>> Hey, welcome back everybody. Jeff Frigg here with theCUBE. We're at Data Privacy Day 2018 here at Linked-In's brand new, downtown San Francisco headquarters not in Sunny Vale. And we're excited to be here for the second time. And we've got Eve Maylar back she's a VP in innovation and emerging tech at Forge Rock, we caught up last year, so great to see you. >> Likewise. >> So what's different in 2018 than 2017? >> Well GDPR, the general data protection regulation Well, also we didn't talk about it much here today, but the payment services directive version two is on the lips of everybody in the EU who's in financial services, along with open banking, and all these regulations are actually as much about digital transformation, I've been starting to say hashtag digital transformation, as they are about regulating data protection and privacy, so that's big. >> So why aren't those other two being talked about here do you think? >> To a certain extent they are for the global banks and the multinational banks and they have as much impact on things like user consent as GDPR does, so that's a big thing. >> Jeff: Same penalties? >> They do have some penalties, but they are as much about, okay, I'm starting to say hashtag in front of all these cliches, but you know they are as much about trying to do the digital single market as GDPR is, so what they're trying to do is have a level playing field for all those players. So the way that GDPR is trying to make sure that all of the countries have the same kind of regulations to apply so that they can get to the business of doing business. >> Right, right, and so it's the same thing trying to have this kind of unified platform. >> Yup, absolutely, and so that affects companies here if they play in that market as well. >> So there's a lot of talk on this security site when you go to these security conferences about baking security in everywhere, right? It can't be OL guard anymore, there is no such thing as keeping the bad guys out, it's more all the places you need to bake in security, and so you're talking about that really needs to be on the privacy side as well, it needs to go hand-in-hand, not be counter to innovation. >> Yes, it is not a zero sum game, it should be a positive sum game in fact, GDPR would call it data protection by design and by default. And so, you have to bake it in, and I think the best way to bake it in is to see this as an opportunity to do better business with your customers, your consumers, your patients, your citizens, your students, and the way to do that is to actually go for a trust mark instead of, I shouldn't say a trust mark, but go for building trusted digital relationships with all those people instead of just saying "Well I'm going to go for compliance" and then say " Well I'm sorry if you didn't feel that action "on my part was correct" >> Well hopefully it's more successful than we've seen on the security side right? Because data breaches are happening constantly, no one is immune and I don't know, we're almost kind of getting immune to it. I mean Yahoo's it was their entire database of however many billions of people, and some will say it's not even when you get caught it's more about how you react, when you do get caught both from a PR perspective, as well as mending faith like the old Tylenol issue back in the day, so, on the privacy side do you expect that to be the same? Are these regulations in such a way where it's relatively easy to implement so we won't have kind of this never ending breach problem on the security side, or is it going to be kind of the same. >> I think I just made a face when you said easy, the word easy okay. >> Not easy but actually doable, 'cause sometimes it feels like some of the security stuff again on the breaches specifically, yeah it seems like it should be doable, but man oh man we just hear over and over again on the headlines that people are getting compromised. >> Yeah people are getting compromised and I think they are sort of getting immune to the stories when it's a security breach. We try to do at my company at Forge Rock we're identities so I have this identity lens that I see everything through, and I think especially in the internet of things which we've talked about in the past there's a recognition that digital identity is a way that you can start to attack security and privacy problems, because if you want to, for example, save off somebody's consent to let information about them flow, you need to have a persistent storage that they did consent, you need to have persistent storage of the information about them, and if they want to withdraw consent which is a thing like GDPR requires you to be able to do, and prove that they're able to do, you need to have a persistent storage of their digital identity. So identity is actually a solution to the problem, and what you want to do is have an identity and access management solution that actually reduces the friction to solving those problems so it's basically a way to have consent life cycle management if you will and have that solution be able to solve your problems of security and privacy. >> And to come at it from the identity point of view versus coming at it from the data point of view. >> That's right, and especially when it comes to internet of things, but not even just internet of things, you're starting to need to authenticate and identity everything; services, applications, piles of data, and smart devices, and people, and keep track of the relationships among them. >> We just like to say people are things too so you can always include the people in the IT conversation. But it is pretty interesting the identity task 'cause we see that more and more, security companies coming at the problem from an identity problem because now you can test the identity against applications, against data, against usage, change what's available, not available to them, versus trying to build that big wall. >> Yes, there's no perimeters anymore. >> Unless you go to China and walk the old great wall. >> Yes you're taking your burner devices with you aren't you? (laughs) >> Yes. >> Good, good to hear >> Yeah but it's a very different way to attack the problem from an identity point of view. >> Yeah, and one of the interesting things actually about PSD2 and this open banking mandate, and I was talking about they want to get digital business to be more attractive, is that they're demanding strong customer authentication, SCA they call it, and so I think we're going to see, I think we talked about passwords last time we met, less reliance. >> Jeff: And I still have them and I still can't remember them. >> Well you know, less reliance on passwords either is the only factor or sometimes a factor, and more sophisticated authentication that has less impact, well less negative impact on your life, and so I'm kind of hopeful that they're getting it, and these things are rolling up faster than GDPR, so I think those are kind of easier. They're aware of the API economy, they get it. They get all the standards that are needed. >> 'Cause the API especially when you get the thing to thing and you got multi steps and everything is depending on the connectivity upstream, you've got some significant issues if you throw a big wrench into there. But it's interesting to see how the two factor authentication is slowly working its way into more and more applications, and using a phone now without the old RSA key on the keychain, what a game changer that is. >> Yeah I think we're getting there. Nice to hear something's improving right? >> There you go. So as you look forward to 2018 what are some of your priorities, what are we going to be talking about a year from now do you think? >> Well I'm working on this really interesting project, this is in the UK, it has to do with Affintech, the UK has a mandate that it's calling the Pensions Dashboard Project, and I think that this has got a great analogy in the US, we have 401ks. They did a study there where they say the average person has 11 jobs over their lifetime and they leave behind some, what they call pension pots, so that would be like our 401ks, and this Pensions Dashboard Project is a way for people to find all of their left behind pension pots, and we talked last year about the technology that I've worked on called user managed access, UMA, which is a way where you can kind of have a standardized version of that Google Docs share button where you're in control of how much you share with somebody else, well they're using UMA to actually manage this pension finder service, so you give access first of all, to yourself, so you can get this aggregated dashboard view of all your pensions, and then you can share, one pension pot, you know one account, or more, with financial advisors selectively, and get advice on how to spend your newly found money. It's pretty awesome and it's an Affintech use case. >> How much unclaimed pension pot money, that must just be. >> In the country, in the UK, apparently it's billions upon billions, so imagine in the US, I mean it's probably a trillion dollars. I'm not sure, but it's a lot. We should do something here, I'm wondering how much money I have left behind. >> All right check your pension pot, that's the message from today's interview. All right Eve, well thanks for taking a few minutes, and again really interesting space and you guys are right at the forefront, so exciting times. >> It's a pleasure. >> All right she's Eve Maylar I'm Jeff Frigg you're watching theCUBE from Data Privacy Day 2018, thanks for watching, catch you next time. (upbeat music)