Sometimes organizations have a vague sense that data privacy risks lurk in their systems and operations, but don’t have a handle on where exactly that risk might lie. Privacy may now be a prioritized company initiative and you’re responsible for managing the risk but don’t know where to start. Perhaps other entities you do business with are inquiring about your privacy practices, or you need to assess the risk profile of new operations from expansion or acquisition.
Getting a clear picture of the complete data lifecycle across the organization – or a particular product or business operation – becomes critical. Data Discovery & Classification is often the first step, providing you with transparency on how personal information is collected, used, stored and transferred, both within the organization and with third parties. This assessment is designed to provide you with a comprehensive view of your data landscape.
Key Benefits
- Powerful insight on the risks at every stage of the data lifecycle enabling you to successfully manage large and complex exchanges of information
- Detailed and actionable reports to implement immediate steps for privacy compliance
- Full-service team of privacy experts by your side throughout the assessment process
- Legal knowledge with practical business process implementation experience
- Powered by TRUSTe’s Data Privacy Management (DPM) Platform’s state-of-the-art privacy technology for assessment management, compliance control, and website monitoring
- Key regulatory relationships as a leading service provider for several of the world’s regulatory and self-regulatory compliance agencies
- Flexible scope to cover enterprise-wide or a single product/process/line of business
- Rapid response, in as little as 4 to 6 weeks, dependent on scope and complexity
- Streamlined process minimizes disruption to your daily business operations
Our People
TRUSTe Privacy Services are delivered by our Privacy Consultants and Privacy Services Managers, a team of recognized data privacy experts with significant experience conducting privacy assessments. Our team has a unique hybrid background of privacy, technology, business process, and project management experience. All are CIPP trained or certified, many have law degrees, and have hands-on experience working for a wide range of companies including Adobe, American Express, Citrix, Comcast, HSBC Bank, IBM, Kimberly-Clark, Microsoft, Pfizer, and many more.
Our privacy team leverages nearly 20 years experience delivering data privacy management solutions for thousands of global brands along with our comprehensive technology platform. We also have key regulatory relationships and are a leading provider of privacy services supporting regulatory and self-regulatory compliance programs for a wide range of agencies including APEC, DOC, DAA, EDAA, and FTC.
Established Assessment Methodology
TRUSTe has an established assessment methodology based on almost two decades of experience delivering privacy services to thousands of clients around the world. Privacy Consultants deliver the Data Discovery & Classification Assessment in a streamlined 3-step process.
1: Comprehensive Data Discovery
The focus of this particular type of assessment is to provide you with a detailed and comprehensive inventory of relevant data flows and potential risks across your organization. We conduct initial interviews with relevant subject matter experts within your organization to understand the data life cycle, including what data you collect, how you use it, who you share it with, third party agreements, use of trackers, privacy disclosures, opt-outs, and much more. We provide you with the flexibility to cover enterprise-wide or focus on a single product/process/line of business.
TRUSTe then conducts in-depth interviews on site or remotely to fully map data flows from the point of data collection, storage and processing, resources involved in processing data (internal systems, third party service providers, cloud providers), and retention and deletion practices. In addition, we work with your team to gather supporting documents, such as product requirements documents, database schemas, and third party integration agreements.
2: Risk Classification
Armed with information from the Data Discovery, we help you organize the data by type, purposes, uses, and associated risk levels. We apply our proprietary scanning technology to applicable websites and mobile apps, shedding light on trackers and tracking technologies used, with Privacy Sensitive Index (PSI) scoring and insight into personally identifiable information (PII) data collection.
3: Findings Report
The Findings Report summarizes the results of the Comprehensive Data Discovery & Risk Classification analysis. It includes broad analysis on any points in the data flow with potential risk areas requiring further diagnostic or remediation measures, providing you with the information you need to take immediate next steps for privacy compliance.