With new data privacy regulations popping up all over the world, respecting your customers’ privacy takes more than just reactive remedies. You need to take a proactive approach to privacy. Even if your company isn’t subject to data privacy regulations, respecting your customers is a moral imperative. We believe data privacy is a right, and your customers probably do, too.
To give you the visibility and controls you need to respect your customers’ data privacy, Segment is launching the Privacy Portal. The Privacy Portal enables you to:
Automatically detect and classify your customer data to create a dynamic customer data inventory
Monitor changes to your inventory with real-time alerts
Enforce your company’s data privacy policies with privacy controls
Streamline regulatory compliance with Segment’s existing tools for user deletion and suppression
The Privacy Portal is now available to all Segment customers. Workspace owners can log in to the app and visit the Privacy Portal to get started.
Respecting your customers’ privacy shouldn’t be hard
To prepare for regulations like the GDPR or the CCPA, most companies have created a data inventory with details on what personal information they collect, where they collect it from, where it is stored, and who has access to it. A data inventory not only makes it easier to comply with data subject access requests, but also enables you to quickly assess the impact of incidents so you can take action.
The bad news is that creating an inventory is typically a long, arduous process that never accurately captures the current state of data at your company.
At Segment, we created our first inventory when we were preparing for the GDPR. It took us four months, multiple surveys, countless hours of manual mapping, and a task force. Even worse, by the time we created our inventory, it was already out of date.
If you’ve ever been asked to compile this information for your company’s data inventory, you likely know it’s no easy task. And if you haven’t, it’s only a matter of time before your privacy team asks you to help with one.
That’s why we built the Privacy Portal. The Privacy Portal arms our customers with the technology they need to automate this process for Segment data and address the shortcomings of static data inventories.
Create your customer data inventory in minutes
The Privacy Portal automatically detects and classifies personal information as it’s collected in real time. This means you can create a dynamic data inventory for all of your Segment data—no surveys required!
Here’s how it works:
Automatic data detection: The first time you access the Privacy Portal, we’ll scan the sources connected to your workspace to give you an instant snapshot of what personal information you’re collecting on your website, mobile app, servers, and cloud apps. We use both exact and fuzzy matching to detect both the key (property name) and value. That means if an email address is hidden in a property called
usernameor if an IP address is sent in a field called
ip adrs, we’ll still be able to detect it.
Risk-based classification: From there, each data point is matched against common PII fields and assigned a risk-based classification of red, yellow, or green. To align with your company or industry, you can also configure your own custom classifiers to match your data against. This classification gives you and your teammates the context you need to assess and manage risk effectively.
With the Privacy Portal, all you have to do is review your data assets, confirm or modify the classification, and then click “add to inventory.” And just like that, you’ve quickly and easily created a data inventory of your Segment data.
The data inventory is your single source of truth for every data point you’re collecting with Segment. It’s organized by classification and provides you with the visibility you need to answer questions like “Which sources are collecting the most restricted data?” or “Which destinations are we sending IP address to?”
Workspace owners can even export their inventory as a CSV to share with their privacy or legal teams. Having a one-stop-shop for all this information will give these teams confidence that you are respecting your company’s privacy guidelines, without slowing you down in your day-to-day work. This inventory also arms both data owners and risk managers with the necessary context to have productive conversations about what’s risky in order to align on your company’s approach to data privacy.
Get notified of new data points
To make sure you’re never caught off guard when new data points are collected, we can send you a Slack notification with helpful context like the name of the data point, where the data point was collected from, and a recommended classification of red, yellow, or green. From there, you can click “visit inbox” to classify it and add it to your inventory.
If you don’t use Slack, you can forward privacy alerts to any destination your team uses or configure a webhook to send alerts to tools like PagerDuty.
Manage your risk exposure with privacy controls
Chances are your company has guidelines around what type of personal information you’re allowed to collect and what information is off limits. For example, Segment does not collect social security numbers (SSNs) from our customers. SSN is one of many data points that our internal policies prohibit us from collecting.
While visibility is helpful when it comes to respecting your customers’ privacy, knowledge alone isn’t enough. Traditional data inventories only tell you what personal data your company has collected. They don’t help you prevent restricted data from being collected or sent along to the wrong analytics tools.
Because the Privacy Portal sits on top of your customer data infrastructure, your inventory is actionable with Segment. Privacy controls enable you to prevent restricted fields from being collected at the source. This turns your reactive data inventory into a proactive privacy management solution. These standard privacy controls are available to all customers.
We recognize that not every marketing or analytics tool you use needs to receive all of your customers’ personal information. Customers with access to Protocols, Segment’s data quality product, can also configure advanced privacy controls to hash or selectively route customer data to specific destinations based on their classifications. This granular control enables Protocols customers to:
IP addressfield before sending it to analytics tools
Protect customer data by only sending
Give your privacy team confidence by only sending yellow data to approved destinations
Segment’s commitment to privacy
From the very beginning, Segment has been committed to helping our customers respect their customers’ privacy. This includes our commitment to first-party data, our ongoing investment in products to help customers comply with the GDPR and CCPA, and now, the Privacy Portal.
On the roadmap, we’re excited to build solutions for consent management and will be giving you more options to run Segment in your own environment.
Or if you’re new to Segment and want to learn more, you can request a personalized demo.
To learn more about how you can use the Privacy Portal to automate your data privacy program, sign up for our upcoming webinar here.