Back To Schedule
Thursday, April 25 • 11:15 - 12:00
Data Access Rights Exploits under New Privacy Laws

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
New privacy laws such as the GDPR and CCPA have been great advances for personal data rights, although the ability to request access to all the personal information a company has on an individual has created new attack vectors for OSINT. These personal data access requests are usually managed by legal or compliance teams with minimal security review, increasing the potential for phishing, social engineering, and “legal DDoS.” This talk will discuss the personal data access options required in different regions, how most companies respond to data access requests, and the most effective exploits for privacy vulnerabilities. We’ll explore the psychology driving corporate responses to requests and ways these emotions can be exploited, as well as the most likely targets for a weak privacy program.

For the blue teamers, phishing detection and defense strategies will be presented. Rather than ignoring or fighting against the regulations, we’ll look at ways to use these laws to discourage, detect, and disrupt data access attacks. We’ll consider strategies for working with legal teams, getting security involved in the review process, and conducting red team reviews on the data access mechanism. Best practices for identifying data subjects, minimizing the data released, and legally denying abusive requests will be covered. Key sections of the laws you need to know for exploits and defense will be highlighted.

avatar for Amber Welch

Amber Welch

Privacy Technical Lead, Schellman & Company, LLC
Until she’s accepted for a Mars mission, Amber’s goal is to advance data protection and personal information privacy as a Privacy Technical Lead for Schellman & Company. Amber been assessing corporate privacy compliance programs for the past year and prior to that, managed security... Read More →

Thursday April 25, 2019 11:15 - 12:00 ADT
Track 2 A1