SlideShare a Scribd company logo
1 of 17
Download to read offline
© 2024 TrustArc Inc. Proprietary and Confidential Information.
Simplifying Data Inventory Management:
Automation and Code-Based Data
Discovery Using TrustArc and Privya
2
Legal Disclaimer
The information provided during this webinar does
not, and is not intended to, constitute legal advice.
Instead, all information, content, and materials presented during
this webinar are for general informational purposes only.
3
Speakers
Val Ilchenko
General Counsel & Chief Privacy Officer
TrustArc
Assaf Amitay
CEO
Privya
Kristen Nosky
Vice President of Product Management
TrustArc
Dr. Uzy Hadad
Founder & CTO
Privya
Agenda
● Why Do Data Inventories Matter?
● Problem Statement
● Data Inventory Hub Overview
● TrustArc’s Inventory and Discovery Strategy
● Privya’s Code-Based Data Discovery Strategy
● The Privya-TrustArc Integration
5
Why Do Data Inventories Matter?
● Regulatory Compliance
○ Streamline privacy program compliance operations especially around responding to
individual rights requests and managing consents.
○ In addition to GDPR/UK GDPR, and the State of CA, a number of national privacy laws
(e.g., Brazil, Thailand, and Vietnam) require maintaining records of processing activities.
● Risk Management
○ Important to understand risk footprint. Inventories help assess what is being processed by
your organization.
● InfoSec Planning
○ Businesses need to understand what data they maintain to understand proper security
measures, possible blast radius in the event of an incident, etc.
● Strategic and Budget Planning
○ Understanding data collection and maintenance helps with budget planning around all
functions that deal with privacy, security, availability, etc.
● Customer Obligations; Sales Support
○ RFP, InfoSec/Privacy Questionnaires, online disclosure (e.g., sub-processors), etc.
increasingly require “taking inventory” of systems, data, etc. in use.
✓
✓
✓
✓
✓
6
Problem Statement: Manual, Time-Consuming, Challenging
Creating a comprehensive data inventory is important for legal, regulatory, transparency, security,
budget planning, and other purposes – as noted in the prior slide. However, legacy methods are
no longer viable – by the end of this year (2024), Gartner predicts that 75% of the modern world
will be covered by privacy laws and systems continue to become more complex.
● Manual data inventory creation (e.g., excel sheets, manual questionnaires, etc.) can
significantly prolong the process, ranging from weeks to months without automation
● Common methods rely on manual tactics:
● Cross-functional teams engage in assessments and collaborative efforts with the
Privacy and Security teams to ensure data accuracy and security
● Alignment with Security and Procurement teams
● Regular follow up and revalidation – highly manual
● Responses are static (not maintained between audits)
● The absence of automation impedes the realization of tool benefits, remaining a significant
blocker for many organizations' program goals.
● Streamlining data inventory management and incorporating automation is imperative
to identify, prioritize, and monitor your data risk.
● Note on Val’s Personal Experience
7
Data Inventory Hub Overview
● Data Inventory Creation - map your data
and data flows for ROPA compliance
across your systems, vendors, company
affiliates, and internal processes
● Risk Detection - detect data transfer risk
and receive alerts. Proprietary risk engine
is based on 130+ global laws.
● Report Generation - export pre-built
reports such as Article 30 report or
Business Process report to demonstrate
compliance to regulators.
● Automated Remediation - generate
automated follow-up actions for each
record and flag through Automation Rules
to conduct a PIA or Vendor Assessment.
8
Partnership
TrustArc’s Data Discovery & Automation Strategy
Third Party & System
Record Exchange
TrustArc’s Record Exchange
is pre-populated with the
most popular system and
third party records.
Customers can add
pre-created records to their
own inventory’s with one
click.
Integrations
Use our third party
connector library to
automatically create
third party and system
records.
TrustArc Data Inventory Hub Solutions
Third Party Discovery
