Data is a valuable asset, enabling personalization, effective marketing, and data-driven decisions that boost loyalty and revenue. However, with great data comes great responsibility. Customers are more concerned about their data privacy than ever before.
Are you confident that your organization complies with data privacy laws and secures customer trust? Read our eBook to find out.
In this eBook, you’ll learn:
The evolving landscape of data privacy laws, from HIPAA to GDPR and CCPA.
Expert insights on holistic data governance and customer-centric approaches.
Practical steps for compliance with our data privacy checklist.
Real-world success stories showcasing the impact of data privacy.
Let’s get started! Protect your organization, empower your customers, and elevate your business. Download our eBook today to discover how data privacy is the key to compliance and safeguarding your customers’ data.
Data privacy rules and regulations are constantly evolving – states are adding new laws while others are adding new measures to existing laws. So, it really is a matter of when, not if, you’re going to have to address data privacy.
We talked with the data privacy pros (DPPs) here at Prolifics and learned that there’s a bigger picture to data privacy that we all need to consider.
Q: Okay, so I’m a company coming in to see you all one day and I say, “Hey, I just realized I have a California Consumer Privacy Act (CCPA) problem, and I need some data privacy answers. But I only want the minimum viable for California, that’s the only thing I want to address.” Does that happen and how do you respond?
DPPs: Yes, it does. We see this with a lot of customers, and they do just that. “We only want the bare minimum. We don’t want a big investment here.” The problem is the bare minimum is still holistic. You have to consider all your data anyway because you’re on the hook for it. It’s everything or nothing. You can’t have half of your data being CCPA compliant and half of it not. You can’t have your structured data being CCPA compliant and your unstructured data not. It just doesn’t work that way under the law. You’re still leaving yourself wide open for fines and penalties. And that’s not just CCPA – all privacy laws follow similar logic. So, there’s no real fundamental difference between CCPA compliance and larger, overall data governance.
Q: If I need to consider all my data, are you saying privacy laws are in a way forcing data governance on me?
DPPs: The data privacy campaign or policy that’s put into place is data governance. Without the rigors of governance, meaning if you’re not following some core tenants, which is collect the data, scan the data for PII (personally identifiable information) and then catalog the data, you’re not complying with the privacy law. Those three things – scanning, identifying, and cataloging – are part of governance. Governance means you know where your data is, you know who’s using your data, internal or external, who’s accessing it and when. Companies should already have governance related to privacy issues. For example, “Hey, that individual’s name is not encrypted on this site. It’s related to a database over here where you can get access to a social security number. I need to prevent that from happening.”
Q: How do you get people to look at the larger data governance point of view?
DPPs: So, there’s no real fundamental difference between CCPA compliance and data governance. It’s all the same. You might have one policy for CCPA. Most likely you’ll have about 10 to 15, but for governance, you might have 1,000. Many healthcare organizations, like payers, have tens of thousands of policies for their governance, because they have that much data and that much information to collect and to be compliant on. So, when we’re getting into it, we’ll point out that you already have architecture, you already have hardware, you already have the information in there. Let’s broaden the scope more – beyond California, beyond whatever state will enact privacy legislation next. Let’s get a holistic data governance solution in place.
Q: Does that resonate well with clients?
DPPs: Yes, it does, because the benefit of data quality then becomes apparent. Everyone will agree that the key driver for data governance is data quality. Most companies have so much data collected, they just don’t know what they have. So, when they try to use the data in a specific way, for example marketing wants a “know your customer” (KYC) initiative, they realize they have disparate systems all over the place with different and competing data about the same customers. Then we hear the grumblings about the bad data quality they have. It’s the same bad data that makes data privacy compliance so difficult. At Prolifics we say that data is the most important asset a company has. A holistic data governance approach treats data like the valuable asset it is.
Our client is a large-scale transportation company and long-term Prolifics customer, providing innovative supply chain solutions to a variety of customers throughout North America. Click to explore earlier work with this client.
Challenge
Our client encountered a significant data privacy challenge, driven by the accumulation of extensive customer data. They needed to align their data practices with the California Consumer Privacy Act (CCPA), which is vital for protecting consumer privacy and legal compliance. Adherence to CCPA is essential to establish customer trust and avoid legal consequences, including fines and damage to reputation.
