Do you have an effective grasp of where and how data flows and is stored across your organization?

Common challenges and Issues:

  • Business data owners cannot identify precisely where their data is stored, who has access to the data within the company, nor which third-party firms have access to the data.
  • No clear understanding of the laws and statutory requirements for cross border data flows.
  • The corporate Office of General Council cannot issue actionable direction and guidance on privacy compliance due to an unclear picture of data flows.
  • No method of demonstrating compliance to regulators for privacy considerations.

As part of daily business operations, organizations receive and store vast amounts of personally identifiable information (PII) information from consumers, business partners and their own confidential employee records. As this data is processed and transferred, sometimes between internal business units and other times to third parties and vendors, the company needs to have knowledge of the movement of data in or to stay within regulatory and legal compliance. The company also has the responsibility to implement adequate safeguards to protect this sensitive information from unauthorized access, use, alteration, disclosure or destruction.

How we can support you:

PrivacyMAP™ is a proprietary Milton Alexander tool which helps business unit leaders, technology owners, and legal council determine the location and movement of confidential, personal, and sensitive data elements,. PrivacyMAP™ maps the data elements to applicable laws and controls by geographic location and jurisdiction, so that proper determinations of privacy laws may be determined.

PrivacyMAP™ creates a data flow mapping showing the path of personal data between legal entities and countries. The information from PrivacyMAP™ is collected and injected into the COGS™ risk management application for privacy management. In COGS™, the applicable national and state privacy laws are mapped to each data movement. Data owners and OGC are able to login and view, manage, and audit:

  • Data Elements , by data classification and data owner, mapped to over 100 high risk data element categories.
  • Citizenship of the personal identifiable information being moved.
  • Data at movement and at rest mapped to applicable privacy laws.
  • Originating country and accessing countries, third party processing for each data element.
  • Controls necessary for privacy legal compliance mapped to individual owners and roles.
  • Self Privacy Questionnaire, with risk assessment, financial, customer and regulatory impact.
    •