TrustArc’s Third Party
Discovery tool scan’s
customer’s websites and
identifies the third parties
being used and
automatically creates
those third party records
in the data inventory.
AI Autofill
Autofill System and
Third Party Records
using our AI Autofill
feature. Simply type in
the system or third
party record name and
click the AI Autofill
button to populate the
remaining fields.
Data Discovery
Privya's AI-driven code
scanning helps organizations
save resources, comply with
regulations, and protect their
reputation by automatically
identifying and mapping
personal data collection,
usage, and storage, including
third-party access. This
eliminates manual processes
and ensures regulatory
compliance.
NOW LIVE
NOW LIVE
Data Discovery
Use Cases &
Benefits
Data discovery solutions focus on automating portions of data
inventory building and bringing visibility to which systems and
what data is being processed by your organization
Leveraging Privya’s code-based scanning technology and
integration with TrustArc, Data Inventory Hub customers
will be able to:
Streamline Inventory Creation: Automate the process of creating
and managing data inventory records
Auto Detect AI Usage: Auto detect when AI is being used to
process data and take remedial action
Automate Risk & Reporting: Leverage discovered data to
understand your organization’s risk and produce reports
Understanding Code-Based Data
Discovery
11
In the simplest term…
Scanning lines of
code
Identify keywords,
patterns/flows and/or
themes for PII or SPI
(e.g. drivers license,
phone number, email
address, etc.)
Categorize and
assess risk!
12
Data Identification and Classification
● Scans the entire code portfolio, including legacy
systems, cloud-based applications, and
third-party integrations
● Automatically identifies and categorizes
personal information (PI), sensitive personal
information (SPI), and other critical data such
as when AI is being used to process data
● Up-to-date automatic data classification
across the organization
● Save time and resources by eliminating manual
data discovery processes
● Enables proactive privacy risk management
and compliance with regulations such as GDPR,
CCPA/CPRA, HIPAA, PCI DSS and more
13
Data Lineage and Flow Mapping
● Maps the flow of data throughout the organization,
providing a complete view of data movement across
systems, applications, and third parties
● Enables end-to-end tracing of data from origin to
destination, identifying dependencies, potential
vulnerabilities, and compliance gaps
● Identifies complex relationships between projects,
including direct and indirect data flows, and other hidden
connections
● Offers powerful impact analysis capabilities to
understand the downstream effects of one project on the
entire software ecosystem
14
AI/ML Model Detection and Governance
● Automatically detects and inventories artificial intelligence (AI) and machine learning (ML) models within the
codebase, across all frameworks and libraries used
● Facilitates end-to-end governance of AI/ML technologies, ensuring compliance with emerging regulations such
as the EU AI Act and NIST AI RMF
● Provides insights into the purpose of AI/ML models, enabling informed decision-making and the
implementation of appropriate governance measures
15
Third-Party Data Sharing and Risk Management
● Detects data sharing with third
parties, providing insights into what
data is shared and how it is
processed
● Identifies and assesses risks
associated with third-party data
access (vendor assessment),
helping organizations prioritize and
mitigate potential vulnerabilities
● Provides a centralized view of
third-party access rights and
permissions*
● Integrates with identity and access
management (IAM) platforms like
Okta
* Coming soon
16
The Privya-TrustArc Integration
Data inventory
SPI/PI
AI/ML
Third Party Sharing
Data Inventory Hub
● End-to-end data privacy automation: from discovery
to risk analysis and reporting
● Continuous code-based data discovery, including
AI/ML model detection
● Automated data collection for ROPA, DPIA, and
real-time compliance risks
● Integration with TrustArc's Data Inventory Hub
● Robust privacy and security risk analysis using
TrustArc's proprietary risk engine
17
Thank You!

