Privacy

SMEs: Do You Know Where All Your Customers’ Personal Data Resides?

Screen Shot 2022 10 09 at 10.54.36 PM
Reading Time: 2 minutes

There are two basic challenges with data privacy:

  • Regulatory compliance and attestation; and
  • Data transparency and data rights for customers and employees

SMEs tend to be more concerned about the latter issue—and with good reason. Let’s say someone asks for all the data you have on them. It could be in emails, databases, SaaS applications, a data lake, your development environment, and many other places. Plus, the definition of “personal data” is extremely broad, encompassing anything and everything from login credentials to GPS coordinates to IP addresses to clickstream data. How can you efficiently identify everything associated with an individual, in all the places it potentially resides?

To share how the latest technology is helping orgs of all sizes operationalize privacy management, a recent episode of The Virtual CISO Podcast features Dimitri Sirota, CEO at BigID. John Verry, Pivot Point Security CISO and Managing Partner, hosts the show as always.

Looking everywhere

Historically, SMEs have looked for personal data mainly in the obvious places. They query their staff about where personal data generally resides, and when they get a privacy request they look in those relatively few repositories.

But what about all the other places that were probably overlooked, like Snowflake and/or Amazon S3 repositories? What about note fields in Salesforce? What about images or voice recordings?

“Looking everywhere is technically what you’re responsible for, and you’re opening yourself up to liability if you don’t do it,” warns Dimitri. “That requires a rethink and a new approach.”

Especially since just looking in the obvious places costs something like $2,500 per request to do manually. Then there’s the fact that any data map you manually create is outdated before it’s even finished. Some kind of automated discovery mechanism is increasingly required even for a foundational privacy program.

Replacing spreadsheets

A longstanding aphorism is that great ideas come from replacing spreadsheets with automation. This is simplistically what BigID has done by replacing spreadsheet-driven data maps with data discovery, classification, and correlation intelligence.

“Take Snowflake, which by its very nature is a dumping ground for data,” Dimitri points out. “It’s changing and growing all the time. There is no one person who knows what’s inside of it. Most people don’t even know what they have in their file folders. Clearly, a data mapping exercise that historically was done through spreadsheets and interviews is not going to be entirely robust.”

For today’s diverse and dynamic data environments, you need technology to help with data mapping.

What’s next?

To listen to this podcast episode with Dimitri Sirota, click here.

Does your business need a privacy lead or Data Protection Officer (DPO)? This blog post will help answer the question: Skills SMBs Should Look for in a Privacy Lead

 

ISO 27001 Recipe TNISO 27701 Certification Guide
Discover what you need to achieve ISO 27701 certification!

You are 6 simple steps away from "provable" compliance with every Privacy regulation.

Back to list

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *