Professional Documents
Culture Documents
to Intelligent
Data Privacy
An Agile Approach for Reducing
Privacy Risk and Increasing Trust
to Unleash Data Value
2
Contents
Introduction Conclusion
The New Data Landscape: More, Faster, Further 3 Data Privacy is a Business Value
Creation Imperative 15
Part One
The Perfect Storm for Data Privacy 5 Learn More 16
Explosive data growth is a double-edged sword. This perfect storm of constant change, • E
thical use of data is influencing your customer
On one hand, it’s enabling the most disruptive accelerating speed, and surging volume is experience, particularly when it impacts
and exciting companies in the world to create creating staggering levels of risk: whether they will do business with and remain
competitive advantages and develop brand new loyal to your company.
products and services. • In addition to your traditional structured data
in transactional applications and relational • T
he sophistication level of threat actors and
On the other, you have to deal with more sensitive databases, there is more IoT and social media malicious activities—both inside and outside of
data exposure and misuse than ever before. data streaming into data lakes. your business—is growing.
And governing this data is an increasingly
complicated challenge to enable its protection • D
ata migration to the cloud creates new risks • A
nd the number of data privacy regulations
and ensure transparency for appropriate use. as organizations can no longer depend on the around the world are growing, and so are
traditional security controls and firewalls of the associated fines for non-compliance.
It’s not just the volume of data that’s causing legacy on-premises solutions.
problems. The speed at which data moves Traditional security and protection models simply
around and between organizations is also • T
he desire to use data for analytics, process aren’t fit to address these transformational
increasing. And the data itself is evolving. The improvements, and machine learning increases challenges that are core to driving future revenue.
purpose, quality, and location of any data asset the risk of unintentionally using, copying, and What used to be a point-in-time activity now
can change overnight, exposing new risks. combining data in ways that violate consent requires a continuous data governance process
and privacy regulations. that must be adapted in line with shifting priorities
and emerging threats.
Data privacy must be woven into the DNA of It’s based on our experience working with
the organization to increase trust assurance enterprise Privacy Officers, CDOs, CISOs,
both in the data and in value creation outcomes. CIOs, and their teams on the frontline of data
And because everyone uses data and shares governance, risk and compliance, privacy, and
responsibility for its protection—to align with both security, as well as our own extensive knowledge
corporate policies and customer expectations— of data intelligence technology.
data privacy must involve everyone.
By the time you’ve finished reading, you should
This guide explains what this new, holistic have a clearer idea of what effective data privacy
approach to data privacy looks like with a six-step governance looks like today for a best-practices
approach to maturity, and how you can meet the approach and how you can implement it within
challenges of a shifting threat landscape and your own enterprise.
achieve greater transparency.
Let’s dive in.
Six Steps to Intelligent Data Privacy | Part One 5
There are a myriad of ways to define sensitive valuable datasets. For example, a hacker can
data. For the purpose of this eBook, we’ll be use someone’s email address to find their phone
referring to Personally Identifiable Information number. Then, once they have that, they may
(PII), Personal Heath Information (PHI), or have enough data to hack the victim’s email
similar confidential and regulated classes of account, and worse, compromise finances.
data that create risk exposure when they are
abused or used inappropriately. Exposing data improperly comes with severe
penalties for businesses—including regulatory
Personal data privacy regulations, such as the fines, legal action, and reputational damage.
GDPR, CCPA, and others focus on PII, a catch-all Of these, long-term reputational damage that
term for any data that can be used to identify impacts customer loyalty is perhaps the most
someone. In fact, the GDPR has named 60 daunting. Trust is the cornerstone of every
elements that meet personal criteria, including successful customer relationship and, once
demographic, financial, and health data. it’s broken, it can be incredibly hard to rebuild
confidence in a brand.
