10.15.2019 - Customer Experience Starts at Your Registration Screen
Social sign-ons are not meant to and should not be used to protect sensitive assets. Of greater concern is that data sharing is a two-way street. When a company uses single sign-on, it gets information such as email addresses and geographical locations from the social network; however, it also may be giving information about its users’ behaviors back to the social network. Businesses should understand which user information they are sharing when they agree to the terms of the social network.
01.23.2018 - GDPR and Governance
In our blogs, “Initiating Steps On The Path To GDPR Compliance” and “GDPR Compliance – Assessing Data Controls and Risk Management”, we discussed data mapping and risk assessments. Today, we are going to discuss governance. ...
12.14.2017 - GDPR Compliance – Assessing Data Controls and Risk Management
After reading our blog “Initiating Steps On The Path To GDPR Compliance” and completing your data mapping exercise, you should now have an understanding of what data your company collects, how it is used, where it is stored, who has access, and when and how it is deleted. What should you do next? For the next step, you need to assess the identified data flows and rate their importance and sensitivity. You may need to have different rating scales to consider, both from the company perspective and an individual’s viewpoint. Proprietary information does not mean much to an individual, just like a social security number does not mean much to the company’s overall survival. So, data’s value is determined by the owner’s perspective. ...
11.2.2017 - Initiating Steps On The Path To GDPR Compliance
If you are reading this you have heard of the General Data Protection Regulation (GDPR) and are concerned whether it applies to you. Since it applies to all European Union citizens, no matter where they are located in the world, it is very likely that it does. The question of enforceability, especially if you don’t have an EU presence, is a different issue. But most multi-national companies are following the requirements down to their supply chain, so if you are not compliant, you may find business opportunities drying up. The first step to compliance is to understand your data. You need to do an exercise called data mapping. Data mapping for GDPR is not the same as matching up database schemes. It is more like a data inventory and it is a fundamental requirement for your privacy compliance strategy. How can you protect something if you don’t know that you have it? In data mapping, you act as a journalist, analyzing your data flows, and answering the five W’s of reporting; Who, What, Where, When, and Why. Data mapping can benefit your business in other ways too, such as identifying key data sources, eliminating duplicate data stores, and consolidating data to provide for a smarter use. The healthcare industry went through similar efforts fifteen years ago with the advent of HIPAA. ...
