In a joint webinar hosted by the International Association of Privacy Professionals (IAPP), Meredith Williams-Range, Chief Knowledge & Client Value Officer at Shearman & Sterling, and Bart Vandekerckhove, Product Manager of Data Privacy at Collibra, spoke about “Using Data Intelligence to Solve the Hardest Aspects of Privacy Management.” As Meredith and Bart highlighted in the webinar, data privacy responsibilities cut across departments, such as data governance, privacy, and legal.
Year after year, these responsibilities continue to grow as new regulations are proposed and requirements become increasingly complex. Some challenges include finding what data the organization has, where it’s located, and how it’s being managed. With these challenges in mind, teams directly and indirectly responsible for privacy have to ask themselves, where do we start?
Develop a framework for your data foundation journey
When thinking through the steps to establish a solid data foundation, organizations may develop their own framework or adapt an existing one. An example of a data foundation framework includes these six steps:
- Governance, policies, and classifications. Document overview of terminology, policies, and approved data sources so that everyone within the organization can operate from a standardized data governance process.
- Change management. Schedule training and regular communication across the business to build alignment with key stakeholders including teams that frequently manage and use data.
- Systems and technology delivery. Coordinate all technology and information projects, bringing the management of systems together.
- Business process improvement. Evaluate existing business processes, then improve them gradually with input from key stakeholders.
- Data collection process. Evaluate the current process of collecting data. Then, teams should confirm what data is required to address their needs including for analytics and data privacy use cases.
- Data collection configuration. Consider a systems structure to accommodate requirements for data governance, privacy, security and more.
Harness data for privacy use cases
From the perspective of the privacy office, the initial focus may be to work on requirements that are most visible to regulators and consumers such as, a data subject request (DSR). From the perspective of the data governance team, the initial focus may be to ensure that the data used by their colleagues to make decisions is both accurate and trustworthy. A data foundation can accelerate a number of privacy use cases including:
- Discovering and classifying data. A frequently cited challenge of data privacy and governance teams is being able to locate personal information (PI). PI automation can uncover data that otherwise was previously unknown to data teams. With the help of AI/ML-driven classification, the manual step of classifying the discovered data is accelerated. Teams can then take the located and classified PI, and feed it into a data map and make it available for DSR fulfillment.
- Fulfilling data subject rights requests. While teams focus on managing the DSR workflow including the intake and response, what is often missed is access to the data. A data foundation to support DSR fulfillment includes pulling in PI that was previously discovered and classified and connecting it to the data subject. This can be accomplished in a compliant way by showing only the location and metadata related to the PI.
- Managing and enforcing data policies. Data policies should include well-defined procedures around retention, residency, and sharing. Once data policies are defined, they can be applied to the data throughout the enterprise and monitored to ensure compliant access and use.
Support compliance efforts with Collibra Data Privacy
Having a solution that can harness data is critical to accelerating privacy operations. Collibra Data Privacy enables organizations to build a foundation that solves the hardest aspects of data privacy management including identifying PI, locating it, and managing how it’s accessed and used. Organizations can use Collibra Data Privacy features and workflows to document business processes, discover and classify PI, and map data.
More specifically, organizations that have built a data governance foundation through Collibra can extend access and visibility of data, specifically metadata, for data subject rights (DSR) fulfillment. Collibra’s Individual Rights Requests feature enables organizations to quickly respond to requests and maintain visibility into where PI is stored and how it is being used. The Individual Rights Requests feature provides an audit trail, allowing oversight of who, how and when requests were processed, which ultimately helps organizations trust their data and comply with regulations.