Privacy Red Teams and Vulnerability Scans

The Story

Your company is a mature, established international company developing edge, wearable, or transportation devices that are AI or voice-enabled. Reputation and trust are vital for adopting your products.  

You want to ensure you can deliver useful, delightful products that don't introduce risks like data breaches.

The Problem:

  • Privacy regulations and definitions keep changing, and you want to be able to proactively face changes instead of being on the back foot.  
  • Partners in the company see privacy as a roadblock, not an enabler.  
  • You aren't sure how to measure and test the effectiveness of your privacy program. 
  • You need to provide assurance to regulators and consumers that your company is taking the right data protection steps.  

The Solution:

We offer a proven method for identifying the strengths and weaknesses of your privacy protections through privacy vulnerability scans and privacy red teams. 

  • Adversarial privacy tests are proactive and documented steps to measure your privacy program.
  • Threat modeling with stakeholders drives alignments about priorities and budgets.
  • Privacy vulnerability scans meet privacy by design and GDPR requirements for testing.
  • Privacy tests focus on some technical aspects that might not be covered by security or privacy compliance programs.

List of Steps

step 1

Threat Assessment

Understand your products and adversaries in your organization's context through a threat assessment.

Run a stakeholder alignment meeting to drive consensus.

step 2


Define the scope and rules of engagement. Determine the risk. Prepare to roll back any work.  Get resources to fix critical problems.  Coordinate with incident management team.

step 3

Run the Test

A diverse team of experts pretends to emulate the selected adversary by using privacy-invasive tactics.  

step 4


Provide a detailed report on what worked and what didn't.  Assess the defenses, and provide recommendations to prevent a real attack.

What we offer

Data protection consulting for Internet-of-Things and AI-enabled products.

  • Expert data protection experience:  We've been working on privacy since 2010. We've helped start-ups, large tech companies, and specialized government agencies define strategies for machine learning, including face recognition and speech recognition.   
  • Values-based engineering and design: Are you a values-driven organization that wants to make the world a better place? So are we!  We are committed to compassionate privacy development for all technology users. 
  • Engineering skills and technical know-how: We specialize in AI and voice-enabled devices based on our background working with speech recognition, voice-enabled devices, and home devices.
  • International and multi-cultural:  We have work experience in 5 countries, including in Europe and the USA. We offer an international perspective.  We are based in Switzerland and we are available during European work hours.

What others say about working with us:

M. Le Tilly - Privacy Investigation at Google

Rebecca is both a highly-skilled privacy engineer and a reliable manager.

A. Wyeth - Tech Lead at Google

 Rebecca's data protection knowledge and ability to think through what was best for the user were essential to the success of our Privacy Red Team exercises. 

 I highly recommend her to anyone looking for a data protection expert.

G. Honvoh Chabi -  Manager at Tech Startup

Rebecca ensures processes are followed and tasks effectively completed within the time frame by her team and any third party involved. 

Schedule a Meet and Greet

Do you want to talk to us about whether this would benefit your data protection program? Let's have a 15-minute meet and greet.  

Call includes:

  • Honest answers to your questions about whether this service is a good fit for your org.
  • Adversary elicitation: To improve your threat models, we can brainstorm privacy adversaries.  

Call does not include:

  • Sales Pitch 
  • No strings attached: "It isn't for us" is an acceptable decision
Or send us an email.

Get your free Privacy Testing E-Book!

Start your journey to adversarial privacy testing with our free E-book.  I've written this book for privacy and security professionals who want to understand privacy red teams and privacy pen testing.

  1. 1
    When is an adversarial privacy test helpful?
  2. 2
    Who are privacy adversaries and what are their motivations?
  3. 3
    When to build a team in-house versus hiring an external team?

Our Vision

 We work together with companies to build data protection solutions that are lasting and valuable, thereby protecting privacy as a human right.  

Privacy by Default


Quality Process