Posts
-
Deletion is not always deletion: retention exceptions and competing obligations
One of the more surprising aspects of privacy engineering is how many different deletion and retention requirements can apply to the same customer data. A single deletion request may result in immediate deletion in some systems, multi-year retention in others, and event-driven retention in cases such as legal holds. -
Gaps in data deletion verification and auditability
Most deletion programs can prove a request was processed. Far fewer can prove that personal data was actually removed everywhere it existed and remained absent over time. -
Why deletion means different things in different systems
A deletion request may succeed in every system yet produce different outcomes across databases, data warehouses, search indexes, and event streams. Effective deletion begins with defining what "delete" means in each system. -
Why data deletion is still an unsolved infrastructure problem
Customer data may span hundreds of services, datasets, and integrations. Deleting it consistently requires coordinating execution, validation, and auditability across distributed systems, not just propagating a privacy request. -
Polymorphic JSON deserialization with Java sealed interfaces and Jackson
When building a JSON-based API that accepts multiple request types, you need a strategy for mapping incoming payloads to the appropriate data model. Java sealed interfaces combined with Jackson's polymorphic type annotations provide a clean way to support multiple strongly typed backend data models.
-
Enabling ad hoc runs of queue-based ECS services
A common ECS use case is to continually poll a queue for new events to process, with auto-scaling based on CPU or memory utilization, or the size of the queue backlog. These services can be tricky to build reliable integration tests for, as queue backlogs may result in long delays before a new message is processed.
A simple way to enable efficient integration tests for these services is to support an optional environment variable that signals the service to immediately process the message without long-polling the queue, as if it were the content of a single SQS message body.
-
Strategies for querying periodic S3 data snapshots
A common AWS analytics pattern involves running aggregate queries across multiple S3 datasets. This post explores approaches for syncing and querying S3 snapshot data, with a focus on maintaining consistent access to complete datasets during ongoing data updates. -
Granting AWS Organization member accounts access to Cost Explorer
By default, adding accounts to an AWS Organization results in consolidated billing and cost management in the Organization management account, and Organization member accounts lose access to Cost Explorer, Billing, and other cost management services.
This post walks through how to allow member accounts to access cost management services, to enable each team to review and manage their AWS spending.
subscribe via RSS