- Q1. How do you approach user privacy when designing and developing websites and applications?
- Q2. How do you handle user data access requests, and what measures do you have in place to verify the requester's identity?
- Q3. Can you discuss your experience complying with privacy regulations such as GDPR or CCPA?
- Q4. How do you ensure that third-party services integrated into your applications adhere to privacy standards?
- Q5. In your experience, what’s the process for ensuring the safe disposal of sensitive user data when it is no longer needed?
Data is the backbone of evolving digital transformation. With nearly 2 billion websites globally, data is drastically collected, processed, stored, and shared with multiple stakeholders, necessitating strong privacy safeguards that ensure compliance with data privacy laws and the utmost protection of user data.
In this interview, Jeff Fritz shares how to approach user privacy during the design phase, his experience with GDPR & CCPA, and the safe disposal of data.
Jeff Fritz is a principal program manager in Microsoft’s Developer Division on the .NET Community Team, where he leads the development of live video and online content. Jeff is the executive producer of the .NET Conf series of online events. He is also a Twitch and YouTube partner and the founder of the Live Coders stream team and the KlipTok web application. You can catch Jeff writing .NET Code with GitHub, Visual Studio, and Azure on his video stream called 'Fritz and Friends' at twitch.tv/csharpfritz
Q1. How do you approach user privacy when designing and developing websites and applications?
I avoid storing any personally identifiable information when I write applications and websites. I also avoid storing information about the usage of my applications, I keep it separate in my data store with a clear and simple way for users to wipe that data.
Q2. How do you handle user data access requests, and what measures do you have in place to verify the requester's identity?
I’ve never received a request for access to user-data, and if I had, I wouldn’t have any user data to share that is not already publicly accessible.
Q3. Can you discuss your experience complying with privacy regulations such as GDPR or CCPA?
I find these two regulations to be a pain to deal with. I follow simple guidelines to avoid storing personal data or personally identifiable data that isn’t central to the use of my application. For data points such as usage patterns of the application, I have clearly declared them in my privacy policies and I’ve made it easy to delete all records.
Please do not close this window while we process your request
Q4. How do you ensure that third-party services integrated into your applications adhere to privacy standards?
I use several services that are publicly used, and one that is for private use only. I have configured the data transmitted from my application to these services to minimise the amount of user-data shared.
Q5. In your experience, what’s the process for ensuring the safe disposal of sensitive user data when it is no longer needed?
I have data clean-up processes that automatically run daily to remove data that is no longer needed by the application. Data is either marked as expired or deleted and automatically removed from the system within 24 hours.
In conclusion, Jeff Fritz's extensive experience and knowledge in the field, along with his insights on the industry, and the approach to handling data, have been truly enlightening. Their approach and contributions have had a significant impact on the industry and the organizations they have been a part of. It was a pleasure to understand data handling practices from industry experts.
DISCLAIMER: This interview represents the opinions of Jeff Fritz. The content here is for information purposes only. Securiti is hosting this blog post but did not edit the content of this review.