Privacy-Centric Discovery for Big Data: Do You Know Who’s Swimming in Your Data Lake?

More than 2.5 quintillion bytes of data are created every day, and most of it never gets deleted. It flows from multiple business units and into numerous systems in the form of structured and unstructured data, and into business applications. Organizations are building data lakes and data warehouses for business intelligence and analytics purposes that … Continued

BigID + OneTrust: Bridging The Privacy Office With IT

GDPR elevated the problem of privacy with consumers and the corporations that serve them. Often forgotten in the recitation of the acronym is that the D and P in GDPR stand for Data Protection. The purpose and point of the regulations along with many similar laws recently enacted is not just to define better privacy … Continued

2019: Global Privacy Gets Personal

2018 was a watershed year for privacy. The passage of the EU GDPR ushered in a new era in which data privacy became a first-order data security and governance problem warranting corporate attention and investment. This is not to say that the profession of privacy began last year. Quite the opposite.  Regulations covering privacy protection … Continued

Consent Governance: Moving From Process to Purpose via Data Intelligence

As the dust clears since the EU GDPR came into effect, and most companies come to terms with managing their consent collection processes, many are increasingly finding themselves struggling with how to transition those consent agreements into a practical control for application processing and data holders. Much of the focus around consent has been on … Continued

Rethinking Data Classification For The New Era of Privacy

It’s rare to spot a flip phone these days when smartphones are practically ubiquitous.  Yet, in the realm of data security, where precision and context are critical, too many are still using flip phone technology to discover, understand and classify personal data. In the flip phone era, classification was intended as a means to an … Continued

NY Department of Financial Services New Cyber Imperative: Protect Your Customer Data

The New York Department of Financial Services (DFS) Cybersecurity Regulation sets new standards for financial services firms doing business in the State of New York to identify and mitigate risk to their business and consumer data. But for all the organizational and technical requirements — like a board-approved cybersecurity program — the real impact of … Continued

5 Reasons Why Personal Data Protection Needs Identity

Data protection tools function with virtually no context of whose data they presumably protect. Discovery and protection of sensitive, confidential and regulated data has been at the top of almost every CISO’s to do list for the past 10 years. In response, the IT security industry has developed a range of solutions to help discover … Continued

Privacy Impact Assessments: Ensuring They’re More Than Just Words

A Privacy Impact Assessment, or PIA, is an analysis of how personally identifiable information is collected, used, shared, and maintained by an organization. PIAs are meant to help companies ensure their personal data collection and usage meet privacy regulatory requirements, validate use of mandated data protection technology, measure risk and verify consent capture. Some companies … Continued

The Case for Data-Driven Data Mapping

The best way to know your customer is to know their data. Every year organizations collect exponentially more personal information on their customers and clients but often lack even basic accounting for the information ingested, processed or disposed. For most organizations personal data underpins their relationship with their customers. Preserving the trust of those customers … Continued

Can Privacy (Shield) Evolve From Trust To Verify?

The adoption of Privacy Shield by US and EU regulatory authorities, the successor to Safe Harbor that has governed the transfer of personal data between the US, Canada and the EU for over a decade, has come as an anti-climax, leaving plenty of uncertainty in its wake. The biggest sticking point for EU privacy advocates … Continued

Death, Taxes and Breaches; Managing for the Inevitable.

The growing incidence of breaches to extract user customer account credentials and more expansive breach notification requirements put enterprises between a rock and a hard place. They are subject to the cruel logic that a breach of one provider can result in the compromise of customer accounts at another because of user password reuse — … Continued