Sensitive identity data is targeted because
it’s valuable. Malicious actors can use it to
compromise bank accounts and access other
Six Steps to Intelligent Data Privacy | Part One 6
• L
egislators have taken action What used to be an IT concern is now an
More than 80 countries have data privacy urgent issue for customers as well as your
laws, and Turkey, India, China, Brazil, Singapore board, your line of business owners and
and other countries are clamping down on partners, and regulators.
data malpractice and rigorously enforcing
laws regarding personally identifiable data. This puts pressure on you and your teams to
And following the CCPA, many U.S. states protect data, but it also accelerates opportunities
are taking similar legislative action. for value creation. There are clear business
benefits to embracing data privacy to govern
data responsibly and unleash its value with
lower risks to misuse and loss.
Six Steps to Intelligent Data Privacy | Part One 8
Learn more about Informatica Data Privacy For more info, see: Informatica Cloud Data Learn more about Informatica Data Privacy
Management Masking, Cloud Test Data Management,
Masking Management Management
and MDM Customer 360
Six Steps to Intelligent Data Privacy | Part Two 12
For these capabilities to be effective, they must driven by analytic insights helps simplify the can leverage metadata-driven intelligence
be adaptable to ongoing data use and flexible communication of complex information to to apply privacy policies in near real time to
to constantly changing privacy mandates. technical and business professionals alike. accelerate compliance.
They must be integrated, so that privacy, risk
and compliance, and security professionals For all these operational capabilities, automation In practice, this data privacy governance
achieve a clear and unified view of internal of data privacy intelligence is key. You have approach is designed to monitor new and
data exposure risks and outside threats to data millions of data elements you need to protect, existing data, and notify stakeholders such as
loss. And they need to scale to support the and manual processes cannot scale, being too privacy teams of a risky data access or use
organization as it grows and expands operations time-consuming and expensive. Often, these behavior anomaly. It can also suggest or take
globally. Given the volume of data, users and processes are so slow, they’re obsolete long corrective actions to mitigate threats.
applications to monitor and protect, automation before completed. For example, an inability to
is key not only to keeping pace and scale out, but fulfill a DSAR report within the timeframe that In privacy risk scenarios, it is about protecting
to ensure predictable and reliable results when GDPR or CCPA requirements mandate. the data itself by detecting patterns by data
planning data privacy governance priorities. users that indicate inappropriate or unauthorized
Automating controls, establishing policies and access and use activity for achieving the
And with growing personal data privacy laws operationalizing metadata, is a more sustainable transparency needed to reduce those risks and
and regulations, centralized management way to maintain privacy controls and increase enable safe value creation opportunities.
based on a common metadata-driven platform visibility in today’s fast-changing environment.
This is the true power of automation. It doesn’t
approach will help ensure that organizational
This may sound historically daunting, but today just make privacy operations easier for privacy,
policies and guidelines are applied in a consistent
is really a simplified process. Artificial intelligence risk and compliance, and security professionals
manner with shared intelligence and simplified
is now sophisticated enough that data privacy by automating manual processes, it considerably
change management. With a broad set of
intelligence, protection and transparency as improves efficiency and makes what was
enterprise consumers for privacy information
part of an overall data governance strategy formerly impossible, achievable.
and compliance status, a highly visual solution
Six Steps to Intelligent Data Privacy | Part Two 13
Take a phased approach to scale long-term First, you’ll need to define “personal sensitive
data” based on its attributes. Risk scoring
Don’t compromise on transparency
Because the number of challenges to frameworks that are enabled by Informatica’s
operationalizing data privacy can be daunting, six-step approach can help prioritize your top
New data privacy regulations place fresh
you shouldn’t attempt to tackle everything all privacy use cases. Essentially, you determine a
emphasis on the importance of making PII
at once. Not only is this unrealistic but, more series of criteria to classify sensitive data and
transparent for appropriate uses that align
importantly, it could be prone to error when then score data asset value and risk exposure.
with consumer expectations.
establishing a repeatable framework. The further This approach gives you a nuanced view of
you stretch your data governance capabilities, data sensitivity and provides consistency and
Under the GDPR, CCPA, and other modern
you are less likely to establish a continuous objectivity to the process of defining your most
regulation, you need to be able to delete,
process that can scale over time. critical data to disposition.
