PROTIP – Fulfill a DSAR with StealthAUDIT 11.0

A Data Subject Access Request (DSAR), a common term amongst data privacy regulations, is an individual’s right to request information on personally identifiable information (PII) an organization has gathered about them, how that organization is using that data, and who that data has been shared with. Responding to a DSAR could be a daunting task for organizations, which often lack the necessary plumbing to be able to identify exactly where a given individual’s PII exists within their environment. It is integral that organizations do not wait until they receive their first DSAR to figure this plumbing out, because the inability to respond to one in a timely fashion can result in steep fines depending on the regulation.

StealthAUDIT can help to streamline the most difficult aspect of a DSAR by providing a mechanism to identify where PII exists across both structured and unstructured data repositories, and correlate it back to a given data subject. The Access Information Center (AIC) then provides an easy to use interface that allows compliance, legal, or security professionals to quickly locate all data pertaining to a specific individual.

In this month’s Pro-Tip, we will take a deeper dive into how to fulfill a DSAR using the Stealthbits Data Privacy Engine.  

Stealthbits’ Data Privacy Engine

In StealthAUDIT 11.0, the Stealthbits’ Data Privacy Engine works in conjunction with StealthAUDIT Sensitive Data Discovery scans to create an efficient, secure IdentityIndex™ containing identity-related attributes about customers and other potential subjects from verified systems of record which are then used by StealthAUDIT’s Sensitive Data Discovery engine to perform exact data matching against virtually any cloud or on-premises data repository.

Step 1: Extract Identity-Related Attributes

The AnyID Connectors job group provides a series of preconfigured jobs which allow end-users to integrate with third-party systems of record such as Paycom or Salesforce, to extract a list of potential data subjects along with relevant bits of PII such as Social Security Number, Address, or Phone Number.

While preconfigured integrations are available for Salesforce, Paycom, and Epic Clarity, end users can build their own integration or leverage the pre-built CSV import when third party APIs are not available or export is the best option.

Each AnyID Connector provides easily configurable parameters to indicate the subject type (e.g. Employee, Customer, Patient, etc) and required attributes to be retrieved from the source repository. Once run, the list of subjects and attributes are stored in StealthAUDIT’s secure IdentityIndex™.

Step 2: Exact Data Matching

Creating a “Subject Profile” for each individual, StealthAUDIT’s Sensitive Data Discovery engine can now perform exact data matching against target structured or unstructured data repositories.  Each AnyID Connector adds an additional sensitive data criteria which can be selected when configuring sensitive data scans within StealthAUDIT.

Once data collection routines have been run, organizations will have all of the data necessary in order to be able to locate the whereabouts of an individual’s information within the enterprise using nothing more than their name.

Step 3: Conduct Search in AIC

A new Data Privacy role has been added to the AIC which allows for instantaneous searching and results regarding where a data subject’s information exists throughout the organization. Simply log into the AIC as a user who has been assigned the Data Privacy role, and type in the name of a given data subject.

The search results will provide a summary of the types of information that was found for the data subject, along with the repositories where the information was found:

A detailed listing of files and tables is included which can be easily exported for further verification and processing.

Conclusion

Stealthbit’s Data Privacy Engine is able to do in minutes what takes alternative providers days or weeks, handling the heavy lifting of the entire DSAR process so organizations of all sizes can achieve compliance with virtually any current or future privacy regulation.

Learn more about Stealthbits’ approach to Data Privacy and Security.