The privacy and security risks associated with using sensitive data can mean that long approval processes counter the ease of engineering and time-saving benefits that Kafka provides. In this talk I will cover privacy attacks that Kafka data streams are particularly vulnerable to, and general techniques that can help thwart these attacks. I will go on to propose an architectural pattern where innovation around streaming sensitive data is performed in dedicated safe-zones that protect the privacy of customer data and data subjects. Finally, I will discuss how a collaboration between Privitar and Confluent has introduced cutting-edge Privacy Engineering techniques to the world of Kafka streaming data through our Privitar Publisher Kafka Connector. This Connector creates safe-zones for data, called Protected Data Domains, which enable separate teams to work on data streams made safe by applying easily-customizable privacy policies that are managed for each Kafka Topic. These managed data releases are watermarked for traceability and retain referential integrity but cannot be linked to each other (a significant privacy and security risk).