The central challenge was to meet the stringent requirements of CCPA while efficiently managing their extensive and complex dataset. CCPA imposed strict regulations on collecting, storing, and using customer data, necessitating our client to ensure full compliance. This included addressing requests from individuals to access their personal data, which is a fundamental aspect of CCPA compliance.
This case study illustrates how the transportation firm, operating within a heavily regulated industry, proactively addressed data privacy compliance and leveraged Prolifics Data Governance Solutions for success.
Action
To address the challenge posed by CCPA compliance, our client partnered with Prolifics, a trusted provider of data governance and privacy solutions. Prolifics devised a comprehensive approach to guide our client through its data privacy compliance journey. We helped them develop a robust Data Subject Access Request (DSAR) process. This process allows individuals to request and obtain information about their personal data held by the company, ensuring transparency and compliance with data privacy regulations. Additionally, we took proactive steps to identify and protect Personally Identifiable Information (PII) and establish data governance policies and procedures, further enhancing their data management and privacy practices.
Maturity Assessment: Prolifics initiated the project by conducting a maturity assessment to understand the current state of data governance and privacy practices.
Data Mapping: A fundamental step involved identifying all customer data dispersed across various systems, platforms, and departments within the organization. To streamline this process, automated data classification tools were employed to tag sensitive information, particularly PII, enabling easier tracking and control.
Cataloging/Inventory: An extensive catalog of the data assets was created, detailing the types of data collected and stored.
Discovery: Prolifics conducted a thorough data discovery process to locate customer data in all its forms, whether structured or unstructured.
Mapping: Data mapping was conducted to establish clear data lineage and understand how data flowed within the organization.
DSAR Process Alignment: The Data Subject Access Request (DSAR) process was aligned with CCPA requirements to ensure that customer data could be accessed and managed in accordance with the law.
Review: Continuous reviews were conducted to assess the progress and compliance status throughout the project.
Results
Through this comprehensive approach, our client not only achieved regulatory compliance but also realized tangible benefits, including improved data management, operational efficiency, and customer service. This transformation aligns their data privacy practices with CCPA regulations while positively impacting its business operations.
Enhanced Data Governance: Robust data governance policies and procedures were established, providing clear guidelines on data collection, processing, and management for CCPA compliance.
Efficient Data Management: A well-defined data governance operating model was implemented, clarifying roles and responsibilities within the organization for effective data management and compliance.
Improved Accountability: A detailed data inventory was created, ensuring accountability in handling customer data throughout its lifecycle, contributing to better data stewardship.
Streamlined DSAR Process: The DSAR process was efficiently set up, allowing customers to exercise their data access rights in compliance with CCPA, thereby enhancing customer service and compliance.
Automated DSAR Responses: An efficient technical architecture was put in place to automate and streamline DSAR responses, reducing manual effort and response times, resulting in operational efficiency gains.
Enhanced Data Visibility: Clear data lineage was established, providing better visibility into how customer data flows within the organization, enabling improved control and decision-making.
Informed Workforce: Employees received training on data privacy best practices and CCPA compliance, ensuring that all stakeholders understood their roles in protecting customer data, which contributes to a culture of data security and compliance.
Technology
The project leveraged various technology solutions to achieve these results, including:
IBM InfoSphere: Used for data mapping, cataloging, and data lineage establishment. The IBM InfoSphere stack (IBM Watson Knowledge Catalog) is a suite of software products and tools used for managing and governing data and encompasses a wide range of data-related functionalities and capabilities, including data integration, data quality, data governance, and metadata management.
OneTrust: Employed for automated data classification and DSAR process automation, ensuring compliance with CCPA. OneTrust is a software platform designed for managing compliance with data protection regulations, privacy laws, and other governance requirements.
About Prolifics’ Data Governance Solutions
Prolifics empowers your organization with comprehensive Data Governance services, ensuring data quality, accessibility, and security. Our proven framework enhances decision-making, regulatory compliance, customer satisfaction, and risk management. With prebuilt, platform-agnostic processes, we optimize your existing investments while embracing new ones. Partner with Prolifics to unlock the full potential of your data and gain a competitive edge through our customer-focused approach to data governance.
