Establish Guardrails for Data

Audit and Report on Data Privacy

Chief Corvus Officer
August 26, 2021

Strong data governance and security pave the way for straightforward privacy compliance.

Your definition of personal data

The very definition of personal data lies at the heart of any work on privacy. And it changes necessarily by the organization in question. Wearable fitness company? Your device ID is personal data. Car manufacturer? A vehicle identification number (VIN) is personal data.
Open Raven provides a set of default classes for personal data as well as a completed collection (group of classes) for starters. From there, creating a custom data class for things like device IDs and VINs is a snap and can then be added to the default collection to fully fit your needs.

Create Data Class panel with Class Information on the left and the Validator Function Editor on the right.
Adding custom data classes to find your own, unique customer IDs can be done directly in the UI or with the help of our support team.

Dynamic data inventory as the foundation

While privacy regulations across the globe vary meaningfully, at their core they all rely upon an organization having an up-to-date understanding of its data inventory. Open Raven lays down this foundation for you by automatically locating your data stores and then allowing you to inventory their contents at the interval of your choosing: hourly, daily, etc.

Visualizing data transfer

Data transfer across geographical boundaries has long been a focus of regulators and when Privacy Shield was invalidated in July of 2020, knowing where sensitive data can flow became more important than ever.
Understanding and communicating data transfer is as easy as clicking a button at a location where sensitive data resides within the 3D map to examine its peering relationships that allow for data flow across regions.

Map showing the VPC to VPC Peering between Hong Kong and EU Frankfurt regions.
Need to know if source code can go from Frankfurt to Hong Kong? The answer is a click away.

Spotting the need for a privacy impact assessment

Privacy Impact Assessments (PIA) were introduced with the General Data Protection Regulation (Art. 35 of the GDPR). Ideally they’re done at the outset of any new project that processes data where it poses “high risk to the rights and freedoms of natural persons.” Conditions are hardly ever ideal and Open Raven can help with the messy reality of discovering new locations where data is being processed and a PIA may be necessary. A simple policy looking for new instances of personal data (f.k.a. PII) across your environment can be used for monitoring and proactive alerting of where your GDPR or related obligations may have changed.

Enabling data subject access requests (and more)

Present day PrivacyOps requires fulfillment of data subject access requests (DSAR), data deletion requests and much more. Behind the scenes, all of these requirements mean you must know all the locations where data resides before you have a chance of being able to extract it, delete it, etc.
Open Raven is the ideal partner to a privacy project as the platform allows for ready API access to where data is located, what data is available and more so that PrivacyOps can rely on a complete, solid foundation.

Search, reporting and analytics with integrated Splunk

Splunk is one of the world's leading SIEMs, and for good reason. It utilizes a powerful search processing language (SPL) for security teams to search, report, and analyze log events across countless services, at scale. Until today, security teams would need to go to other tools, services or even interview service owners to gather critical data context. By integrating Splunk's powerful search and analytics function directly into Open Raven's modern data security platform, security teams can now include various security controls and data types with their searches, dashboards, reports and analytics for more valuable insights and quicker answers.

Analytics search page where a user can submit a query to see events.

Don't miss a post

Get stories about data and cloud security, straight to your inbox.