Privacy Permissions: An Undervalued Accelerant of Governance

Nathan Siegel
Nathan Siegel
Jun 26, 2023
min read
Privacy Permissions: An Undervalued Accelerant of Governance

A common idea in automation is that everything can and should be automated. The ideal vision of an automated workplace involves us comfortably stationed at our desks, focusing on creative pursuits while supervising automated processes that effortlessly handle our tasks. This idea holds appeal, but its viability in every context is questionable.

In environments like factories, where factors remain static and inputs are consistent, automation proves effective. Connecting cogs together follows a predictable pattern. However, in the realm of privacy compliance, this approach falls short. For the average business, each function within their microservices architecture, internal tools and databases introduces a new variable to consider when safeguarding personal data.

Every time a new employee is added as a user to a software system, a potential point of vulnerability emerges, necessitating evaluation within the privacy program. When employees utilize newly downloaded software-as-a-service (SaaS) tools for their roles, concerns arise: How can we ensure the security of these tools? Are they processing customer data?

While automating these determinations is becoming increasingly feasible, it requires accurate information from the right people, if the privacy professionals responsible for compliance within their organizations are expected to make informed decisions. Can we automate word of mouth?

Enhancing Collaboration in Privacy

Regardless of the tools employed to manage privacy, collaboration remains a constant within organizations, and that is perfectly acceptable. When privacy-related incidents occur, the most straightforward approach often involves physically engaging with the individual who downloaded the SaaS tool, posing questions such as: What is its purpose for processing personally identifiable information (PII)? What types of data does it handle, and who else has access to it?

However, it is crucial to conduct this interaction in a non-intrusive and unburdensome manner for other departments. Historically, our MineOS platform has included the roles of Agents and Reviewers. Agents possess the ability to configure the platform, while Reviewers receive prompts regarding data assets and offer seamless feedback. This month, we introduce a new role: the Admin.

Similar to Agents, Admins possess the freedom to modify settings and configure MineOS. However, Admins also have the authority to invite new Agents. Essentially, this new role represents a superior position to be entrusted to the individual responsible for managing and delegating privacy operations.

This development is significant as it grants MineOS greater flexibility in facilitating intra-company privacy-related communications. Total asset ownership becomes possible, alongside casual prompted feedback concerning data sources. For things like handling DSRs or vetting a new data source or data type, due diligence is possible with any number of workflows.

Cutting Privacy Overheads

The cost-cutting benefit for users lies in MineOS's three-layer role system combined with our AI tools. Depending on the organization's scope and capabilities, the privacy data inventory can be developed autonomously using contextual analysis by Mine AI. To support this process, collaboration is easy, simply click on any data asset and solicit feedback from the "Power User", who can answer directly to the platform via email. A third option, largely suited to enterprises, involves complete ownership by assigning the Power User as an Agent, and delegating verification and detailing responsibilities to them.

This speaks to the idea of automation not being perfect everywhere. It’s hard to automate the retrieval of pertinent information from the relevant source, but it is easy to recognize and streamline common workflows for doing so. With MineOS, regardless of how your responsible privacy person goes about building and verifying the company’s data inventory, the process is easier and as seamless as possible - and that’s something worth writing about.