TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
0 likes135 views
The webinar presented by TrustArc and Privya focuses on the importance of data inventories for regulatory compliance, risk management, and strategic planning amidst increasingly complex privacy laws. It emphasized the challenges of manual data inventory creation and the benefits of automation and code-based data discovery strategies, particularly those offered by partnering companies. The integration of TrustArc's data inventory hub with Privya's AI-driven data discovery tools aims to streamline inventory management, enhance compliance, and mitigate risks associated with third-party data sharing.
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
- 1. © 2024 TrustArc Inc. Proprietary and Confidential Information. Simplifying Data Inventory Management: Automation and Code-Based Data Discovery Using TrustArc and Privya
- 2. 2 Legal Disclaimer The information provided during this webinar does not, and is not intended to, constitute legal advice. Instead, all information, content, and materials presented during this webinar are for general informational purposes only.
- 3. 3 Speakers Val Ilchenko General Counsel & Chief Privacy Officer TrustArc Assaf Amitay CEO Privya Kristen Nosky Vice President of Product Management TrustArc Dr. Uzy Hadad Founder & CTO Privya
- 4. Agenda ● Why Do Data Inventories Matter? ● Problem Statement ● Data Inventory Hub Overview ● TrustArc’s Inventory and Discovery Strategy ● Privya’s Code-Based Data Discovery Strategy ● The Privya-TrustArc Integration
- 5. 5 Why Do Data Inventories Matter? ● Regulatory Compliance ○ Streamline privacy program compliance operations especially around responding to individual rights requests and managing consents. ○ In addition to GDPR/UK GDPR, and the State of CA, a number of national privacy laws (e.g., Brazil, Thailand, and Vietnam) require maintaining records of processing activities. ● Risk Management ○ Important to understand risk footprint. Inventories help assess what is being processed by your organization. ● InfoSec Planning ○ Businesses need to understand what data they maintain to understand proper security measures, possible blast radius in the event of an incident, etc. ● Strategic and Budget Planning ○ Understanding data collection and maintenance helps with budget planning around all functions that deal with privacy, security, availability, etc. ● Customer Obligations; Sales Support ○ RFP, InfoSec/Privacy Questionnaires, online disclosure (e.g., sub-processors), etc. increasingly require “taking inventory” of systems, data, etc. in use. ✓ ✓ ✓ ✓ ✓
- 6. 6 Problem Statement: Manual, Time-Consuming, Challenging Creating a comprehensive data inventory is important for legal, regulatory, transparency, security, budget planning, and other purposes – as noted in the prior slide. However, legacy methods are no longer viable – by the end of this year (2024), Gartner predicts that 75% of the modern world will be covered by privacy laws and systems continue to become more complex. ● Manual data inventory creation (e.g., excel sheets, manual questionnaires, etc.) can significantly prolong the process, ranging from weeks to months without automation ● Common methods rely on manual tactics: ● Cross-functional teams engage in assessments and collaborative efforts with the Privacy and Security teams to ensure data accuracy and security ● Alignment with Security and Procurement teams ● Regular follow up and revalidation – highly manual ● Responses are static (not maintained between audits) ● The absence of automation impedes the realization of tool benefits, remaining a significant blocker for many organizations' program goals. ● Streamlining data inventory management and incorporating automation is imperative to identify, prioritize, and monitor your data risk. ● Note on Val’s Personal Experience
- 7. 7 Data Inventory Hub Overview ● Data Inventory Creation - map your data and data flows for ROPA compliance across your systems, vendors, company affiliates, and internal processes ● Risk Detection - detect data transfer risk and receive alerts. Proprietary risk engine is based on 130+ global laws. ● Report Generation - export pre-built reports such as Article 30 report or Business Process report to demonstrate compliance to regulators. ● Automated Remediation - generate automated follow-up actions for each record and flag through Automation Rules to conduct a PIA or Vendor Assessment.
