WHAT INFORMATION WOULD DO THE MOST DAMAGE TO YOU OR YOUR ORGANIZATION IF IT WERE LOST OR LEAKED?
Each year, we see a global increase in the number of cyberattacks and in the number of data loss incidents requiring data breach notifications. Therefore, it should be no surprise that governments around the world are introducing ever more stringent data privacy regulations designed to protect individuals from data theft. The EU’s General Data Protection Regulation (GDPR) became effective on May 25, 2018 and the California Consumer Privacy Act becomes effective Jan. 1, 2020.
Managing confidential or sensitive data is a struggle for most organizations. It’s the most common target for data thieves and usually the initial driver for information governance, data compliance and security programs. Examples could include:
- Personal data, which could be personally identifiable information (PII) or could expand to include data such as religious or political affiliations, ethnic background, union memberships, personal legal judgements, etc.
- Financial data including, credit card information (PCI), bank routing and account numbers, contracts and other financial records, etc.
- Health and clinical information (HIPAA), etc.
- Student records (FERPA), etc.
- Research or intellectual property
This is a potentially long list. While many of these data types are shared by companies and highlighted by certain regulation, others can be industry or company specific. Each organization must determine their own data classification scheme and apply appropriate controls and protections for the data.
Organizations typically have high confidence in their ability to identify and manage sensitive data within structured data sources such as databases. After all, databases are designed to enable reporting and remediation. However, for many, unstructured data is a bigger challenge. While it comprises about 80% of all data stored2, unstructured data can present a critical blind spot which is notoriously difficult to control.
COMMVAULT® SENSITIVE DATA GOVERNANCE
“More than half the respondents subject to GDPR (56 percent) say they are far from compliance or will never comply.”1
REDUCE YOUR RISK, PROTECT YOUR REPUTATION, OPTIMIZE YOUR COMPLIANCE
If you don’t need to store sensitive data, just don’t. Avoid the risk and minimize your threat vectors.
As a component of Commvault Activate, Sensitive Data Governance simplifies the best practices of managing sensitive data at scale, starting with file servers and endpoints:
- At any point in time, find and tag sensitive data wherever it resides in your ecosystem and know who has access to it.
- Present the key information that allows you to prioritize a plan of action.
- Facilitate proactive sensitive data cleanup and automate your data policy with information lifecycle rules for retention and erasure.
- Ensure comprehensive response to data subject requests for disclosure or erasure.
- Prove compliance to your auditors.
Commvault® Sensitive Data Governance performs all of these functions within a single toolset, reducing the risks and costs of relying on a variety of niche products.
ANALYZE SENSITIVE DATA RISK
FIND INFORMATION QUICKLY
INITIATE DATA SUBJECT REQUESTS FOR DISCLOSURE OR ERASURE
“A good starting point is to create a prioritized list of what needs to be done. In particular, make sure that 80% of the organization’s unstructured data is addressed.”3
|CENTRALIZED SEARCH INDEX||
Use Commvault's 4D Index to create a centralized catalog of unstructured data from file servers, email systems and cloud collaboration services. harvest metadata and content from active locations.
|SENSITIVE DATA DETECTION||
Eliminate blind spots and classification gaps. Detect and extract sensitive data from within file content, based on a prebuilt set of personally identifiable information (PII) data profiles. Expand the list of data profiles based on your company’s requirements.
|INFORMATION RISK PLANNING||
Assess information risk with reports and other visualizations that illustrate where sensitive information resides across your organization’s infrastructure. This allows you to focus on the most critical items first and build your remediation and protection priorities from there.
|ACTIVE DIRECTORY INTEGRATION||
Information sourced from Active Directory allows additional analysis of devices, users and access controls to help with risk assessments and planning.
|MINIMIZE DATA RISKS||
Reduce your exposure by removing sensitive data that is not critical to your organization. Preview files to determine whether they should be retained, deleted or ignored. Move files to secure locations or delete files altogether based on your review. Set retention periods for files — and in combination with Commvault® File Archiving — automate retention and disposition.
|RESPOND TO DISCLOSURE REQUESTS||
Support sensitive data disclosure requests from data subjects, with multi-step workflows that help to identify, validate and export files containing sensitive data specific to an individual.
Examples include GDPR Right of Access by the Data Subject [Art. 15].
|RESPOND TO ERASURE REQUESTS||
Support sensitive data erasure requests from data subjects, with multi-step workflows that help identify, validate and delete files containing sensitive data from the source location, specific to an individual.
Examples include GDPR Right to Erasure (‘Right to be Forgotten’) [Art. 17].
|PROOF OF COMPLIANCE||
Demonstrate compliance with comprehensive audit logging, detailing every action taken with the Commvault solution.
Role-based access enables secure processing between IT, DPO and other stakeholders.
- IAPP-EY Annual Privacy Governance Report 2018
- Structured vs. Unstructured Data, Datamation August 2017
- IDC White Paper, sponsored by Commvault, Five Essential Steps for GDPR Compliance, March 2017
- Carla Arend (2017 March) Five Essential Steps for GDPR Compliance. IDC Opinion