More Related Content

Similar to TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
Ulf Mattsson
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UK
Ulf Mattsson
 

Similar to TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery (20)

Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
 
Cloud Audit and Compliance
Cloud Audit and ComplianceCloud Audit and Compliance
Cloud Audit and Compliance
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 
INTERVIEW QUESTION FOR IT AUDITOR
INTERVIEW QUESTION FOR IT AUDITORINTERVIEW QUESTION FOR IT AUDITOR
INTERVIEW QUESTION FOR IT AUDITOR
 
CISA (1).pdf
CISA (1).pdfCISA (1).pdf
CISA (1).pdf
 
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEWFREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series  SEIM Log AnalysisCybersecurity Series  SEIM Log Analysis
Cybersecurity Series SEIM Log Analysis
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
 
HPE-Security update talk presented in Vienna to partners on 15th April 2016
HPE-Security update talk presented in Vienna to partners on 15th April 2016HPE-Security update talk presented in Vienna to partners on 15th April 2016
HPE-Security update talk presented in Vienna to partners on 15th April 2016
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
 
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...
 
Privacera Databricks CCPA Webinar Feb 2020
Privacera Databricks CCPA Webinar Feb 2020Privacera Databricks CCPA Webinar Feb 2020
Privacera Databricks CCPA Webinar Feb 2020
 
It implement-it-asset-management-executive-brief
It implement-it-asset-management-executive-briefIt implement-it-asset-management-executive-brief
It implement-it-asset-management-executive-brief
 
Get your Enterprise Ready for GDPR
Get your Enterprise Ready for GDPRGet your Enterprise Ready for GDPR
Get your Enterprise Ready for GDPR
 
Leveraging Log Management to provide business value
Leveraging Log Management to provide business valueLeveraging Log Management to provide business value
Leveraging Log Management to provide business value
 
Big Data Security Challenges: An Overview and Application of User Behavior An...
Big Data Security Challenges: An Overview and Application of User Behavior An...Big Data Security Challenges: An Overview and Application of User Behavior An...
Big Data Security Challenges: An Overview and Application of User Behavior An...
 
GDPR - Top 10 AWS Security and Compliance Best Practices
GDPR - Top 10 AWS Security and Compliance Best PracticesGDPR - Top 10 AWS Security and Compliance Best Practices
GDPR - Top 10 AWS Security and Compliance Best Practices
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UK
 
apidays LIVE Paris 2021 - Data privacy in the era of cloud native app by Guil...
apidays LIVE Paris 2021 - Data privacy in the era of cloud native app by Guil...apidays LIVE Paris 2021 - Data privacy in the era of cloud native app by Guil...
apidays LIVE Paris 2021 - Data privacy in the era of cloud native app by Guil...
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter Most
 

More from TrustArc

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
TrustArc
 

More from TrustArc (20)

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI Innovations
 
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 States
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy Compliance
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
 
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsPrivacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy Certifications
 
The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...
 
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI Governance
 
How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act:  Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act:  Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
 

Recently uploaded

Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 

Recently uploaded (20)

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
The Metaverse: Are We There Yet?
The  Metaverse:    Are   We  There  Yet?The  Metaverse:    Are   We  There  Yet?
The Metaverse: Are We There Yet?
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

