Q4 How does a #dataprivacy tool help me de-identify sensitive data so it can be safely stored and reused for analysis, monetization use with 3rd parties?
A4 Data privacy tools can remove elements of personal data that are unnecessary or duplicative while keeping elements that enable legitimate analysis, research, and monetization (1)
A4 De-identifying data in a way that keeps it usable for research is difficult. De-identified data can be combined with other sources (private/public) to re-identify the data. Be sure to consider outside sources that could impact privacy when using data for research. (2) --Aaron
Q6 What measures and best practices should organizations take to ensure their data security practices are legally adequate? #AskSpirion
A6 All (or nearly all) modern privacy laws require that organizations conduct a risk assessment in order to apply proper controls, both administrative and technical. (1)
A6 Those organizations should review their assessments to make sure they account for changes in the kind of personal data used and how it’s being used. (2) --Scott
Q5 More than half of all states have proposed data privacy legislation. What steps can organizations take to ensure they are building global privacy capabilities for the regulatory future? #AskSpirion
A5 First, organizations should conduct a privacy risk assessment. It’s critical to understand just what data qualifies as personal, both on the surface and as used in practice. Second, they need to understand where it’s stored and how it’s used and who has access to it. (1)
A5 Finally, they should review their set of controls, both administrative and technical, and determine what changes need to be made in order to mitigate any identified risks.
--Scott (2)
Q3 How can organizations better guard against insider breaches? #askspirion
A3 (1) The key to minimizing insider breaches is to conduct an inventory of the personal information that your organization has in its possession and eliminating everything that you don’t need or is otherwise duplicative.
A3 (2) From there, classifying that information according to sensitivity and placing controls on it such as DLP will serve to prevent it from leaving the network or cloud data store. --Scott
Q2 What can organizations do to better scale their data privacy and compliance programs to accommodate consumers' rights over their data – including the right to be forgotten? #AskSpirion
A2 Scaling implies a combination of compliance strategy, processes to implement that strategy, and controls to prevent anything from falling through the cracks. (1)
A2 One method I use is to conduct a thought experiment: what if we were to receive a million RtbF requests? How would we scale to accomplish that? --Scott (2)