Data Discovery & Classification Assessment

Providing a clear picture of privacy risk exposure in the organization

Sometimes organizations have a vague sense that data privacy risks lurk in their systems and operations,
but dont have a handle on where exactly that risk might lie. Privacy may now be a prioritized company
initiative and youre responsible for managing the risk but dont know where to start. Perhaps other
entities you do business with are inquiring about your privacy practices, or you need to assess the risk
profile of new operations from expansion or acquisition.

Learn More:

Getting a clear picture of the complete data lifecycle across the organization or a particular product

truste.com/

or business operation becomes critical. Data Discovery & Classification is often the first step, providing
you with transparency on how personal information is collected, used, stored and transferred, both
within the organization and with third parties. This assessment is designed to provide you with a
comprehensive view of your data landscape.

KEY BENEFITS
Powerful insight on the risks at every stage of the data lifecycle enabling you to successfully
manage large and complex exchanges of information
Detailed and actionable reports to implement immediate steps for privacy compliance
Full-service team of privacy experts by your side throughout the assessment process
Legal knowledge with practical business process implementation experience
Powered by TRUSTes Data Privacy Management (DPM) Platforms state-of-the-art privacy
technology for assessment management, compliance control, and website monitoring
Key regulatory relationships as a leading service provider for several of the worlds regulatory
and self-regulatory compliance agencies
Flexible scope to cover enterprise-wide or a single product/process/line of business
Rapid response, in as little as 4 to 6 weeks, dependent on scope and complexity
Streamlined process minimizes disruption to your daily business operations

OUR PEOPLE
All of our Privacy Consultants are recognized data privacy experts with significant experience leading
global privacy assessments for large enterprises. As the leading privacy brand, weve become one of the
most experienced and innovative Data Privacy Management companies in the world, with offices in the
US, EU, and Asia. Our privacy experts assist clients with all of their privacy compliance needs.

ESTABLISHED ASSESSMENT METHODOLOGY

TRUSTe has an established assessment methodology based on almost two decades of experience
delivering privacy services to thousands of clients around the world. Privacy Consultants deliver the Data
Discovery & Classification Assessment in a streamlined 3-step process.
1: Comprehensive Data Discovery
The focus of this particular type of assessment is to provide you with a detailed and comprehensive
inventory of relevant data flows and potential risks across your organization. We conduct initial
interviews with relevant subject matter experts within your organization to understand the data life
cycle, including what data you collect, how you use it, who you share it with, third party agreements, use
of trackers, privacy disclosures, opt-outs, and much more. We provide you with the flexibility to cover
enterprise-wide or focus on a single product/process/line of business.

POWERING TRUST in the Data Economy

CONTACT US

US: 888.878.7830

www.truste.com

EU: +44 (0) 203 078 6495

www.truste.eu

Data Discovery & Classification Assessment

TRUSTe then conducts in-depth interviews on site or remotely to fully map

data flows from the point of data collection, storage and processing, resources
involved in processing data (internal systems, third party service providers,
cloud providers), and retention and deletion practices. In addition, we work
with your team to gather supporting documents, such as product requirements
documents, database schemas, and third party integration agreements.
2: Risk Classification
Armed with information from the Data Discovery, we help you organize the data
by type, purposes, uses, and associated risk levels. We apply our proprietary
scanning technology to applicable websites and mobile apps, shedding light
on trackers and tracking technologies used, with Privacy Sensitivity Index (PSI)
scoring and insight into personally identifiable information (PII) data collection.
3: Findings Report
The Findings Report summarizes the results of the Comprehensive Data Discovery & Risk Classification analysis. It
includes broad analysis on any points in the data flow with potential risk areas requiring further diagnostic or remediation
measures, providing you with the information you need to take immediate next steps for privacy compliance.

TRUSTe Data Discovery & Classification

I.

Summary of All Business Units Reviewed

II.

Below is a list of each of the business units that were reviewed by TRUSTe. The chart denotes whether personal
data (including consumer or employee) is transferred across borders and triggers a heightened area of privacy
risk. Each business unit flagged below will place it in-scope for further remediation measures.
Business Unit

TRUSTe Data Discovery

& Classification

Corporate HQ

2.

Group A

3.

Group B

4.

Group C

5.

SF Office

6.

Alpha Studios

7.

Beta Digital

8.

Gamma One

9.

Delta Two

CONFIDENTIAL

Personal Data Inventory

Based on TRUSTes interviews with stakeholders and its analysis of business practices, we have determined the
following business units to be in-scope for further remediation measures. All other business units reviewed do not
transfer personal data across borders in which privacy risk is triggered. Weve included the categories of personal
data collected and where it is stored for in scope business units.

1.

Onward Transfer of Personal Data

1.

TRUSTe Data Discovery & Classification

CONFIDENTIAL

Corporate HQ

Personal Data Collected

Data Storage

HR/Finance
EU employees' salary information
US employee data:
SSN/tax info;
Resume;
Salary history; and
Payroll info

HR/Finance (stored in the US)

ADP Payroll System;
Employee paper files located in
locked filing cabinets;
HR/Finance email server; and
HR employees computer hard drive
Marketing:
Marketing email server; and
Marketing employees computer hard
drives

Marketing:
EU customer data to target and send
communications
First and last name;
Mailing address;
Phone number; and
Email address

10. Epsilon Three

11. Zeta Four

Confidential Review Findings Report

2.

12. Kappa Five

Report Date: April 17, 2015

Group A

Personal Data Collected

First and last name;
Mailing address;
Phone number,
Email address;
Banking details;
Payment/expense info; and
Tax info

Review conducted by:

Debra J. Farber, Sr. Privacy Consultant

Email address:

dfarber@truste.com

Phone number:

415-766-6441

CONTACT US

US: 888.878.7830

www.truste.com

EU: +44 (0) 203 078 6495

www.truste.eu

CONTACT US

US: 888.878.7830

Data Storage
Group A email server
Project XYZ database
Paper Forms and Paper Print Outs
payment method forms, international
tax forms, check copies, expenses,
wire transfer info, checking info
Microsoft Access Database
automation of payments

www.truste.com

EU: +44 (0) 203 078 6495

www.truste.eu

ABOUT TRUSTe
TRUSTe is the leading global Data Privacy Management (DPM) company and powers trust in the data economy by
enabling businesses to safely collect and use customer data across their customer, employee, and vendor channels. Our
SaaSbased DPM Platform gives users control over all phases of data privacy management from conducting assessments
and implementing compliance controls to managing ongoing monitoring. Our DPM Services are delivered by an expert
team of privacy professionals and include the globally recognized Certified Privacy Seal. Thousands of companies
worldwide rely on TRUSTe to minimize compliance risk and protect their brand. For more information, please visit www.
truste.com.

Powering Compliance and Trust

CONTACT US

US: 888.878.7830

www.truste.com

EU: +44 (0) 203 078 6495

www.truste.eu