data access governance

Address data privacy challenges in a modern world

what it solves

get everyone on the same page with data security

Governing access to customer data is increasingly complex for a global enterprise. Internally, there are security teams, database administrators, API developers and business units that rely on that data and consider themselves the authority on who can do what with it. Externally, you have multiple data protection regulations to comply with, as well as raised expectations of data privacy from customers themselves. Reconciling these forces requires a collaborative policy administration interface where stakeholders can centrally test and enforce any and all policies around data access enterprise wide.

read the white paper
how it solves it

fine-grained api access
to user data

APIs are everywhere, and they allow you to open your enterprise systems to internal apps and partners. But regulated and sensitive data such as healthcare records, IoT device data and banking transactions are also being exposed through APIs. It’s a major challenge for organizations to set up data governance policies, including granular approaches to specify exactly who’s authorized to do what with your APIs. Even more, you may need dynamic authorization based on real-time context like client privileges and the sensitivity of what’s being accessed.

how it solves it

comply with
consumer data regulations

Increasingly, organizations must adhere to one or more consumer data protection regulations. They need a way to flexibly build and enforce policies to meet requirements, while also complying with future legislation. Here are some common regulations enterprises are dealing with today:

  • GDPR

    The EU’s General Data Protection Regulation (GDPR) requires a legal basis, including consent, for sharing and processing data of EU citizens. Stronger rules on data protection mean people have more control over their personal data, and businesses benefit from a level playing field.

    learn more
  • CCPA

    The California Consumer Privacy Act (CCPA) gives consumers important new data privacy rights to take back control of their personal information. They have the right to know what information corporations are collecting about them, they can tell a business not to share or sell their data, and they’re protected against companies that are careless about data privacy.

    learn more
  • CDR

    Australia’s Consumer Data Right (CDR) is a competition and consumer reform that’s requiring several industries (banking, energy and telecommunications) to give consumers access to their own data through APIs. Consumers can require a company (e.g., their bank) to share their data with another service provider (e.g., a comparison site) in order to get more tailored, competitive services.

    learn more
  • PSD2

    The Revised Payment Services Directive (PSD2) in the EU requires banks to provide open APIs so customers can securely access their own accounts through third parties. The directive seeks to open up payment markets to new entrants offering consumer-oriented services based on access to account information, leading to more competition, greater choice and better prices for consumers.

    learn more
  • HIPAA

    The Health Insurance Portability and Accountability Act (HIPAA) in the U.S. safeguards patient medical information. Recognizing that advances in electronic health technology could lead to an erosion of privacy of health information, the U.S. Department of Health and Human Services mandated the adoption of privacy, security, enforcement and breach notification rules.

    learn more
how it solves it

give your customers privacy and personalization

Customers are demanding more transparency, visibility and control over their data rights. They want to manage their own privacy preferences for things like opting out of data collection, delegating data access to a family member and granting or revoking consent for specific ways their data is being used. Despite the complexities, industry leaders are spearheading self-service data privacy management because privacy can be a differentiator that builds trust and brand loyalty. Data privacy management solutions help you give customers what they want by providing fine-grained data access based on real-time consent records.

get the brief
how it solves it

empower user data stakeholders

Businesses generate and collect valuable data about customers. Companies have recognized the value of this data beyond just user profile data in a directory. Business stakeholders who collect and own customer data must be responsible stewards, but they’re not all experts in regulatory compliance, data security or IT. Providing a user-friendly interface on top of fine-grained access controls can empower these stakeholders to get involved in data protection initiatives and author and test data access control policies in collaboration with other stakeholders.

how it solves it

take the burden off developers

Building data access policies can often fall on developers. But developers usually don’t have sole responsibility over data security, so they gather requirements from business analysts, security and compliance teams, and they verify that policies are working as designed by confirming with each stakeholder. The friction involved in the process of reconciling competing requirements from multiple stakeholders is tough enough, but the engineering effort to change and push code to build, test and enforce fine-grained policies is tougher. A simple user interface for policy administration lifts the burden on developers by externalizing authorization decisions to business users and eliminating the need to manually code policy into each app. Now, developers can focus on optimizing databases, APIs and other resources for your business.

how it solves it

TACKLE THE ERA OF PSD2 AND

OPEN BUSINESS

Open APIs are changing the face of banking, particularly with allowing customers to securely access their own account data and make direct payments through third-party apps. Beyond banking, companies in every industry are looking to open APIs to enable new digital business models. PingDataGovernance complements existing API gateways to provide fine-grained authorization for API controls, inspect the content of API requests and responses, check user preferences and other attributes, and ultimately allow, deny or sanitize the API data.

the proof

making marketing sense of 100 million customers

OPPORTUNITY

One of America’s largest retailers needed to govern access to the data of their nearly 100 million customers, based on criteria that made them eligible for marketing campaigns. They needed to prevent applications from accessing certain attributes of ineligible customers so they could meet customer privacy expectations and enforce communication preferences.

 

RESULT

The retail giant used PingDataGovernance to centrally define attributes that qualified “marketable” customers. The apps requesting their information were given only the appropriate marketing attributes of customers who qualified and only basic attributes for those who didn’t.
 

read full story product details