Why tooling is essential to get the privacy metrics you need
In the final part of our three-part privacy metrics series, we explain a few of the ways tooling can help you run a more efficient privacy program, keep regulators happy, and show the board your worth. If you missed the earlier installments of this series, check out part 1 and part 2.
Most privacy programs start with spreadsheets. The team updates records by hand, and pulls metrics using formulas or simply counting cells. But spreadsheets don’t scale, and they don’t capture everything. Between privacy reviews, DPAs, DSARs, vendor reviews, and various customer, vendor, and inward-facing policies, there’s just too much data to organize. That makes analyzing the strength, vigor, and speed of your privacy program an incredibly time-consuming and wasteful task. Tooling lets you turn that data into a strategic asset, enabling you to steadily improve your privacy program as you scale.
Reporting
Tooling makes reporting easier, quicker, and deeper. When you’re working with spreadsheets, just counting and charting privacy reviews can be a hassle, and data entry mistakes can throw off your count. With tooling, reporting is accurate and instantaneous, and you can sort reviews by compliance regime, product, date, or any other factor.
Routine processing
Repetitive workloads like processing DSARs can be complex and time-consuming. California law requires data controllers to pass DSARs onto any partners they’ve shared data with, and ensure the request is properly processed across the whole vendor ecosystem.
Tooling can accelerate the process, and help you make sure your DSARs are being processed correctly and on time. It also makes it easier to spot and troubleshoot issues with the process. For example, if DSAR requests are dropping somewhere in your compliance-related ecosystem, you’ll be able to easily spot where the breakdown is happening and address it.
Breach response
Large companies can set standard terms for all their vendor relationships. Everyone else needs to be flexible. But as organizations take on new clients, they make all sorts of different promises in DPA. Without tooling, tracking your obligations to each client is very difficult, and most organizations simply don’t have a solution.
Whether you’re a vendor or a data controller, or both, this can make breach response a nightmare. You’ll have to sort through a huge amount of data to figure out who is responsible, what your obligations are to clients, users, and various regulatory agencies. And that’s the very worst time to be digging through a mountain of data.
Tooling enables you to pull data quickly when you need it. You’ll also be able to respond quickly, meet your obligations, and show that you’ve done everything you could to be a good data steward.
Spotting vulnerabilities
Tooling makes it easier to spot vulnerabilities before something breaks. It lets you assemble privacy reviews into a data map as you go, providing a detailed picture of your organization and vendor ecosystem. That lets you find and remediate a wide range of privacy and compliance issues, such as:
- Excessive personal data collection.
- Gaps or inconsistencies in data deletion.
- Lack of sufficient data transfer agreements or other controls.
- Insufficient vendor vetting.
- Outdated or inaccurate privacy policies.
Showing good faith effort
Ultimately, the most important goal of metrics is showing that you’ve been thoughtful and thorough. Tooling makes it a lot easier to prove that you’ve put in the work to protect data and meet your compliance obligation.
That makes it a lot easier to keep privacy regulators happy. Regulatory bodies have limited resources. They’re not interested in looking ten levels deep to find the one thing you got wrong. If you can show that you’ve done your utmost to meet all your privacy regulations, measure success, and continuously improve your privacy program, you’ll be much more likely to stay on their good side.
Tooling also helps keep the board happy. Not only does it let you prove your value, it also enables you to be a better advisor. You’ll be able to answer their questions more quickly, and provide more detailed advice on new products and features. Pretty soon, they won’t know how they did without you.
To learn more, check out the full webinar, “Privacy metrics to up level your privacy program.”
