Data privacy, the process of collecting, storing, managing and sharing access to data with third parties, is a crucial factor in ensuring business success. While myriad types of data about consumers and businesses can be collected, the need for certain controls, standards and security levels are universal no matter what kind of data is involved.
This is a source of significant concern among businesses and consumers. A KPMG report last August revealed that “62% felt that their companies should do more to protect customer data” and “86% of [consumers] said they feel a growing concern about data privacy, while 78% expressed fears about the amount of data being collected. Some 40% of the consumers surveyed don’t trust companies to use their data ethically, and 13% don’t even trust their own employers.”
Trust is key for any business, whether earning it from customers or their own staff. All it can take is one data breach to lose trust that has been built up for years, impacting company operations, reputation and staffing.
With that in mind, this guide can help you determine the features, considerations and data privacy software options that are the best fit for your company.
Data privacy software: Common features
Regardless of vendor, quality data privacy software should include these standard offerings (as applicable to the selected software options and their intended function):
- Usage/accessibility on company operating systems and devices
- Centralized management and access controls
- Data discovery/management capabilities
- Data usage measurement features
- Policy-based privacy management
- Risk assessment tools for potential privacy impact
- Compliance assessment and management tools related to required regulations or standards across multiple geographies
- Ease of training and use
- Automation and minimal user interference
- Identity and access management
- Customer consent management controls
- Data security such as encryption at rest and in transit
- Data loss prevention and endpoint protection controls
- Tailored device management capabilities (for instance for mobile devices)
- Compliance/data breach monitoring and alerting
- Backup operations
Data privacy software: Industry-specific considerations
Data privacy is even more complex when the diversity of various industries and their individual requirements are taken into account. Specific rules may apply to industries based on their function, customer requirements and governmental regulations. These rules stem from such frameworks as the EU General Data Protection Regulation (GPDR), the California Consumer Privacy Act (CCPA), the Health Insurance Portability and Accountability Act (HIPAA) and others.
GPDR rules apply to all public and non-profit institutions that process data of European citizens. CCPA rules apply only to for-profit businesses with residency in California or that process data for at least 50,000 California residents and have annual revenues over $25 million or make at least half their annual revenue selling California resident data. Further policies may also apply to certain business fields as specified below.
Social media organizations
Per GPDR and CCPA, these companies have strict data privacy rules requiring the following:
- Consent-based data sharing/selling
- Providing users the right to opt out from any data collection or usage
- Providing users the ability to delete their social media history
- Providing users their own data via a downloadable method
- Providing users data breach notifications within 72 hours
- Using plain language in usage agreements
Federally-funded educational institutions are governed by the Family Educational Rights and Privacy Act (FERPA), which was enacted in 1974 and stipulates that underaged student data cannot be disclosed without the permission of their guardian, institutions must send a two-day notice in advance asking for this consent, and this notice must specifically lay out the reasons for for data disclosure.
While these are more procedural operations as opposed to technological options, it’s still a good idea to keep these requirements in mind when utilizing data privacy software on student information.
Online financial businesses
The Gramm-Leach-Bliley Act (GLBA) applies to these organizations and stipulates that these organizations must fully disclose their information-sharing practices to customers and offer them the right to opt-out of having their data shared with certain third parties.
Health care services
HIPAA applies to all health care providers, and it specifies what type of data is protected underneath its structure: medical records, conversation and personal and billing information.
HIPAA requirements apply to all organizations providing health care, responsible for billing and payments, assisting in the administration of health care plans, storing data, and to individuals working with the above responsibilities.
HIPAA mandates that customers must be notified of the specifics involving how their data will be used (and provided reports on data usage), must provide consent for usage, must be allowed to access and make corrections to their data, and have the right to make complaints regarding their data misusage to the provider involved or the U.S. Department of Health and Human Services.
Data privacy software: Geographical considerations
Covering the full expanse of geographical considerations for data privacy across multiple geographical areas would fall outside the scope of this article, and details should be researched depending on where specific companies and their customers reside.
ICLG.com provides a handy up-to-date guide for data protection laws and regulations for 34 jurisdictions and can offer specific details based on location. When selecting data privacy software, consult with prospective vendors to ensure that their products adhere to your required guidelines.
Data privacy software: 5 popular products
OneTrust Consent Management Platform
OneTrust offers a cloud-based Software as a Service platform that starts at $30 per month (depending on the level of selected offerings) including the following:
- Data catalog and mapping
- Data rights
- Artificial intelligence -based data discovery
- Assessment automation
- Risk management
- Integration API
- Website compliance scanning
- Cookie management
- Publisher and mobile app compliance
- A legal research compliance tool called DataGuidance that can track changes against compliance law to ensure adherence.
OneTrust received a score of 8.5 out of 10 in user satisfaction on TrustRadius.com, a software review website.
Crownpeak Universal Consent Platform
Crownpeak’s Universal Consent Platform suite provides the following options:
- Compliance support
- Opt-in and opt-out functionality for customers
- Notice and consent gateways
- Customizable banners for selecting privacy settings
- Granular user consent controls for direct and third-party data collection
- Automated scanning to identify third-parties with access to customer data utilizing a database with over 5,000 vendors
- Reporting and dashboards
A free trial and a free/freemium version is available. Contact Crownpeak for specific paid-feature pricing.
Crownpeak received a score of 8.1 out of 10 in user satisfaction on TrustRadius.com.
Cookiebot by Usercentrics
Cookie management is the name of Usercentrics data privacy game and Cookiebot uses a scanning technique that inventories and controls all website cookies/trackers to confirm compliance in data use. It has the ability to block these objects until users provide consent using a customizable banner.
A free trial and a free/freemium version is available and there is an optional $10 per domain set up fee.
Cookiebot received a score of 9.3 out of 10 in user satisfaction on TrustRadius.com.
Archer Integrated Risk Platform
Archer’s risk management platform offers the following options:
- Secure access
- Risk quantification and remediation
- Process automation
- Compliance management
- Third-party governance
- Audit management
- Solid reporting functionality.
A free trial and a free/freemium version is available. Contact Archer for specific paid feature pricing.
Archer received a 7.9 out of 10 in user satisfaction on TrustRadius.com.
Informatica Data Privacy
Informatica Data Privacy discovers and protects personal data, analyzes data movement/usage, analyzes risks and remediates problems using artificial intelligence automation. Dashboards, reports and visualization capabilities help users get the most value from the product and predefined rules and templates help getting up to speed on the software.
A free trial and a free/freemium version is available. Contact Informatica for specific paid feature pricing.
Informatica Data Privacy received an 8.9 out of 10 in user satisfaction on TrustRadius.com.
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays