July 14, 2020
You’ve made the decision to protect the data privacy and security of your colleagues, customers and community—now the hunt begins for the right software to manage all of your sensitive data, keep you compliant and remediate risks.
With over 300 data privacy software companies to choose from, according to the International Association of Privacy Professionals (IAPP), narrowing it down to the right option can seem overwhelming if you don’t know exactly what you are looking for. Your data privacy management software should not only find unique sensitive data and automatically classify it, but also truly reduce and manage risks associated with increased privacy regulation, data dispersion, and privacy breaches.
Before you buy in, ask these six questions of your data privacy management tool of choice to better understand what the software will do to improve your compliance posture and reduce the risks associated with a data breach.
Does it offer a clear picture of your entire data landscape?
Every organization holds sensitive data, but most organizations don’t know how much they have, where it is stored, or how it is structured. In other words, their data landscape is scattered and hidden. Before you can take any real steps to be in compliance with data privacy laws, you have to be able to locate all of your data.
The data privacy management software you choose should be able to locate both structured and unstructured data across your network, cloud systems and apps, all endpoints, both on internal networks and in remote work from home settings.
Does it provide automated discovery and classification capabilities?
Organizations often struggle with their data classification programs because they approach them mostly as manual processes. But classifying data manually is simply too labor-intensive, time-consuming, and error-prone to be a practical solution for all but the smallest companies. In particular, manual data classification suffers from the following issues:
Inaccuracy — Busy employees often fail to classify data at all or simply pick the first tag in the list to expedite the process.
Inconsistency — Different people classify similar documents in different ways.
Inflexibility — As companies’ sensitive-data requirements and regulations change, no one has the time or inclination to update the tags on terabytes of existing data.
Failure — As users realize that data is not classified correctly, they will quit trusting the process and the whole project fails.
Automating data classification overcomes these limitations by making the process reliable, accurate, and continuous. A sophisticated platform can spot personally identifiable information (PII) by looking for data patterns, as well as using content and context clues, to find names, dates of birth, addresses, phone numbers, financial information, health information, and social security numbers accurately. Additionally, automated systems can also re-classify data as needed, such as for updates and changes within the business or from changes in compliance regulations.
Does it enable you to comply with data privacy laws and standards?
Whatever your industry vertical or location, chances are there will be governing bodies, internal audits and mandates with which your organization must comply. Then combine these industry compliances with GDPR, CCPA HIPAA and PCI-DSS, as well as other data privacy standards and regulations on the horizon, and you have a virtual alphabet soup of regulations to follow. What makes some of these laws so difficult is that none of them follow the same script. Although they share a similar intent of protecting consumers’ data, the details, timing, required responses and penalties vary widely—making it nearly impossible to keep up and stay compliant.
This is where you should have the highest expectations of your data privacy software. The best solutions available will sort out the confusion behind different privacy regulations, as well as produce Data Subject Access Requests (DSAR) and Subject Rights Request (SRR) request information that demonstrate protection.
Can it model and run complex conditional workflows?
To enforce data privacy and retention policies, your software should automate workflows to create efficiencies and avoid human error in data discovery, classification and remediation.
Workflows provide the ability to assign results to users based on user defined criteria, send notifications when automatic or manual assignment occurs, apply remediation actions, track status and assign classifications. However many automation tools follow a convoluted process in a clunky design that is not intuitive, difficult to audit and prone to errors and omissions. You’ll want to make sure your data privacy software features an easy-to understand user interface that allows you to clearly model a complete data privacy lifecycle from discovery to remediation, with detailed controls over actions and decisions at each step.
Does it provide a reliable dashboard and advanced reporting and analytics?
People are the most powerful tool in any organization’s security and privacy strategy and empowering them with knowledge is the key to the strategy’s success. Choose a data privacy software solution that offers a comprehensive dashboard with visual tools to communicate clearly and accurately what’s happening within your data ecosystem. Having a reliable dashboard arms your security team with the insights it needs to stop a potential data incident and risk. You need the ability to present information to your organization’s top leadership, especially in the case of a breach. Advanced reporting and analytics can provide system-level overviews and an in-depth drill-down into sensitive data scan results to guide remediation policies and practices.
Can it quickly and effectively handle remediation when a data privacy risk is found?
When a data security problem is found, quick action is required to address it. Your data security software should offer a broad range of remediation actions. It may need to fix corrupt or inaccurate records by replacing, modifying or deleting them. With the help of complex conditional workflows and an automated data classification policy, it “knows” which action to take in a specific situation. It may shred, redact, quarantine, encrypt, or take other actions – which is especially important for privacy compliance, as it prevents data from being repeated and hidden throughout the network. Rapid and automated remediation can save time, money, and storage space while also reducing legal and regulatory risks.
Why Spirion’s Data Privacy Manager is your best-of-breed solution
While some tools provide a few of the requirements we’ve been talking about, only Spirion’s Data Privacy Manager (DPM) offers them all.
Find anything, anywhere
Spirion’s Data Privacy Manager allows you to search locations such as PDFs, images and spreadsheets to cloud repositories, databases and even your colleague’s laptops. Wherever sensitive data lies, we promise to find it.
Highest accuracy in the market
Spirion’s AnyFind technology goes beyond pattern matching in its discovery and uses context and content clues to find sensitive data, with less than 2% false positives.
Purposeful and automated classification
DPM automates data classification and enables it to persistently follow the data wherever it goes. It offers real-time risk remediation so that as data comes into your enterprise it can be trained and controlled. With more remediation options than anyone else in the market, DPM can offer optimal protection with limited business disruption.
Real-time risk remediation
Spirion’s Data Privacy Manager offers real-time risk remediation so that as data comes into your enterprise it can be trained and controlled. With more remediation options than anyone else in the market, Data Privacy Manager can offer optimal protection with limited business disruption.
DPM recently released playbooks to make classifying and controlling your sensitive data easier. Rather than having a team to write complex scripts to classify and control your data, you can build a playbook that follows those same complex and conditional workflows in a simple and easy-to-use interface.