move, or amend customer data, in line
with customer privacy rights. You’ll also
A phased program makes more sense. Start It also accounts for the transient nature of data.
need to honor their requests to withdraw
with identifying your most sensitive data to risk If one characteristic of a data asset changes—
consent for use. This means that privacy
exposure, align a small group of people around a location, usage, or proliferation, etc.—its risk
governance controls must be deployed
use case or function, and a clear objective. Then score can be adjusted accordingly.
with a focus on granular enforcement.
once you’ve achieved demonstrable results, you
Therefore, protection must be at a data-
can better scale your program to tackle additional
centric level and incorporate context of
data privacy challenges.
identity and use—such as application type,
purpose, location, accessibility and similar
attributes—to be relevant for timely and
effective data subject reporting purposes.
Six Steps to Intelligent Data Privacy | Part Two 14
Many of the data governance criteria behind types and shed light on user roles, data owners, • H
ave I aligned privacy investments and
your privacy framework will be unique to your and business uses. resources to the right strategic objectives and
business. But there are a few questions to guide operational activities?
your thinking: Once you’ve defined your data workflows, you
can then apply automation to discover and The answer to these questions will indicate the
• W
hat type of personal data are we using and classify it. More importantly, you can use AI- remediation you need to take. So, if for example
for what purpose? based risk scoring to prioritize how best to the highest risk to your data is appropriate user
manage exposure, based on how the data is handling, the action may be to implement a
• W
hat legislation regulates our data use with used, its proliferation, and then determine how it training program, in addition to data masking or
protection and transparency requirements? should be protected. minimization considerations.
• W
ho are the business and technical stewards This process will help you map data across
of the data that must be aligned on policies and business processes, geographies, and functional
data flow? groups. It will also provide you with answers to
critical questions, such as:
• H
ow is the data accessed, and is access and
use defined and controlled to be appropriate? • W
here is personal data located, and how is it
linked to identities across sources?
You may not be able to answer these questions
alone, so you’ll need to reach out to the people • W
hat are the potential risks and are my data
who use this data. Conducting interviews, protection controls reliable?
surveys, and assessments with application
owners, security analysts, DBAs, business • Is the organization’s privacy readiness sufficient
analysts, and frontline staff, will expose data for the geographies where it operates under
privacy regulation?
Six Steps to Intelligent Data Privacy | Conclusion 15
Although market forces are fueling personal While challenges can seem daunting, taking
data privacy regulations, it’s important to a phased approach and applying our six-step
remember that it’s not just about compliance. methodology can help you think big, start small
The strong data privacy governance policies and scale reliably. AI and machine learning
and programs required by legislation can technologies can help automate and accelerate
also materially block business success. Your tasks, increase transparency, and orchestrate
customers, employees and partners expect you risk remediation continuously with precision.
to handle their data ethically and responsibly. With a holistic approach and a unified technology
strategy, you can be ready and remain agile within
And digital transformation efforts are dependent a constantly evolving data privacy landscape.
upon data to identify revenue opportunities,
streamline business operations, reduce costs,
and manage risk to unleash new value
creation opportunities.
Six Steps to Intelligent Data Privacy 16
Learn More
Additional resources/reading
Data Privacy and Protection Video GDPR Compliance for Dummies Data Privacy Management Data Sheet
Data Privacy and Protection White Paper Data Privacy for Dummies Unleashing the Power of Data
About Informatica ®
IN19-0521-3582
© Copyright Informatica LLC 2021. Informatica and the Informatica logo are trademarks or registered trademarks of Informatica LLC in the United States and
other countries. A current list of Informatica trademarks is available on the web at https://www.informatica.com/trademarks.html. Other company and product
names may be trade names or trademarks of their respective owners. The information in this documentation is subject to change without notice and provided
“AS IS” without warranty of any kind, express or implied.