TO YOUR DATA
Giving applications unrestricted access to your customers’ sensitive or regulated user data can lead to privacy violations, increased risk of breach and lost customer trust. Even if access to a specific user profile or data source is granted, internal and external applications may only require a subset of that data to function. Privacy directives, like the EU’s General Data Protection Regulation (GDPR), may also require the capture and enforcement of user consent when sharing data. But you can’t rely on applications to only request the appropriate data. What you need are centralized data access governance policies with fine-grained, attribute-by-attribute control. This is where PingDataGovernance comes in.
PingDataGovernance helps you meet diverse regional, industry and corporate privacy regulations. You can require customer consent before allowing partners to access customer data or restrict an app’s access to sensitive personally identifiable information (PII) altogether. Policies can be enforced based on customer profile attributes like citizenship, age or consent preferences. Combined, these centralized policies ensure regulatory compliance by enforcing consent and allowing you to give customers control over their own data, as well as insight into how it’s being used.
ACCESS SENSITIVE DATA
IN ONE PLACE
Enterprise IT environments are complicated enough. You don’t need to add another convoluted patchwork of data access rules into each application. With PingDataGovernance, all internal and external applications can leverage a single API call that will return only the appropriate user data. To determine the data that’s returned, policies can evaluate attributes and preferences from the customer profile being requested, data from other repositories and information about the app making the request. This can help you meet regulatory requirements by restricting data that a user hasn’t consented to share, or it can reduce your attack surface by denying access to sensitive PII that an app doesn’t need.
COMPLY WITH GDPR.
The GDPR out of the EU has a number of requirements that dictate how EU citizen data should be treated. PingDataGovernance helps you comply with GDPR by capturing consent around which apps have access to a customer’s data and how it can be used. Then, when an app requests customer data, consent can be enforced by only returning the data if a customer has agreed to share it with the app. You can also give control and insight to your customers by allowing them to view and revoke consent at any time.
TACKLE THE ERA OF PSD2 AND
Banks are making compliance a high priority. The second Payment Services Directive (PSD2) requires EU banks to open up their data via APIs, and Open Banking defines a standardized method for doing so. Regulations aside, companies all over the world are looking to open APIs to enable new digital business models. The Ping Identity Platform helped define Open Banking’s standards, and it strictly adheres to them for both payment provider and account aggregation use cases. It enforces consent to ensure that only the appropriate data is securely returned to applications that make requests to its REST APIs.
PingDataGovernance allows customer service reps, heads of household or other delegated administrators to securely access third-party user data. Through centralized policies, it can limit the scope of user search results to only those users a delegated administrator has the right to view. It can even enforce which specific attributes delegated administrators can view and edit within an identity profile.
making marketing sense of 100 million customers
One of America’s largest retailers needed to govern access to the data of their nearly 100 million customers, based on criteria that made them eligible for marketing campaigns. They needed to prevent applications from accessing certain attributes of ineligible customers so they could meet customer privacy expectations and enforce communication preferences.
The retail giant used PingDataGovernance to centrally define attributes that qualified “marketable” customers. The apps requesting their information were only given the appropriate marketing attributes of customers who qualified and only basic attributes for those who didn’t.