DoorDash Drive的隐私工程
Alex DoughertyDoorDash proactively embeds privacy into our products. As an example of how we do so, we delve here into an engineering effort to maintain user privacy. We will show how geomasking address data allows DoorDash to protect user privacy while maintaining local analytic capabilities.
DoorDash积极将隐私融入我们的产品中。作为我们如何做到这一点的示例,我们在这里介绍了一项保护用户隐私的工程努力。我们将展示地理掩码处理地址数据如何使DoorDash在保持本地分析能力的同时保护用户隐私。
To facilitate deliveries, users must give us some personal information, including such things as names, addresses, and phone numbers, in a Drive API request. This information is needed for Dashers to know where and to whom to deliver an order. Because this information can be used to re-identify an individual, it could be used by a bad actor to cause harm, including identity theft and doxxing.
为了方便送货,用户必须在Drive API请求中提供一些个人信息,包括姓名、地址和电话号码。这些信息是为了让送餐员知道在哪里和给谁送货。由于这些信息可以用来重新识别个人,恶意行为者可以利用它造成伤害,包括身份盗窃和doxxing。
That’s why we want to ensure that this personal data is redacted (erased or obscured) from our platform within a reasonable period of time after a delivery is completed. That way, even if a bad actor gains unauthorized access to our database, personal data will no longer be there, preventing it from being misused.
这就是为什么我们希望确保在交付完成后的合理时间内,从我们的平台中删除(擦除或模糊)这些个人数据。这样,即使恶意行为者未经授权访问我们的数据库,个人数据也将不再存在,从而防止被滥用。
On DoorDash Drive, merchants can configure redaction policies about when personal data related to their orders will be redacted.
在DoorDash Drive上,商家可以配置有关何时对其订单相关的个人数据进行遮蔽的遮蔽策略。
If a merchant does not configure such a policy, we will set a default time for redacting the data anyway. It will not be allowed to persist indefinitely.
如果商家没有配置这样的策略,我们将为数据设置一个默认的保留时间。它将不被允许无限期地保留。
As is common practice in the industry, each user is associated with a unique user identifier. Personal data can propagate through many layers of a distributed system, so we associate instances of this data with an identifier.
按照行业的常规做法,每个用户都与一个唯一的用户标识符相关联。个人数据可以通过分布式系统的许多层传播,因此我们将这些数据的实例与标识符关联起来。
As seen in Figure 1, an asynchronous redaction eligibi...