1 Introduction

The protection of sensitive customer data has become a critical issue of our modern times, especially for organizations that collect and maintains an individual’s information.

Privacy laws, regulations, and initiatives are proliferating to address the growing concerns over the use and control over personal data. The European Union’s General Data Protection Regulation (GDPR), seen mostly in the headline in recent times, gives Europeans the right to control their personal information collected by organizations. In other parts of the world other, the Asia-Pacific Economic Cooperation (APEC) initiated Cross-Border Privacy Rules (CBPR) which focuses on building trust between consumers and organization as individual’s data flows between APEC economies. This is accomplished by requiring participating APEC organizations to implement data privacy policies that conform to the APEC Privacy Framework. Also, in the US, personal data breaches such as at Experian and the Facebook - Cambridge Analytica scandal are compelling legislators in individual states to implement their data privacy laws. The state of Vermont passed a law that requires data brokers to register with the government, inform people on how to opt-out, what is collected and when their data has been breached, as well as giving individuals legal recourse when their data has been abused. The state of California is going further by introducing new rights for consumers regarding the privacy and use of their data. The California Consumer Privacy Act was recently enacted and will take effect in 2020. It’s anticipated that growing momentum for individual data privacy will eventually lead to a more uniform law at the federal level to provide consistency across all states sometime in the distant future.

Other US regulations designed to protect consumers is the NY DFS Cybersecurity Regulation (23 NYCRR 500) that requires New York banks, insurance companies, and other financial services institutions that are regulated, to assess their cybersecurity risk profile. This regulation includes providing audit trails showing that data retention is held for only three years rather than the previous standard five-year data retention period.

For organizations that must comply with these laws and regulations face new challenges and compliance risks. Organizations today are required to know where their user data resides, categorize the data's level of vulnerability, impact, and risk to the organization and ensure that they remain in compliance to meet many different regulations. Some solutions came into being to help address some aspects of these issues, such as Identity Governance and Administration (IGA), which was initially driven by regulations such as SOX that required organizations to ensure separation of duties (SOD) as a means to prevent accounting fraud. But IGA only covers a subset of the data compliance requirements. A comprehensive solution is needed that uses data intelligence to provide governance, privacy, and protection of customers data.

BigID assists organizations with their data compliance requirements by helping them find, categorize and map their data at scale. Founded in 2016, BigID is small by growing company with 7x year-over-year growth performance. BigID is headquartered in New York with offices in Tel Aviv, London, Stockholm, Zurich, Singapore, and Sao Paolo.