I was fortunate to arrive into one of my roles at the start of a well-supported Data Transformation that had been bankrolled and empowered to fundamentally evolve the company’s Data Governance… I say “evolve” when honestly we had precisely zero DG prior to project kick-off. People had no idea:
- what data we owned
- which of the owned data our people were allowed to access
- how any of the owned & accessible data could be reached and queried
When asked by consultants (wheeled in to help establish the business case and a “data governance maturity” measure for the company) to score our DG understanding & processes, the CEO had responded with a confident 5 out of 5. Nobody was able to articulate what the difference was, for us, between general/commercial/procedural governance and Data Governance.
An early milestone in the roadmap to DG maturity was the identification of a Data Catalog as one major missing tool in our toolbox. The more we researched about the role of DCs the more confident we felt in likening them not just to traditional shopping/mall catalogs but to information kiosks. Part of Collibra’s value was the vast information available:
- about them via Gartner, Forrester, and other research/evaluations
- from them via pre-sales & business development personnel
- by them in the form of Collibra University (see previous blog posts)
But I wasn’t able to take the evaluation any further than an initial POC after it becamse apparent Collibra did not fit our particular use case.
I’ll finish by going over some of the featuers of a recentlt-added new feature in their version 5.7: Collibra Privacy & Risk:
- a CCPA solution on top of Data Privacy platform
- an improved user interface to drive adoption by business users
- scorecards to track maturity as to privacy standards like CCPA
Process register & data mapping
Not an explicit requirement in CCPA but from here you access
- access requests
- transparency requirements
- sufficient security measures in place
- determine roles and responsibilities for the people who ensure you remain compliant
- develop accurate and concise definitions
- identify where personal information resides
CCPA has defined several bases that can be used for processing personal information in certain cases
Privacy by design
- process register & data mapping
- risk assessment
- Data Protection Impact Assessments
- remediation workflows
Data retention periods
“There are three certainties in life: death & taxes, and data breaches”. This feature of CP&R enables quick access to information about retention times to help assess & address breaches not if, but when they happen.
Data subject rights management
Manage access requests in a timely & cost-effective way.
Data breach response
What if something goes wrong? CP&R enables you to:
- log a potential data breach
- assign issue manager to investigate
- if genuine, determine best path forward incl reporting to relevant stakeholders
Third-party privacy profiles
Managing the risks of disclosing data to third parties.
- track maturity of the privacy program
- provide regulatory reports to supervisors