Privacy information tools

Posted by

a083c-4fc13-image-asset

What tools and or practices are you using to maintain the privacy of your organization’s information assets in light of new regulations abroad and in the US?

——————————
Ronald Daniels
Senior Analyst
Walgreens
——————————


Ronald,

How are you defining “privacy”?  Are you meaning:

  1. Confidentiality classifications within an organization that applies to internal users?
  2. Internal permissions levels that determine ability to access and/or actions that can be taken on  given data?
  3. How data is stored and protected for external parties that interact with an organization?
  4. IG rules around how information for internal and/or external parties is used?
  5. Something else?

 

Aria

Aria Business Card-0۸
Aria Business Card-۱۰


a083c-4fc13-image-asset

Ronald,

There are several layers of privacy tools out there that can help.

  • The first is to find out what privacy data you have.  Several types of indexing tools cal do this using regular expressions (number/word/pattern matching.  If they find a number matching a credit card or a set of words identifying your political affiliation, or a photo with a face in it, they will flag it for you to act upon.  In some cases they can flag the source content so that DLP (below) can work. Typically, these are called file analysis tools by Gartner
  • There are also tools (with some overlap to file analysis tools) that do the same thing with structured content (databases)  Think “Data Governance”
  • A more fully functioning tool can also be used to build a data map and see into the content to understand, why privacy content is being created, who is doing it and what risk it represents. These tools can also be used for “data minimization” or getting rid of content through records management practices when the content is no longer needed.
  • A data map can also help you figure out where and how to implement cyber security and help put valuable content into more secure locations
  • Data Loss Prevention (DLP) will filter incoming and out going communications for the existence of PII or PII tags so that it does not leave them organization
  • End-point monitoring keeps an eye on suspicious behaviors on workstations, laptops and print servers that typically indicate and identify external AND insider threats of exfiltration (based on behaviors rather than content)
  • Traditional cybersecurity tools that keep people out
  • Access request production tools to help respond to data subject requests for their own information – this process is similar to an ediscover process and production or FOIA
  • When information is shared or transferred to other entities, often it is important to anonymize or pseudo-anonymize so that the data is useful but cannot be used to identify individuals.
  • Finally, GRC tools can be used to manage the process (numbers of access requests, for example) of protecting privacy data

Feel fee to DM me directly if you are looking for product names or consulting services around this topic.

——————————
Brian Tuemmler
IG Solution Manager
www.atdoc.com
——————————


Ronald,

I would suggest you take a really good look at the “Auditor” suite from Netwrix.

 

Aria

Aria Business Card-0۸
Aria Business Card-۱۰

 

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.