BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//pretalx.com//bsides-tallinn-2025//U8FFMH BEGIN:VTIMEZONE TZID:EET BEGIN:STANDARD DTSTART:20000101T000000 RRULE:FREQ=YEARLY;BYMONTH=1;UNTIL=20001231T220000Z TZNAME:EET TZOFFSETFROM:+0200 TZOFFSETTO:+0200 END:STANDARD BEGIN:STANDARD DTSTART:20021027T050000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 TZNAME:EET TZOFFSETFROM:+0300 TZOFFSETTO:+0200 END:STANDARD BEGIN:DAYLIGHT DTSTART:20020331T040000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3 TZNAME:EEST TZOFFSETFROM:+0200 TZOFFSETTO:+0300 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-bsides-tallinn-2025-8QRDSA@pretalx.com DTSTART;TZID=EET:20250925T133000 DTEND;TZID=EET:20250925T143000 DESCRIPTION:In the age of AI and large-scale data processing\, it’s tempt ing to assume that applying security practices equals good privacy. But as multiple real-world breaches have shown—from Estonia’s Asper Biogene genetic data exposure to pharmacy data leaks at Allium UPI— insufficient security controls and a lack of privacy by design can expose organization s to significant privacy risks. \n\nThis interactive workshop is tailored for security and privacy professionals whose organizations work with sensi tive or large datasets\, especially in the context of AI/ML training or in ternal analytics. We’ll break down the differences and overlaps between infosec and personal data breaches\, demystify what anonymisation and pseu donymisation really mean under the GDPR\, and explore how to make data use ful and safe. Participants will also gain practical insights into breach r esponse basics and how to act when things go wrong. \n\nWe’ll wrap with a practical group exercise where attendees get to “anonymise” a fictio nal database based on publicly available data—and see if their efforts w ithstand real-world re-identification threats.\n\n----\nKEY TOPICS:\n1. Ho w large datasets fuel AI innovation yet at the same time cause regulatory risk. Why effective privacy compliance is not a checklist task but active daily practice. \n2. Key differences between infosec incidents and persona l data breaches (and when they overlap).\n3. Legal definition of anonymisa tion and pseudonymisation\, hands-on practical task to understand both the value as well as the risk of these measures.\n4. Case study examples:\n4. 1. Asper Biogene (genetic data breach) \n4.2. Allium UPI (pharmacy breach) \n4.3. European Data Protection Board’s recent recommendations:\n4.3.1. Guidelines 01/2025 on Pseudonymisation\n4.3.2. Opinion 28/2024 on certain data protection aspects related to the processing of personal data in the context of AI models\n5. What to do when a breach happens: notify\, assess \, contain\, communicate.\n----\nPRACTICAL WORKSHOP EXERCISE:\nParticipant s are expected to have at least one device per team. Participants are give n a dataset for a machine learning exercise. Their task in teams is to:\n1 . Anonymise the dataset using privacy enhancing techniques (masking\, gene ralization\, suppression\, etc.).\n2. Switch files between teams and evalu ate potential for re-identification based on auxiliary data.\n3. Determine whether their approach met the standard of anonymisation or only pseudony misation.\n4. Present each teams’ anonymisation strategy and summarize a residual risk assessment. Discuss what would be the potential consequence s of a leak of such data - would it be merely a security incident or a dat a breach.\n----\nLEARNING OBJECTIVES:\n1. Understand how anonymisation sup ports safe AI use and data reuse.\n2. Recognize when a breach is a securit y issue\, a privacy issue\, or both.\n3. Learn to evaluate anonymisation e ffectiveness using legal and technical criteria.\n4. See how access contro l gaps can escalate into reportable personal data breaches.\n5. Get hands- on anonymisation experience and peer feedback.\n----\nSPEAKERS: \nMargot A rnus - CIPP/US\, Co-founder and Privacy Expert at Damus\, Senior Legal Cou nsel at Veriff\nStella Goldman - CIPM\, Co-founder and Privacy Expert at D amus\, Lead Legal Counsel at Veriff DTSTAMP:20251016T114457Z LOCATION:Workshops SUMMARY:Privacy by Design in the Age of AI: Key to Anonymisation and Lesson s from Real-World Security Incidents - Margot Arnus\, Stella Goldman URL:https://pretalx.com/bsides-tallinn-2025/talk/8QRDSA/ END:VEVENT END:VCALENDAR