3rd Party Overview

Responsible Data Discovery is built to give you a better, more accurate view into your organization's privacy risk. It enables privacy managers to have automated and up-to-date inventory reports and informed impact assessments. It powers the fulfillment of comprehensive access and deletion requests. And it shifts your risk reduction to be more proactive with better informed policies and controls around your data processing.

DataGrail’s Approach

Detect data in structured or semi-structured data systems

DataGrail helps you protect sensitive data from compromise by identifying and categorizing it for structured data sources (relational databases), schema-less systems (NoSQL stores), and a growing list of customizable third-party applications like Salesforce, Zendesk, and Braze.

Always up-to-date so you don’t have to be

To keep up with evolving compliance laws and data governance regulations, DataGrail classifies data from your company’s data sources and maps it to smart categories. That way, you can help auto-populate common privacy deliverables like DPIAs, RoPAs, subject requests, and more.

Grow the understanding of your tech stack

Apps you use everyday hold personal data, from Salesforce and Zendesk to internal systems and databases. DataGrail employs a smart taxonomy to systemize consumer-sensitive data held in those systems so you can deliver on data protection and privacy requirements quickly.

How It Works

Secure by Design

We do not want to add to your privacy and security risk. As such, we’ve developed a novel approach that doesn’t require mirroring your data in our systems.

Instead, DataGrail leverages its existing integration network to scan metadata and to perform a light-weight sample of data values. A best-effort is made using APIs (and their limitations) to randomly sample data (typically no more than 20,000 records) to obtain representative samples. These are performed on a weekly basis during off-hours while honoring rate limits to ensure no disruption of day-to-day operations.

Once sampled, the data is pre-processed and fully anonymized (using a k-anonymity factor of more than 20). The anonymized data is then classified using our machine learning models.

Data Classification

Key to a better understanding of your privacy footprint are DataGrail’s proprietary classification models, which are able to map thousands of data elements to a few dozen categories (see personal data taxonomy).

Classification accuracy will vary, but DataGrail optimizes for recall (i.e., as few false negatives as possible), given the cost of not identifying personal data, especially if sensitive, far outweighs that of misclassifying some data elements as containing personal data (false positives).

Up-to-date Reporting

Automated Data Category Updates

As new categories are detected, privacy managers will be alerted automatically with no need to do this manually by system owners via surveys or questionnaires.

Similarly, system reports will be updated automatically with new categories and privacy managers will be able to quickly review.

Sensible Reviews

Reviews can be done at the category level, without having to paginate through thousands of data elements. Once approved, these reports will automatically inform RoPAs, privacy impact assessments and more.

Detailed Reporting

If you want a more detailed view, reports with all data elements are available for review in-app and via export.

Personal Data Taxonomy

info

Categories bolded below have better support.

Contact Information

• Email Address
• Name (full, first or last)
• Phone Number (landline, mobile or fax)
• Address (postal, billing)
• Username, Social Handle or Alias (addressable)

Employment & Business Information

• Application Number
• Beneficiaries
• Benefits Information
• Company Name
• Criminal Convictions
• Dietary Preferences
• Emergency Contacts
• Employee Identification Number
• Employment Decision Record
• Employment History or Status
• Individual Quotas
• Job Role, Title or Position
• Payroll Information
• Performance Information
• Bio or Profile
• Salary Information
• Sponsorship Information
• Travel Data

Education Information

• Assessment or Score
• Degree or Certification
• Education Status or History
• Graduation or Attainment Date
• School or Accreditation Body

Government Identification

• Driver’s License or Other State ID
• Taxpayer Identification Number (TIN)
• Immigration or Naturalization Number
• Other Government Identifier (Military Identification, Known Traveler, Registro Geral (BZ), My Number (JP) etc)
• Passport Number
• Professional License Number
• National Insurance Number (SIN, SSC, SNAP, GHIC etc)
• Social Security Number (SSN)
• Vehicle or License Plate Number (VIN)

Demographics & Psychographics

• Age, Birthday or Range
• Audience Segment
• Birthplace or Hometown
• Citizenship or Naturalization
• Education Level
• Family and Lifestyle
• Gender
• Geography
• Immigration Status
• Income or Range
• Interests, Favorites, Possessions
• Marital Status
• Military Status
• Nationality
• Political Opinions or Affiliation
• Preferred Language
• Presence of Children
• Racial or Ethnic Origin
• Religious or Philosophical Beliefs
• Sex Life or Sexual Orientation
• Trade Union Membership
• Veteran Status

Online & Mobile Data

• Ad Engagement (views, clicks etc)
• App or Site Usage (visits, sessions, downloads etc )
• Inferred or Derived Data
• Browsing History
• Consents, Opt-Outs and Preferences
• Electronic Signature
• Email Engagement (views, opens, clicks, clickthrough etc)
• Personal Directory Information (calendar, address book, call/text log, files etc)
• Communication Contents (mail, email, messages etc)
• Social Profile
• Requests, Posts, Comments, Reviews and Ratings
• Search History

Online & Mobile Identifiers

• Beacon ID
• Browser or Device Profile (type, OS, language, resolution, apps etc)
• Device ID (MAC, Apple ID, Android ID, Ad ID, serial etc)
• Hashed Email or Phone
• Household ID
• IoT Device ID
• IP Address
• User ID
• Website Visitor ID (cookies, pixels, strings, ad browser fingerprint)

Security & Diagnostics Data

• Access and Change Logs
• Crash and Event Logs
• Credentials (usernames with passwords)
• Network Logs
• Security Logs
• Activation, Recovery or Verification Information

Audiovisual & Sensor Data

• Audio
• Photos
• Sensors
• Video

Location Information

• Coarse Location (geo, ZIP, radio tower, public beacon etc)
• Precise Location (GPS, lat/long, personal beacon, location over time)

Biometric Data

• Fingerprint
• Facial Patterns
• Iris Patterns
• Voice Patterns
• Handwriting

Genetic Data

• DNA
• Family Genomics
• Ethnographics

Health & Medical Data

• Fitness, Diet and Wellness
• Heart Rate
• Condition
• Treatment
• Medical History
• Medical Record Number
• Insurance, Claims and Billing Information
• Prescription Information
• Height and Weight

Payment & Financial Information

• Account Balance
• Bank or Financial Account
• Bank or Financial Institution
• Commercial Decision Record
• Credit Score or History
• Customer ID
• CV2/CVV2/Visual Cryptogram
• Know Your Customer (KYC) Information
• Payment Information (credit, debit, pay service)
• Payment Service Code
• Personal PIN or Access Code
• Purchase, Order or Transaction Details
• Tax and Filing Information

Other

• Custom personal data categories and elements directed by DataGrail Customers