PreviousSigns That Your Systems May Have Been Compromised
April 5th, 2023
Welcome to part four of a four-part series for establishing and maintaining a Data Privacy and Protection Program. This article focuses on evaluating and selecting technology solutions for your data privacy and protection program.
Privacy Management Software
Privacy professionals face many challenges in managing data privacy and protection throughout their organisations. From knowing what types of data, the company is collecting and using to finding ways to keep the company in compliance with data protection regulations on an ongoing basis. This is a daunting task to manage when using spreadsheets and manual processes when the way we do business and interact with data is constantly evolving. Privacy Management Software offers privacy experts a one-stop shop for monitoring and managing their data privacy and protection program, which is significant given the range and depth of privacy obligations under various legislations worldwide.
Based on an infographic from the International Association of Privacy Professionals (IAPP) published in May 2020, fifty per cent (50%) of privacy professionals reported one (1) or more data breaches, while sixty-seven per cent (67%) documented one or more privacy incidents over the previous three years. These breaches and incidents may lead to non-compliance with data protection regulations and therefore incur hefty penalties depending on the nature of the breach or incident.
Privacy professionals use Privacy Management Software to automatically identify and prevent these breaches or incidents to monitor and maintain compliance. Some other benefits of using Privacy Management Software are:
Demonstrates the company's commitment to data trust
Improves the company's compliance with data protection legislation
Streamlines data privacy and protection operations
Increases visibility and develops insights around program performance
Manages third-party data processor risks
Improves incident response and recovery from data breaches
Improves return on investment (ROI) in the privacy program
General Features of Privacy Management Software
Not all solutions are created equal; therefore, not just any solution will fit your environment. It is critical that we follow a structured process to justify, evaluate, select, and implement a Privacy Management Solution. This process is designed to screen out solutions that do not meet our needs and focus on those that can.
The Privacy Management Solution space has grown significantly over the past six years, with the IAPP including 365 privacy solution vendors, according to their 2021 Privacy Tech Vendor Report. This is a drastic increase from their first report in 2017, which had only 44 vendors. Features had also increased with privacy tech vendors adding more tools to automate privacy management better and identify potential issues.
While not exhaustive, some standard features include the following:
Consent Management – tools for collecting, tracking, and managing data subjects' consent.
Data discovery – includes tools for identifying what data you have and where it exists, such as data classification to understand the sensitivity of the data you have.
Data Mapping – tools for understanding the flow of data throughout your network.
Data Subject Requests – tools that allow logging, tracking, and resolving requests from data subjects.
Deidentification/Pseudonymity – tools that allow data analysis without compromising privacy obligations.
Breach Management – Tools to assist in the breach management and notification process.
Impact Assessments – tools for streamlining your data protection and privacy impact assessments using manual or automated techniques.
The list goes on and on with other features, such as data transfers, vendor/third-party management, cookie management, encryption, and data masking, to improve all aspects of privacy management across your company. Plus, well-established solutions tend to include pre-built dashboards and reports to monitor your environment easily. When evaluating the available solutions, please pay attention to how the features work in their product. For example, data discovery features may be automated or manual, which changes your level of involvement when using this feature. Try giving vendor-specific scenarios and testing a proof of concept to see exactly how the components work to verify whether they will meet your needs and expectations.
Privacy Management Solutions are the next step in evolving our privacy management to meet our obligations. These solutions come in various shapes, sizes, and features; therefore, the solution selection process must be structured to evaluate options equally and to pick the best fit. To assist in this process, consider some of the following sources:
2021 Privacy Tech Vendor Report – Comprehensive list of privacy tech vendors and a summary of the features their solutions provide
The Forrester Wave: Privacy Management Software, Q4 2021 – Comparison of top privacy management solutions.