  • 1. © 2024 TrustArc Inc. Proprietary and Confidential Information. Simplifying Data Inventory Management: Automation and Code-Based Data Discovery Using TrustArc and Privya
  • 2. 2 Legal Disclaimer The information provided during this webinar does not, and is not intended to, constitute legal advice. Instead, all information, content, and materials presented during this webinar are for general informational purposes only.
  • 3. 3 Speakers Val Ilchenko General Counsel & Chief Privacy Officer TrustArc Assaf Amitay CEO Privya Kristen Nosky Vice President of Product Management TrustArc Dr. Uzy Hadad Founder & CTO Privya
  • 4. Agenda ● Why Do Data Inventories Matter? ● Problem Statement ● Data Inventory Hub Overview ● TrustArc’s Inventory and Discovery Strategy ● Privya’s Code-Based Data Discovery Strategy ● The Privya-TrustArc Integration
  • 5. 5 Why Do Data Inventories Matter? ● Regulatory Compliance ○ Streamline privacy program compliance operations especially around responding to individual rights requests and managing consents. ○ In addition to GDPR/UK GDPR, and the State of CA, a number of national privacy laws (e.g., Brazil, Thailand, and Vietnam) require maintaining records of processing activities. ● Risk Management ○ Important to understand risk footprint. Inventories help assess what is being processed by your organization. ● InfoSec Planning ○ Businesses need to understand what data they maintain to understand proper security measures, possible blast radius in the event of an incident, etc. ● Strategic and Budget Planning ○ Understanding data collection and maintenance helps with budget planning around all functions that deal with privacy, security, availability, etc. ● Customer Obligations; Sales Support ○ RFP, InfoSec/Privacy Questionnaires, online disclosure (e.g., sub-processors), etc. increasingly require “taking inventory” of systems, data, etc. in use. ✓ ✓ ✓ ✓ ✓
  • 6. 6 Problem Statement: Manual, Time-Consuming, Challenging Creating a comprehensive data inventory is important for legal, regulatory, transparency, security, budget planning, and other purposes – as noted in the prior slide. However, legacy methods are no longer viable – by the end of this year (2024), Gartner predicts that 75% of the modern world will be covered by privacy laws and systems continue to become more complex. ● Manual data inventory creation (e.g., excel sheets, manual questionnaires, etc.) can significantly prolong the process, ranging from weeks to months without automation ● Common methods rely on manual tactics: ● Cross-functional teams engage in assessments and collaborative efforts with the Privacy and Security teams to ensure data accuracy and security ● Alignment with Security and Procurement teams ● Regular follow up and revalidation – highly manual ● Responses are static (not maintained between audits) ● The absence of automation impedes the realization of tool benefits, remaining a significant blocker for many organizations' program goals. ● Streamlining data inventory management and incorporating automation is imperative to identify, prioritize, and monitor your data risk. ● Note on Val’s Personal Experience
  • 7. 7 Data Inventory Hub Overview ● Data Inventory Creation - map your data and data flows for ROPA compliance across your systems, vendors, company affiliates, and internal processes ● Risk Detection - detect data transfer risk and receive alerts. Proprietary risk engine is based on 130+ global laws. ● Report Generation - export pre-built reports such as Article 30 report or Business Process report to demonstrate compliance to regulators. ● Automated Remediation - generate automated follow-up actions for each record and flag through Automation Rules to conduct a PIA or Vendor Assessment.
  • 8. 8 Partnership TrustArc’s Data Discovery & Automation Strategy Third Party & System Record Exchange TrustArc’s Record Exchange is pre-populated with the most popular system and third party records. Customers can add pre-created records to their own inventory’s with one click. Integrations Use our third party connector library to automatically create third party and system records. TrustArc Data Inventory Hub Solutions Third Party Discovery TrustArc’s Third Party Discovery tool scan’s customer’s websites and identifies the third parties being used and automatically creates those third party records in the data inventory. AI Autofill Autofill System and Third Party Records using our AI Autofill feature. Simply type in the system or third party record name and click the AI Autofill button to populate the remaining fields. Data Discovery Privya's AI-driven code scanning helps organizations save resources, comply with regulations, and protect their reputation by automatically identifying and mapping personal data collection, usage, and storage, including third-party access. This eliminates manual processes and ensures regulatory compliance. NOW LIVE NOW LIVE
  • 9. Data Discovery Use Cases & Benefits Data discovery solutions focus on automating portions of data inventory building and bringing visibility to which systems and what data is being processed by your organization Leveraging Privya’s code-based scanning technology and integration with TrustArc, Data Inventory Hub customers will be able to: Streamline Inventory Creation: Automate the process of creating and managing data inventory records Auto Detect AI Usage: Auto detect when AI is being used to process data and take remedial action Automate Risk & Reporting: Leverage discovered data to understand your organization’s risk and produce reports
  • 11. 11 In the simplest term… Scanning lines of code Identify keywords, patterns/flows and/or themes for PII or SPI (e.g. drivers license, phone number, email address, etc.) Categorize and assess risk!
  • 12. 12 Data Identification and Classification ● Scans the entire code portfolio, including legacy systems, cloud-based applications, and third-party integrations ● Automatically identifies and categorizes personal information (PI), sensitive personal information (SPI), and other critical data such as when AI is being used to process data ● Up-to-date automatic data classification across the organization ● Save time and resources by eliminating manual data discovery processes ● Enables proactive privacy risk management and compliance with regulations such as GDPR, CCPA/CPRA, HIPAA, PCI DSS and more
  • 13. 13 Data Lineage and Flow Mapping ● Maps the flow of data throughout the organization, providing a complete view of data movement across systems, applications, and third parties ● Enables end-to-end tracing of data from origin to destination, identifying dependencies, potential vulnerabilities, and compliance gaps ● Identifies complex relationships between projects, including direct and indirect data flows, and other hidden connections ● Offers powerful impact analysis capabilities to understand the downstream effects of one project on the entire software ecosystem
  • 14. 14 AI/ML Model Detection and Governance ● Automatically detects and inventories artificial intelligence (AI) and machine learning (ML) models within the codebase, across all frameworks and libraries used ● Facilitates end-to-end governance of AI/ML technologies, ensuring compliance with emerging regulations such as the EU AI Act and NIST AI RMF ● Provides insights into the purpose of AI/ML models, enabling informed decision-making and the implementation of appropriate governance measures
  • 15. 15 Third-Party Data Sharing and Risk Management ● Detects data sharing with third parties, providing insights into what data is shared and how it is processed ● Identifies and assesses risks associated with third-party data access (vendor assessment), helping organizations prioritize and mitigate potential vulnerabilities ● Provides a centralized view of third-party access rights and permissions* ● Integrates with identity and access management (IAM) platforms like Okta * Coming soon
  • 16. 16 The Privya-TrustArc Integration Data inventory SPI/PI AI/ML Third Party Sharing Data Inventory Hub ● End-to-end data privacy automation: from discovery to risk analysis and reporting ● Continuous code-based data discovery, including AI/ML model detection ● Automated data collection for ROPA, DPIA, and real-time compliance risks ● Integration with TrustArc's Data Inventory Hub ● Robust privacy and security risk analysis using TrustArc's proprietary risk engine