WIXLIB

Data PrivacyManagementRamesh Swaminathan

Housekeeping Tips Today’s Webinar is scheduled for 1 hour The session will include a webcast and then your questions will be answered live at the end of the presentation All dial-in participants will be muted to enable the speakers to present without interruption Questions can be submitted to “All Panelists" via the Q&A option and we will respond at the end of the presentation The webinar is being recorded and will be available to view on our INFASupport YouTube channel and Success Portal.The link will be emailed as well. Please take time to complete the post-webinar survey and provide your feedback and suggestions for upcoming topics.2 Informatica. Proprietary and Confidential.

Feature Rich Success PortalBootstrap trial andPOC CustomersEnriched CustomerOnboardingexperience Informatica. Proprietary and Confidential.Product LearningPaths and WeeklyExpert SessionsInformaticaConcierge withChatbot integrationsTailored training andcontentrecommendations

More InformationSuccess Portalhttps://success.informatica.com4Communities &Supporthttps://network.informatica.com Informatica. Proprietary and ces-and-training/informaticauniversity.html

Safe HarborThe information being provided today is for informational purposes only. Thedevelopment, release, and timing of any Informatica product or functionalitydescribed today remain at the sole discretion of Informatica and should not berelied upon in making a purchasing decision.Statements made today are based on currently available information, which issubject to change. Such statements should not be relied upon as arepresentation, warranty or commitment to deliver specific products orfunctionality in the future.5 Informatica. Proprietary and Confidential.

Data Governance & PrivacyObjective:Operationalizing data privacy governance with Informatica enables a repeatable and reliableframework to comply with the CCPA, new state regulations and beyond to scale, while makingpersonal and sensitive data safe for use in new business value creation to accelerate digitaltransformation.Challenges: 6Unclear data governance policies that vary by privacymandate for inconsistent enforcement mappingUnable to identify information of data subjects(residents, households, etc.) creating riskProliferating PII across systems, increasingexposureApplications and archives lack ability to anonymizepersonal and sensitive data to neutralize a breachData unsafe to expose to applications and users Informatica. Proprietary and Confidential.Informatica Benefits: Automate data discovery, classification, protection,& response by operationalizing data privacy policyand governance plans Understand risk and prioritize remediation Speed up implementation of controls and scale dataprivacy governance as mandates continually evolve Increase business trust and agility through selfservice and automation to unleash new valuecreation—safely!

Data Governance Framework for Privacy Regulations12Define How Our Organization Processes Personal DataCollaborate on privacy policies / rulesDEFINE AND MANAGE GOVERNANCE POLICIESDISCOVER, CLASSIFY AND UNDERSTANDPERSONAL AND SENSITIVE DATAAxonUnderstand Personal Data Risk and ProtectionContinuous risk analysis of sensitive data,simulation of remediationDPM5ANALYZE DATA RISK, ESTABLISHPROTECTION PLANS4 Informatica. Proprietary and Confidential.DPMDPMLink Persons to Their Personal DataIndex identities for identity intelligence and datasubject access rightsConsent360DPM6Protect Data, Respond to Rights RequestsAutomated orchestration and protection, fulfill subjectrights requests, centralize, manage consentsPROTECT DATA, MANAGE SUBJECTRIGHTS AND CONSENTS7Locate and Map Personal DataVisibility across all data platforms and typesDataConsent Security3MAP IDENTITIESTrack Compliance Progress and CommunicateReadiness to Multiple StakeholdersKey risk indicators, visualizations, reportsMEASURE, COMMUNICATE, AUDITREADINESSDPMAxon

Gartner’s view of Privacy Operations8 Informatica. Proprietary and Confidential.

Value For Key Roles Intelligence for dataprotection Automation of protectionand monitoringCISOPrivacyOfficerSensitiveData Safeguard digitaltransformation Integration of datagovernance/securityCDOGDPR/CCPACompliance Discovery, monitoring andprotection of PII data Intelligence on personaldata and identities Continuous assessmentof risk Ability to response tosubject requestsData Privacy Support for Cross-Functional Needs9 Informatica. Proprietary and Confidential.

Data Privacy Management Enterprise-wide data privacy and security intelligence Sensitive data discovery and classification Data subject registry Sensitive data proliferation analysis User activity on sensitive data Multi-factor risk scoring Risk rankings at enterprise, LOB, and departmentlevel Anomaly detection based on user activity Sensitive data policy-based alerting Data protection simulation and planning Workflow for manual or automated dataprotection and risk remediation10 Informatica. Proprietary and Confidential.

Value For Key Roles Intelligence for dataprotection Automation of protectionand monitoringCISOPrivacyOfficerSensitiveData Safeguard digitaltransformation Integration of datagovernance/securityCDOGDPR/CCPACompliance Discovery, monitoring andprotection of PII data Intelligence on personaldata and identities Continuous assessmentof risk Ability to response tosubject requestsData Privacy Support for Cross-Functional Needs11 Informatica. Proprietary and Confidential.

