The startup I work for operates in a highly regulated industry and relies heavily on analytics and ML.<p>Even though we've invested a lot in providing data access in a secure and compliant way, our solution is still far from perfect:<p>- Our anonymisation strategy is leaky but it's by far the best solution we know of<p>- Analysts can download data on their computers (anonymised data but with a non-negligible probability of internal leaks), a side effect of being able to query BigQuery via Google AI Hub Notebooks<p>- There is no strategy for eliminating the risk of data exfiltration: Even if analysts get access to data via a Virtual Desktop solution, the result of their analysis will eventually be rendered as a tableau dashboard -- which again means they could potentially render tables of data. Even if that wasn't the case, employees can still save screenshots of the query results to their computer.<p>There must be companies out there approaching these issues in a far better way but we have yet to talk to somebody in that group. Everyone seems to have the exact same problems and all the solutions we've heard of are equally unsatisfactory - if not worse.<p>What is your satisfactory approach to analytics, compliance and data exfiltration? How do you ensure employees don't see PII or if they see, they can't do anything with them?<p>Do you know of any group (reddit/discord/mailing lists/youtube/anything) that addresses these topics in a serious, non-marketing way?<p>Any input is welcome.