Curious to see how data governance can benefit your organization? Let’s chat! Click here to connect with our Data Governance experts and discover how we can help you drive better results with data governance.
About Prolifics
At Prolifics, the work we do with our clients matters. Whether it’s literally keeping the lights on for thousands of families, improving access to medical care, helping prevent worldwide fraud or protecting the integrity and speed of supply chains, innovation and automation are significant parts of our culture. While our competitors are throwing more bodies at a project, we are applying automation to manage costs, reduce errors and deliver your results faster.
Let’s accelerate your transformation journeys throughout the digital environment – Data & AI, Integration & Applications, Business Automation, DevXOps, Test Automation, and Cybersecurity. We treat our digital deliverables like a customized product – using agile practices to deliver immediate and ongoing increases in value. Visit prolifics.com to learn more.
Did you hear about that last big data breach? It’s a question posed more and more frequently these days, as the exposure of supposedly safe information repeatedly makes its way into the hands of malicious hackers. Neither banking information nor social security numbers are exempt, and if you recently signed up online to discreetly cheat on your spouse, beware: That information is not as secure as you think it is, either.
As data breaches go, 2019 was a bad year. In the first six months alone, the number of breaches far surpassed those in 2018, meaning roughly 3,800 breaches occurred. These breaches exposed an estimated 4.1 billion records, just from January through June. That’s a lot of credit card numbers, expiration dates, and CVVs being released into the wild. But data breaches are not new. They’ve been happening for years, compromising your data privacy in ways you never realized.
And it’s not only your financial information that’s at risk when a hacker attacks your favorite online shopping service. Your home address could be getting out there, too, along with your encrypted passwords and answers to your security questions.
Data breaches put us all at risk of horrors we’d rather avoid, such as identity theft and unauthorized charges on our credit accounts. Hackers compile the data they steal during a breach, package it up nicely, and sell it off to the highest bidder. The more complete your information — the bigger the payout.
Data breaches affect billions of people each year, including you, your loved ones, and your favorite brands. We’ve compiled a list of the 10 worst data breaches in recent history. If you frequent these establishments or use these services, odds are good that the information you provided is no longer secure:
1. Yahoo, August 2013
Even today, the 2013 attack on Yahoo stands as the worst data breach in history because it affected every single one of the 3 billion accounts stored on its server.
Customer names were compromised, as were their dates of birth, telephone numbers, and encrypted passwords.
2. Yahoo, December 2014
Shockingly, in December of 2014, Yahoo was attacked again. Email addresses were exposed this time, along with names, dates of birth, encrypted passwords, security questions, and telephone numbers. This time the data breach affected 500 million accounts, but worse? Yahoo kept news of the breach undisclosed for two years.
Members of the Russian Federal Security Service were ultimately charged with the crime, and the Securities and Exchange Commission (SAEC) fined Yahoo for failing to warn its consumers.
3. First American Financial Corporation, May 2019
In mid-2019, First American Financial Corporation suffered a data breach of their own design. It wasn’t hackers who exposed private consumer information in the incident, but rather a defect in a production application that made secure information available to anyone accessing the site.
Bank account numbers, bank statements, mortgage papers, tax records, social security numbers, drivers license images, and wire transaction receipts were accidentally made public. allowing users to access mortgage loan information dating back to 2003. Experts estimated roughly 885 million accounts were compromised in the incident.
4. Marriott International, 2014-2018
In 2018, hotel giant Marriott International alerted users to a data breach that had apparently been going on for four years. Hackers first accessed their Starwood Guest Reservation Database in 2014 and began stealing information that included names, email addresses, phone numbers, passport numbers, addresses, dates of birth, gender, loyalty program information, credit card numbers, and expiration dates.
Then, in January of 2020, Marriott was hacked again, and 5.2 million users had names, affiliations, employer names, hotel preferences, gender, age, home addresses, email addresses, and loyalty information compromised.
5. Facebook, 2019
In April of 2019, Facebook disclosed a massive data breach that affected the information of roughly 540 million users.
According to reports, it was the actions of third-party app developers who released private data that included account names and IDs, friends, photos, location check-ins, and reactions to comments.
6. Adult FriendFinder, October, 2016
In 2016, a data breach in a self-described “sex and swinger community” exposed the private information of roughly 339 million users. Embarrassingly enough, the information included usernames, email addresses, passwords, and dates of the user’s last visit to the site.
Even accounts that had been deleted were exposed in the hack. Sadly, the breach in 2016 wasn’t the first for Adult Friendfinder. Just a year prior, 4 million accounts were exposed and information leaked, including a user’s sexual preference.
Wrapped into the 2016 breach were another 69 million accounts from sites such as Cams.com, Penthouse.com, iCams.com, and Stripshow.com — all companies tied to Adult Friendfinder. The same identifiable user information was leaked, including VIP status, IP addresses, browser information, and whether items had been purchased. The breach is thought to have been generated by Russian hackers.
7. Zynga, September, 2019
The name may not be instantly recognizable, especially for those who don’t frequent the boredom-busting games on Facebook. For Farmvillers and those who play Words With Friends, however, Zynga is a household name. The mobile gaming app was hacked in late 2019, exposing the information of 218 million users.
The information leaked and sold contained Facebook and Zynga IDs, usernames, password information, and telephone numbers. The apps hacked were Draw Something and Words With Friends. Eventually, a hacker from Pakistan claimed responsibility for the breach.
8. Aadhaar, March, 2018
In 2018, a government site in India was hacked and personal identifying information exposed that is estimated to have affected 1.1 billion registered users. The site is a national ID database, containing both reported and biometric information on Indian citizens.
The information leaked contained ID numbers that are similar to U.S. social security numbers, names, and linked accounts. It’s still unclear whether thumbprint or iris scan information was made available.
9. Verifications.io, February, 2019
If you’re a company who regularly sends out newsletters or email marketing campaigns, you may use a service such as Verifications. io. This service checks email addresses to ensure they’re valid and not fake.
This helps prevent you from wasting valuable time and resources sending content to users who don’t exist, and it’s a big help to anyone who reaches consumers through email.
In February of 2019, however, Verifications, io was hacked, and email addresses of roughly 763 million users were exposed. In addition to email addresses, researches found additional bits of odd information that should not have been readily accessible.
These included mortgage amounts and loan interest rates, genders, dates of birth, and various social media log-in information.
10. eBay, May 2014
Even online auction sites aren’t safe from malicious hacking. In May of 2014, online giant ebay admitted they’d been hacked earlier in the year. Among the information exposed were passwords, names, email addresses, physical addresses, phone numbers, and dates of birth.
The breach was discovered by an eBay technology officer who noticed odd activity on the company’s network. And while eBay has repeatedly claimed that no financial information was exposed, they did ask users to update their passwords.
The eBay data breach may not seem like as big a deal as other recent breaches, but for users who have the same password across multiple sites, it opens up a back door for tech-savvy hackers to do quite a bit of damage.
Protect Your Online Data Privacy
Nearly everyone in America has an online presence today. Whether you shop online at national retailers such as Amazon and Walmart, or you regularly log in to Facebook to see what the neighbors are doing.
And just because your favorite website doesn’t have your financial information, doesn’t mean you can’t be compromised by a breach in data privacy.
When hackers obtain personal information such as your email address or telephone number, it becomes much easier for them to send phishing emails or to make phishing calls to glean more information.
Additionally, if you use the same password over and over across multiple sites, you’re letting yourself open to widespread damage.
To protect your online data experts recommend these tips:
Put passcodes on all your mobile devices. There’s a lot of information stored your phone, laptop and tablet, and if you leave one behind at the cafe and it’s not passcode-protected, whoever picks it up could easily access too much of your life, including your online banking app, and your social media logins.
Use different passwords. Probably the easiest way to help limit the damage from an online data breach is to use separate passwords across all sites you frequent. Then, when one site becomes compromised, you won’t have to change passwords everywhere else.
Amp up your privacy settings on social media. Some social media sites, such as Facebook, are continually making improvements and changes across their platforms. Unfortunately, not all those changes are helpful for users. This is why it’s important to stay on top of your privacy settings. Be careful who has access to your location check-ins, photos, and more.
It’s impossible to completely protect yourself and your information from an online data breach, but by being a bit more tech-savvy, you can certainly lessen the damage. Use these tips to help protect your data privacy while online.
