It’s one thing to put the bones of a privacy program in place, such as policies and procedural descriptions. But it can be a big step from there to a living, breathing program that is integral with business operations.
How can technology help bridge the gap and make a privacy program operational?
Dimitri Sirota, CEO at BigID, talked about the benefits of automation for enabling privacy programs on a recent episode of The Virtual CISO Podcast. John Verry, Pivot Point Security CISO and Managing Partner, hosts the show.
Where’s my data?
Dimitri observes that data privacy, data security, and data governance are three “buckets,” each with a different focus but with a common theme: “Where’s my data.”
“If you think about privacy, it’s all about figuring out where your regulated data is and then reporting on it,” shares Dimitri. “If you think about security, it’s all about finding all your sensitive data and critical data and then securing it. If you think about data governance, it’s all about finding your high value data and then publishing it to your BI and AI and data commercialization products. But what’s interesting is they start with a common theme, which is all about, ‘Where’s my data?’”
Dimitri continues: “We talk about that in terms of K-Y-D, Know Your Data. But they all require a certain knowledge set. Whether you’re looking for the regulated data, like personal information, sensitive data, or metadata for data governance purposes, it’s all about discovery. So, our approach is why not have a common way to discover all that data, whether it’s metadata (which is data about the data), whether it’s security data, or whether it’s regulated data like PII? Have one tool that does it all, that could look across your files and your structured databases, your SQL databases, your data warehouses, your SaaS, your development environments, your messaging platforms like email and Slack. Have one tool that could provide you a global view.”
When you have a global view of your data—structured, unstructured, your whole data estate—you can just steer the automation towards what you want to find out. If you care about data quality, which is a data governance issue, you already know where the data is. If you care about security issues like data access management, you’ve already identified where the data is. If you care about privacy issues like reporting for regulators or for individuals, you’ll know just where to find that data as well.
Toward universal data navigation
John adds that getting a handle on personal data potentially gives orgs a foundation for understanding and governing other types of sensitive and/or valuable data, such as compliance data.
“Privacy is just a particular frame of reference of one regulated data type, personal information,” concurs Dimitri. “There’s other regulated data: There’s GLBA data, there’s SOX data, there’s HIPAA data, there’s PCI data… At the end of the day, data is data, and you need this universal information navigation of your data.”
Whatever data you care about and whatever action you want to perform, it all starts with a global, dynamic data index.
To catch this podcast episode with BigID CEO Dimitri Sirota, click here.
How important is data privacy? It can be a matter of life and death: Privacy Laws Can Be a Matter of Life and Death