Privacy Compliance

GDPR Compliance

One of the most significant areas of the GDPR requires organizations to address and demonstrate privacy controls for the treatment of customer data that protects the rights of individuals. This requires a justified legal basis for storing and processing customer data for each and every purpose.

The use of customer data in Data Science environments, where the risk of re-identification is considered higher is an area where organizations are most exposed to GDPR. Therefore, it requires a Privacy Impact Assessment (PIA) to be performed. 

CryptoNumerics helps controllers and processors address GDPR data compliance when using customer data in Data Science environments. Our solutions, CN-Protect and CN-Insight, can be used to demonstrate and meet GDPR compliance requirements by:

  • Implementing ‘Data Protection by Design’ and ‘By Default’
  • Automated assessment for the risks of re-identification
  • Applying anonymization and pseudonymization protection
  • Supporting organizational and technical controls for Legitimate Interest processing in Data Science environments
  • Demonstrating a balance between the rights of individuals and the interests of the controller to do Data Science
  • Generating Privacy Based Audit and Compliance report

    GDPR Compliance

    One of the most significant areas of the GDPR requires organizations to address and demonstrate privacy controls for the treatment of customer data that protects the rights of individuals. This requires a justified legal basis for storing and processing customer data for each and every purpose.

    The use of customer data in Data Science environments, where the risk of re-identification is considered higher is an area where organizations are most exposed to GDPR. Therefore, it requires a Privacy Impact Assessment (PIA) to be performed.

    CryptoNumerics helps controllers and processors address GDPR data compliance when using customer data in Data Science environments. Our solutions, CN-Protect and CN-Insight, can be used to demonstrate and meet GDPR compliance requirements by:

     

    • Implementing ‘Data Protection by Design’ and ‘By Default’
    • Automated assessment for the risks of re-identification
    • Applying anonymization and pseudonymization protection
    • Supporting organizational and technical controls for Legitimate Interest processing in Data Science environments
    • Demonstrating a balance between the rights of individuals and the interests of the controller to do Data Science
    • Generating Privacy Based Audit and Compliance report

    HIPAA Compliance

    For healthcare organizations, analyzing Protected Health Information (PHI) is important to improve health outcomes and improve healthcare delivery. Quite often, the most powerful analytical insights depend on the PHI in the data. However, the HIPAA Privacy Rule requires healthcare providers, health plans and their associates to de-identify any PHI that they hold or transmit. They must either follow Safe Harbor or Expert Determination methods.

    CryptoNumerics’ software helps healthcare organizations avoid these problems by:

    • Analyzing your data to assess the risk of PHI exposure 
    • Applying Safe Harbor or Expert Determination methods to de-identify your data to ensure Compliance 
    • Preserving the maximum analytical value of your data while satisfying HIPAA
    Privacy Risk Assessment

    Within Data Science environments, there is an increased risk of re-identification of an individual due to the volume of different datasets and indirect identifiers containing the analytical value for data science use cases. Additionally, there is the risk of combining internal data with external data, which can be used to re-identify an individual even when direct identifiers have been anonymized. Current approaches for risk assessment are limited to manual data review and are considered is ineffective because they lead to and exposing organizations being exposed to non-compliance and fines.

    A new generation of privacy automation beyond just anonymizing direct identifiers is now available through CryptoNumerics implemented at an enterprise-class level.  Metadata classification occurs upon ingestion of the data sets using advanced ML. Only when this metadata information is available can an automated systems-based approach for privacy risk assessment and scoring can be applied. 

    CryptoNumerics’ CN-Protect helps businesses to:

    • Automatically assess the risk of re-identification of an individual even with anonymized data
    • Balance Privacy Protection with demand for data with analytical value for Data Science
    • Demonstrate ethical use of customer data for Data Science
    • Demonstrate that the rights of the individual have been acknowledged in Data Science
    • Generating Privacy Based Audit and Compliance reports

    Privacy Risk Assessment

    Within Data Science environments, there is an increased risk of re-identification of an individual due to the volume of different datasets and indirect identifiers containing the analytical value for data science use cases. Additionally, there is the risk of combining internal data with external data, which can be used to re-identify an individual even when direct identifiers have been anonymized. Current approaches for risk assessment are limited to manual data review and are considered is ineffective because they lead to and exposing organizations being exposed to non-compliance and fines.

    A new generation of privacy automation beyond just anonymizing direct identifiers is now available through CryptoNumerics implemented at an enterprise-class level.  Metadata classification occurs upon ingestion of the datasets using advanced ML. Only when this metadata information is available can an automated systems-based approach for privacy risk assessment and scoring can be applied. 

    CryptoNumerics’ CN-Protect helps businesses to:

    • Automatically assess the risk of re-identification of an individual even with anonymized data
    • Balance Privacy Protection with demand for data with analytical value for Data Science
    • Demonstrate ethical use of customer data for Data Science
    • Demonstrate that the rights of the individual have been acknowledged in Data Science
    • Generating Privacy Based Audit and Compliance reports

    Privacy Policy Enforcement

    For businesses, it is important to make sure that every dataset adheres to the privacy rules defined by Risk and Compliance. Unfortunately, that has become an extremely cumbersome process due to the manual labour required by data scientists, thus increasing inefficiencies and costs.

    CryptoNumerics’ CN-Protect solution allows businesses to:

    • Define roles-based and access-based data privacy rules
    • Enforce privacy protection policy for all data prior to being published into Data Science environments
    • Apply privacy protection actions to indirect identifiers in balance with the demand for analytical value for data science

    Privacy Audit and Compliance Reporting

    Demonstrating and defending privacy compliance is mandatory to regulations such as: HIPAA, GDPR, CCPA, PIPEDA and others around the world. Risk & Compliance teams need to report on key data points such as what risk assessments were performed and what privacy protection actions were applied to the indirect identifiers to remove the risk of re-identification.  Audit teams need a fast and efficient method to review the privacy controls to each dataset published into data science environments.

    CryptoNumerics’ CN-Protect allows Risk & Compliance and Audit teams to address:

    • What risk assessments and privacy protection actions were applied to data
    • What privacy protection was applied to indirect identifiers and how that reduced the risk of re-identification
    • What were the risk scores applied to each data set published for Data Science

    Privacy Audit and Compliance Reporting 

     

    Demonstrating and defending privacy compliance is mandatory to regulations such as: HIPAA, GDPR, CCPA, PIPEDA and others around the world. Risk & Compliance teams need to report on key data points such as what risk assessments were performed and what privacy protection actions were applied to the indirect identifiers to remove the risk of re-identification.  Audit teams need a fast and efficient method to review the privacy controls to each dataset published into data science environments.

    CryptoNumerics’ CN-Protect allows Risk & Compliance and Audit teams to address:

    • What risk assessments and privacy protection actions were applied to data
    • What privacy protection was applied to indirect identifiers and how that reduced the risk of re-identification
    • What were the risk scores applied to each dataset published for Data Science

    Get In Touch