privacy regulations can help an organization achieve scale;
- The prospects of a potential global privacy standard.
Bhajaria has built teams and programs to help achieve Uber One's cybersecurity and privacy goals. He serves as a vital link between legal, engineering and C-level leadership to ensure the company's products help protect user data and secure customer trust.