DPM Integration withAxon

Data Privacy and Risk in GovernanceManage Data Privacy and Risk Overlay to show Privacy and Risk Level Insight into Privacy considerations directly through theGovernance console Link to Governance artefacts for complete understanding Facilitate interaction between Governance and SecurityHighlight Data Privacy and Risk Concerns in DataGovernance Practice13 Informatica. Proprietary and Confidential.

Data Governance in Privacy and ProtectionCapabilities Processes and stakeholders in DPM Process overlay for proliferation and data stores Process evaluation and stakeholder notification insecurity policiesIncorporate processes into privacy monitoring andnotification14 Informatica. Proprietary and Confidential.

Data Governance in Privacy and ProtectionCapabilities Processes and stakeholders in DPM Process overlay for proliferation and data stores Process evaluation and stakeholder notification insecurity policiesIncorporate processes into privacy monitoring andnotification15 Informatica. Proprietary and Confidential.

Accelerated Time to Value with EDC IntegrationInformatica Enterprise Data Catalog and ServiceNow CMDB integrationImport data stores andscan results from EDCHighlight policy gaps forincremental scansImport stores fromServiceNow CMDB16 Informatica. Proprietary and Confidential.

Fulfilling Subjectrequests with DPM

Meta model in DPM to supportSubject Registry

Subject Meta ModelData Categories Combination of Data DomainsPurpose Associated to data elements in a data storeResidency Identified during Subject index creation through a configurationLegal Holds Applied to Subjects from the Subjects pageThird Party Shares Associated to Data stores as part of Data Store information19 Informatica. Proprietary and Confidential.

Subject Onboarding

Building your Subject Registry Step 1: Define the Subject Type in a JSON file Step 2: Define Data Extraction SQLs Step 3: Scan for SubjectsLook out for Tech Tuesday on March 16thfor a Deep Dive on this Topic21 Informatica. Proprietary and Confidential.

Subject Request fulfillmentFlow

Select Subject Type Lists all the Subject Types Configured inthe system Select the Subject type of the Subjectyou want the DSAR for Subject Type in a Typical Organization Customer Employee Contractor Vendor23 Informatica. Proprietary and Confidential.

Google like Search for a Subject Keyword search for Subject information Multiple search criteria’s “Optional Search Fields” as perconfiguration24 Informatica. Proprietary and Confidential.

Search results Search results based onIndustry leading identitymatching Algorithm Searches from the SubjectIndex created during Scans Provides Confidence score ofthe match Includes information aboutthe subject in the index toensure the right subject isselected25 Informatica. Proprietary and Confidential.

Subject Details Page Subject Details page providesinformation of the subject available in theIndex Information of all the Data Stores wherethe Subject details are available This information is available because ofthe transactional scans done duringonboarding Provides information on all the previousDSARs run on this Subject Legal Hold can be applied and removedfor a subject from this page26 Informatica. Proprietary and Confidential.

Actions on Subject Information DSAR request can be made from thispage Various Subject related actions Service Management ticket to delegate DSARactions Email Subject Information Export Subject Information for further process All these actions can be performedthrough a API call27 Informatica. Proprietary and Confidential.

Download DSAR Report DSAR report once ready can bedownloaded in multiple format DSAR reports are available in the systemfor a specific period of time After the specified retention period, DSARreports are auto destroyed and have to becreated again28 Informatica. Proprietary and Confidential.

Privacy Workflow – Task delegation Initiate a task for fulfilling Subject requests from DPM through integration withService Management systems Automatic or manual task assignments Status from Service Management tickets is brought back to DPM 29Native integration with Service Now. Pluggable model to integrate with anyService Management products Informatica. Proprietary and Confidential.

Privacy Dashboard

Privacy Dashboard A new dashboard with “privacy-orientedmetrics” Provides one quick view of status ofPrivacy Operations Call to action for critical time-boundSubject related tasks Switch to Security dashboard as required Set default view – “Privacy” vs “Security”31 Informatica. Proprietary and Confidential.

Key Privacy Indicators in Privacy DashboardProvides data on number of subjects in the systemNumber of Subject types in the systemTotal Number of subjects with legal holds in the systemNumber of subjects per Subject typeThis data updates whenever a subject scan runsTrend line of subject requests in the systemUpdates real-time as the requests are made32 Informatica. Proprietary and Confidential.Number of data stores with subject data in the systemNumber of data stores where data is shared with third parties

Metrics in Privacy DashboardTop Data Stores by SubjectsLists top data stores that have subject informationList ordered by the number of subjectsClicking on the Number of Sensitive Fields will openthe data store pageSubject Data By LocationVisual map view of data store locationsContains only those data stores that have subject dataMap can be filtered by different regions33 Informatica. Proprietary and Confidential.

Metrics in Privacy Dashboard (Cont’d)Subject Requests by Due dateLists all the Subject requests that are open or in warningAll the requests are listed by the descending order of thedue date by which the request must be closedRequests will be removed from this list when closedClicking on a specific request will navigate to the task pageSubject Requests by TypeVisual graph of all requests in a given time periodProvides details of the type of requests with their countUser can view the graph for the current week, month or year34 Informatica. Proprietary and Confidential.

Breach Reporting