Clarip: Fighting for Your Data's Security

By Chrissie Cluney October 24, 2017

Protecting your organization’s or business’s IT system against cyber attacks and possible breaches is of the utmost of importance.

Clarip, Inc. provides technology that assists in the protection of your private information. Andy Sambandam, founder and CEO of Clarip, Inc. recently shared how this company is able to protect your data.

IoT Evolution: The industry talks a lot about security, but most of what they are trying to protect is data. Can you help talk about security from the protection of data side?

Andy Sambandam: We hear a lot about breaches. There is a news story almost monthly, sometimes weekly about a major security breach with the most recent high-profile examples being Equifax and Yahoo. The reality is most security breaches are, in fact privacy breaches. Someone’s data is being lost. Data protection is very important and the EU (European Union) regulation, known as GDPR, requires, among other things, companies to create and employ a “Data Protection Officer”. In most organizations, there is a gap between what Legal/Compliance knows and what is actually happening on the Marketing side. The marketing folks engage with different tech vendors and use tools that depend on “another” third-party, and data flows down the some cases without the knowledge of the compliance person. The data protection is a function that is critical today, since companies are collecting data from multiple channels and engaging with customers and tracking them. 

IoTE: Often the word privacy gets associated with personal information. What are the implications of privacy from a corporate viewpoint?

AS: There are many sides to privacy from a corporate point of view. Regardless of whether or not you are a consumer-facing business, you are handing someone's data. This data could be employee data, corporate customer data, and/or consumer data. Whether you're a retailer, hospital, insurance company, financial institution, or entertainment company, you are likely handling personal information in one form or another. In some cases you handle more data than just name, address, and social security number. Even IP address is considered Personally Identifiable Information (PII).

So when you are looking through a corporate lens, you also need to understand not only what data is being collected, but what data is being shared with partners and how the data is being used. Data is collected under your Brand’s umbrella - so this is a risk you need to understand and handle responsibly. If one of your technology partner is using the collected data in a manner that is not originally intended for, you could face serious liability.            

Understanding customer and/or employee preferences is important because in today’s age, you interact with them across multiple channels. When you have permission, you can engage when and where it matters most without violating one’s privacy. Every person has different preferences and on how they are communicated with and about what. Plus, they want to have more control over what information about them is shared and with whom.

Furthermore, it is critically important for companies to reconcile what is stated in its privacy notice, to what is actually happening in the code on their websites/apps. We have seen in many cases there is data collection and sharing that is occurring that the company is unaware of. So tools that can identify these "gaps" are vitally important. Third-party cookies and beacons must be carefully monitored. Usually the CISO or Chief Privacy Officer's eyes get very wide with concern when they see this information in visual form. 

IoTE: What standards impact the management of data?

AS: For companies who have customers in Europe, they also need to comply with General Data Protection Regulation, or "GDPR". This is a new regulation that applies to any company with customers that reside in EU - whether the company itself is located in the EU or not. This new law, which takes effect in late May 2018, is designed to protect all EU citizens from privacy and data breaches. 

Under the new law, EU data subjects have the right to give or withdraw consent, the right to access personal information, the right to be forgotten altogether from systems, the right to take their personal data with them (portability). The law requires "privacy by design” approach, breach notifications and in some cases appointment of a Data Protection Officer. The penalties for non-compliance are significant. Organizations in breach of GDPR can be fined up to 4% of annual global revenue or 20 Million Euros (whichever is greater). 

IoTE: Internationally, there are rules about where data is stored. How does that impact privacy management strategies?

AS: These rules have big impact in an organization’s technology strategy. Typically we see companies partner with local data centers to handle this. Especially in the EU, with GDPR and other regulations, companies are setting up infrastructure and relying on cloud vendors that guarantee local data centers and servers to store data and run applications from.

As you can imagine, however, the laws in each country are different and ever evolving. The laws in parts of Asia may vary from country to country while in North America, the laws in Canada are different than those in the US. It also puts significant pressure on the CISO, Chief Privacy Officer, and General Counsel in a company to make sure the legal notices are in sync with what's actually happening in software, and that they are complying with local regulations. It is critical to partner with a right privacy management vendor who understands cross border regulation. At Clarip, we use hybrid AI (Artificial Intelligence) to help organizations manage privacy risks, manage customer consent, identify gaps in disclosure notices, and easily implement proactive risk monitoring tools. 

Edited by Ken Briodagh
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
Related Articles

Beyond the Closet, Connecting to IoT

By: Gary Audin    11/11/2020

Two challenges arise when considering cable based IoT.

Read More

Banyan Security Enhances Secure Remote Access for Engineering Resources

By: Ken Briodagh    10/27/2020

Banyan's Continuous Authorization Can Grant or Revoke Access to Sensitive Engineering Environments and Applications in Real-time Based on TrustScore

Read More

Senet Eyes RAN Partnerships as Key to Delivering Network Services for Massive IoT

By: Arti Loftus    10/21/2020

To meet the challenges that come with providing network connectivity for IoT solutions, Senet is executing a strategy for massive IoT that will be bui…

Read More

mimik Selected by 5G Open Innovation Lab to Drive Early Adoption of 5G

By: Ken Briodagh    10/15/2020

mimik's patented Hybrid Edge Cloud platform will boost the performance and reduce the cost of 5G Networks

Read More

5G Sets New Standards for Vertical Industries' IoT Connectivity

By: Special Guest    10/13/2020

As 5G rolls out across the world, vertical industries across IoT are working on additional standards to make the technology suitable for their industr…

Read More