- 8. 8 Partnership TrustArc’s Data Discovery & Automation Strategy Third Party & System Record Exchange TrustArc’s Record Exchange is pre-populated with the most popular system and third party records. Customers can add pre-created records to their own inventory’s with one click. Integrations Use our third party connector library to automatically create third party and system records. TrustArc Data Inventory Hub Solutions Third Party Discovery TrustArc’s Third Party Discovery tool scan’s customer’s websites and identifies the third parties being used and automatically creates those third party records in the data inventory. AI Autofill Autofill System and Third Party Records using our AI Autofill feature. Simply type in the system or third party record name and click the AI Autofill button to populate the remaining fields. Data Discovery Privya's AI-driven code scanning helps organizations save resources, comply with regulations, and protect their reputation by automatically identifying and mapping personal data collection, usage, and storage, including third-party access. This eliminates manual processes and ensures regulatory compliance. NOW LIVE NOW LIVE
- 9. Data Discovery Use Cases & Benefits Data discovery solutions focus on automating portions of data inventory building and bringing visibility to which systems and what data is being processed by your organization Leveraging Privya’s code-based scanning technology and integration with TrustArc, Data Inventory Hub customers will be able to: Streamline Inventory Creation: Automate the process of creating and managing data inventory records Auto Detect AI Usage: Auto detect when AI is being used to process data and take remedial action Automate Risk & Reporting: Leverage discovered data to understand your organization’s risk and produce reports
- 11. 11 In the simplest term… Scanning lines of code Identify keywords, patterns/flows and/or themes for PII or SPI (e.g. drivers license, phone number, email address, etc.) Categorize and assess risk!
- 12. 12 Data Identification and Classification ● Scans the entire code portfolio, including legacy systems, cloud-based applications, and third-party integrations ● Automatically identifies and categorizes personal information (PI), sensitive personal information (SPI), and other critical data such as when AI is being used to process data ● Up-to-date automatic data classification across the organization ● Save time and resources by eliminating manual data discovery processes ● Enables proactive privacy risk management and compliance with regulations such as GDPR, CCPA/CPRA, HIPAA, PCI DSS and more
- 13. 13 Data Lineage and Flow Mapping ● Maps the flow of data throughout the organization, providing a complete view of data movement across systems, applications, and third parties ● Enables end-to-end tracing of data from origin to destination, identifying dependencies, potential vulnerabilities, and compliance gaps ● Identifies complex relationships between projects, including direct and indirect data flows, and other hidden connections ● Offers powerful impact analysis capabilities to understand the downstream effects of one project on the entire software ecosystem
- 14. 14 AI/ML Model Detection and Governance ● Automatically detects and inventories artificial intelligence (AI) and machine learning (ML) models within the codebase, across all frameworks and libraries used ● Facilitates end-to-end governance of AI/ML technologies, ensuring compliance with emerging regulations such as the EU AI Act and NIST AI RMF ● Provides insights into the purpose of AI/ML models, enabling informed decision-making and the implementation of appropriate governance measures
- 15. 15 Third-Party Data Sharing and Risk Management ● Detects data sharing with third parties, providing insights into what data is shared and how it is processed ● Identifies and assesses risks associated with third-party data access (vendor assessment), helping organizations prioritize and mitigate potential vulnerabilities ● Provides a centralized view of third-party access rights and permissions* ● Integrates with identity and access management (IAM) platforms like Okta * Coming soon
- 16. 16 The Privya-TrustArc Integration Data inventory SPI/PI AI/ML Third Party Sharing Data Inventory Hub ● End-to-end data privacy automation: from discovery to risk analysis and reporting ● Continuous code-based data discovery, including AI/ML model detection ● Automated data collection for ROPA, DPIA, and real-time compliance risks ● Integration with TrustArc's Data Inventory Hub ● Robust privacy and security risk analysis using TrustArc's proprietary risk engine
- 17. 17 Thank You!