 Hey, welcome back everybody. Jeff Frick here with theCUBE. We're at Data Privacy Day 2018 here at LinkedIn's brand new downtown San Francisco. The headquarters not in Sunnyvale. And we're excited to be here for the second time. And we've got Eve Mailer back. She's a VP, Innovation and Emerging Deck. At Ford Rock, we caught up last year, so great to see you. Likewise. So what's different in 2018 than 2017? Well, GDPR, the General Data Protection Regulation. Small thing. Well, also, we didn't talk about it much here today, but the Payment Services Directive version two is on the lips of everybody in the EU, who's in financial services, along with open banking. And all these regulations are actually as much about digital transformation. I've been starting to say hashtag digital transformation as they are about regulating data protection and privacy, so that's big. So why aren't those other two being talked about here, do you think? You know, to a certain extent they are for the global banks and the multinational banks. And they have as much impact on things like user consent as GDPR does. So that's a big thing. Same penalties? They do have some penalties, but they are as much about, okay, I'm starting to say hashtag in front of all these cliches, but they are as much about trying to do the digital single market as GDPR is. So what they're trying to do is have a level playing field for all those players. So the way that GDPR is trying to make sure that all of the countries have the same kind of regulations to apply so that they can get to the business of doing business. Right, right. And so it's the same thing, trying to have this kind of unified platform. Yep, absolutely. And so that affects country companies here if they play in that market as well. So there's a lot of talk on the security side. We go to a lot of security conferences about baking security in everywhere. It can't be a walled garden anymore. There is no such thing as keeping the bad guys out. That's more all the places you need to bake in security. And so you're talking about, that really needs to be on the privacy side as well. It needs to go hand in hand, not be counter to innovation. Yes, it is not a zero sum game. It should be a positive sum game. In fact, GDPR would call it data protection by design and by default. And so you have to bake it in. And I think the best way to bake it in is to see this as an opportunity to do better business with your customers, your consumers, your patients, your citizens, your students. And the way to do that is to actually go for a trust mark instead of, I shouldn't say a trust mark, but go for building trusted digital relationships with all those people. Instead of just saying, well, I'm gonna go for compliance and then say, well, I'm sorry if you didn't feel that that action on my part was correct. Well, hopefully it's more successful than we've seen on the security side, right? Because data breaches are happening constantly. No one is immune. And I don't know, we're almost kind of getting immune to it. I mean, Yahoo's, it was their entire database of however many billions of people. And some will say it's not even, when you get caught, it's more about how you react. When you do get caught, both from a PR perspective as well as mending fixes like the old Tylenol issue back in the day. So on the privacy side, you expect that to be the same. Are these regulations in such a way where it's relatively easy to implement so we won't have kind of this breach, this never ending breach problem on the security side? Or is it gonna be kind of the same? I think I just made a face when you said easy, that word easy. Not easy, but actually doable. Cause sometimes it feels like some of the security stuff. Again, on the breach specifically, yes, seems like it should be doable. But man, oh man, we just hear over and over in the headlines that people are getting compromised. Well, yeah, people are getting compromised. And I think they do sort of get immune to the stories when it's a security breach. What we try to do at my company at Fordrock, you know, we're identity. So I have this identity lens that I see everything through. And I think especially in the internet of things, which we've talked about in the past, there's a recognition that digital identity is a way that you can start to attack security and privacy problems because if you want to, for example, save off somebody's consent to let information about them flow, you need to have a persistent storage that they did consent. You need to have persistent storage of the information about them. And if they want to withdraw consent, which is a thing like GDPR requires you to be able to do and prove that they're able to do, you need to have a persistent storage of their digital identity. So identity is actually a solution to the problem. And what you want to do is have an identity and access management solution that actually reduces the friction to solving those problems. So it's basically a way to have consent life cycle management, if you will, and have that solution be able to solve your problems of security and privacy. And to come at it from the identity point of view versus coming at it from the data point of view. That's right. And especially when it comes to internet of things, but not even just internet of things, you're starting to need to authenticate and identify everything, services, applications, piles of data and smart devices and people. And keep track of the relationships among them. We just like to say people are things too. So you can always include the people in the IT conversation. Every person, everything. But it is pretty interesting, the identity task, because we see that in more and more security companies coming at the problem from an identity problem because now you can test the identity against applications, against data, against uses, change what's available and not available to them versus trying to build that big wall. Yes, yes. I mean, well, there's no perimeters really anymore. Unless you go to China and walk the old great wall. Yeah, you're taking your burner devices with you, aren't you? Yes. Good. Good to hear. Yeah, but it's a very different way to attack the problem from an identity point of view. Yeah, and one of the interesting things actually about PSD2 and this open banking mandate, and I was talking about, they want to get digital business to be more attractive, is that they're demanding strong customer authentication, SCA, they call it. And so I think we're gonna see, I think we talked about passwords last time we met. I still have them and I still can't remember them. Well, you know, less reliance on passwords either is the only factor or sometimes a factor and more sophisticated authentication that has less negative impact on your life. And so I'm kind of hopeful that they're getting it. And these things are rolling out faster than GDPR. So I think those are kind of easier. They're aware of the API economy, they get it. They get all the standards that are needed. Because the API, especially when you get the thing and you got multi-steps and everything is depending on the connectivity upstream, you've got some significant issues if you throw a big wrench into there. But it's too, it's interesting to see how the two-factor authentication is slowly working its way into more and more applications and using a phone now without the old RSA key on the key chain. Oh gosh, yeah. What a game changer that is. Yeah, I think we're getting there. Nice to hear something just improving, right? There you go. So as you look forward to 2018, what are some of your priorities? What are we gonna be talking about a year from now, do you think? Looking on this really interesting project, this is in the UK, it has to do with a FinTech. The UK has a mandate that it's calling the pensions dashboard project. And I think that this is, it's got a great analogy in the US, we have 401Ks. Right. And they did a study there where they say the average person has 11 jobs over their lifetime and they leave behind some, what they call pension pots. So for that, that would be like our 401Ks. And this pensions dashboard project is a way for people to find all of their left behind pension pots. And we talked last year about the technology that I've worked on called user managed access, UMA. Which is a way where you can kind of have a standardized version of that Google Docs share button where you're in control of how much you share with somebody else. Well, they're using UMA to actually manage this pension finder service. So you give access first of all to yourself so you can get this aggregated dashboard view of all your pensions. And then you can share one pension pot, you know, one account or more with a financial advisor selectively and get advice on how to spend your newly found money. Right. It's pretty awesome and it's a FinTech use case. How much unclaimed pension pot must this be? In the country, that one in the UK, apparently it's billions upon billions. So imagine in the US, I mean it's probably a trillion dollars, I'm not sure, but it's a lot. We should do something here. I'm wondering how much money I have left behind. Check your pension pot, that's the message from today's interview. All right, Eve, well, thanks for taking a few minutes and again, really interesting space and you guys are right at the forefront. So exciting times. It's a pleasure. All right, cheesy mailer, I'm Jeff Frick. You're watching theCUBE from Data Privacy Day 2018. Thanks for watching, catch you next time.