New privacy regulations have companies and consumers asking three mirrored questions. What do you know about me? How did you come about this information? What are you going to do with it? I describe them as mirrored questions because both companies and consumers reflect on the implications of the information collected. Further, both are concerned as to whether or not the data provides an accurate picture of a person.
Long before the new privacy regulations came into play, Zia Consulting did a number of things to help both companies and consumers address these questions. As a system integrator, Zia focused on helping companies transform data into actionable information. We worked with organizations to discover what information was collected, and how to effectively process, secure, disseminate, and retain that information throughout its entire lifecycle. A big part of this process was helping customers discover what information was considered sensitive. From there, we helped them determine the best methods for guarding this information from unauthorized access and unwarranted disclosure as it moved internally and externally.
In many cases, the customers we work with are looking to retire or replace legacy systems, or critical applications that have been in place for some time. One of the key characteristics of our discovery process is our ability to provide complete diagnostic services to determine the best options for rehosting and/or reworking these systems and applications. This process involves taking a deep dive into data lineage to understand, record, and visualize data as part of an information lifecycle. In every case the process requires diagnosing unstructured information and reviewing all the upstream and downstream data flows. Once discovery is complete, we provide a roadmap that talks through the best methods for incorporating various data capture and extraction tools. From there, we can determine the best application process and storage tools to swiftly and securely extract and validate data. At the same time, we mitigate the business risk of poor data quality, unauthorized access, and information retention.
We know that privacy awareness continues to affect both corporations and consumers as the regulatory landscape evolves worldwide. Companies that process or collect data on their consumers will have to coordinate and comply with multiple regulatory frameworks and more stringent data protection standards. This will require taking an agile approach to automation that allows for growth and better cybersecurity, data security, and data breach notifications. These are essential for protecting the consumer. The high cost for non-compliance goes beyond fines and penalties to loss of income and reputation.
Zia has a systematic process for addressing privacy governance. Once the information flow and design is confirmed, we deploy a pilot to production prototype to validate a scalable repeatable data and content lifecycle model. The key principle of a pilot is to evaluate and uncover all the critical aspects of the information process, and provide useful insights that result in either design improvements or alternative solutions. Privacy Aware Governance involves defining all of the organization’s business functions and roles in protecting and maintaining information. This includes helping organizations identify redundant, obsolete, and trivial (ROT) data, as well as incorporating redaction and retention rules that ensure both corporate and government compliance.
At Zia Consulting, our Privacy Aware Governance roadmap is designed to provide a series of sprints that will result in quick wins for your organization. Let’s start a conversation about how we can help your organization incorporate a Privacy Aware framework that is designed to protect personal information and govern it across the organization from inception to disposition.