The Privacy Lawyer: It's Time To Build A Data Map - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

04:32 PM

The Privacy Lawyer: It's Time To Build A Data Map

Building a data map will help your company deal with the challenges of tracking information that comes into your business, Parry Aftab says.

One of the biggest challenges faced by privacy or compliance professionals is tracking information that comes into the company--how it's used, for what purposes, and who has access to that information. Without that knowledge, no one can be sure the company is in compliance with contracts, applicable law, or its risk-management plans.

Building a data map will help your company deal with this challenge.

To determine what information is collected and stored by the company, a "data inventory" or "data audit" must be conducted. Once the information and access points and use are determined, a flow chart is created mapping information flow. This is generally called a data map and is crucial to compliance and strategic planning.

Each privacy or compliance professional thinks the grass is always greener at other companies. Smaller organizations have fewer points of data inflow, but also fewer resources to gather the requisite information. Larger companies have more resources, but vastly more access points and conduits for information flow. Surprisingly, they also have less knowledge about how other units, divisions, and companies within their corporate structure can access and use the information. So, in this case at least, the grass is always in need of watering, chemicals, and care, no matter what the size of the company you're working with. No one has an easy job when data compliance and mapping are involved.

The initial questions to answer for your data audit are the easy ones:

  • What kinds of data are you collecting?

  • How is it being collected and input?

  • Why was it collected?

  • Were special conditions on its use established at any time?

  • How and where is it stored? What software and hardware are used in its storage?

  • How can the data be accessed? What software and hardware are used in its access?

  • Who has access to it by authority and by ability?

  • For what purpose do they have access?

  • Where are those who have access to the data? Do they work from a corporate location, on the road, or from home or shared offices?

  • If laptops are involved, what security measures are taken for their loss or for theft of data?

  • How is authority to access the data controlled, supervised, or reviewed?

  • Are there backups? How and where are they stored? Answer the same questions posed above about backups.

  • Who can make changes to data, how, and for what purpose?

  • Can the data be transmitted? In bulk or only on an individual basis?

  • How is all of this logged or documented? Where are the logs or documents stored?

  • How are they accessed? How are those logs flagged to show unusual transactions?

  • Who receives those flagged logs?

  • Is any of this data available on PDA, palmheld devices, or handheld devices? If so, what security measures are taken for their loss or for theft of data?

  • What firewalls, software, and encryption systems are used?

  • Who has access to those?

  • Who receives reports of any intrusions or attempted intrusions to those systems?

Other questions, often unasked, can be the most telling. They include:

• Are you logging discussion groups, message boards or other communication methods at your Web site? Think about all the input options at your Web site --site registrations, E-commerce, and newsletter signups. Do you collect E-mail addresses? What kinds of forms are used? Do they collect information in data streams? Are cookies or data-tracking technologies used? Any downloadables?

• If you attend trade shows or job fairs, do you collect business cards from conference attendees? Are your employees asked to update databases and contact lists with new business-card information? Do you use relationship programs to help pair needs with existing relationships for networking purposes?

• Do you have a customer-service help line or product-warranty service line? What information is collected and how is it used? For contests, giveaways, or sweepstakes, or for sharing or cross-marketing deals with magazines, advertisers, or affiliates? Do you use coupons? How are they processed and redeemed? Rebates? Special consumer offers?

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll