CCPA/CPRA Data Mapping: The Why, What, and How
How often does the word “right” show up in the text of the CCPA/CPRA?Read Now
October 5, 2022
When you have just one website that needs to comply with data privacy regulations, compliance can be a straightforward task (even if it isn’t necessarily easy). But if your business has multiple websites to manage, compliance becomes exponentially more complicated.
Not only do you need to manage consents, data subject access rights (DSAR) requests, and more for each, but you also need to keep the sensitive data associated with each domain separate. Anytime a stakeholder has access to data that they don’t need access to, it represents a security risk. As the level of undue access increases, so too does your risk.
Like other compliance solutions, Osano enables administrators to assign different user roles with different permissions. We also provide a feature called Organizations, which gives Osano users another degree of control over who has access to what. For businesses interested in achieving compliance at scale, it’s an essential part of their data privacy toolkit.
Here’s everything you need to know about Osano Organizations and a few examples of how our customers have benefitted from this critical feature.
Organizations are one tool in the Osano platform that enable you to adhere to the tenet of least privilege access. In combination with user roles and permissions levels, Organizations lets you define which users have access to which features in the Osano platform.
Organizations enables you to create silos for consent management configurations or DSAR forms. That means only users who have been assigned to a given Organization can access a given consent management configuration or DSAR workflow, thereby limiting the degree of access to data hosted in the Osano platform.
Here’s how it works:
Any business (but especially enterprises) needs to adhere to security best practices. Among the Center for Internet Security’s (CIS) 18 Critical Security Controls is access control management — that is, managing who can access what.
Enterprises using Osano can define user roles and permissions to manage access, but Organizations gives them an extra tool to manage access more granularly. These businesses often have many sub-companies and individual domains, so they need a way to define who has access to the different consent configurations and DSAR workflows. Organizations gives them an easy and fast way to manage their employees’ access.
For web agencies and similar businesses with a portfolio of clients, the ability to quickly roll out solutions in a standardized way to their entire portfolio is essential. When an agency can centrally manage a key element of their entire client base's website, they save time and effort that would otherwise be spent developing and troubleshooting tailored one-off solutions. As a result, they increase their margin.
Osano can be used to manage consent configurations and DSAR forms for an agency’s entire book of clients, but those clients obviously shouldn’t be able to access each other’s consent configurations or DSAR data. Organizations enables agencies to segregate configs and DSAR forms on a client-by-client basis.
What’s more, agencies can use Organizations to flexibly determine who is responsible for handling consent configurations or DSAR requests:
When merging or being acquired, many businesses need to quickly meet the same technical, organizational, and security standards set by the merging or acquiring business. Integrating one business with another is already a challenge, so businesses undergoing an M&A strive to make the post-M&A process as smooth as possible.
Many of our customers came to us because they know Osano is quick and easy to implement. But speed and simplicity aren’t everything; these businesses also need to ensure they’re meeting all the security standards of their partner organization, and that includes robust access control. In addition to the ease of initial setup, Osano’s Organizations’ feature ensures that these businesses can keep consent management and DSAR workflows limited to only those who need access during and after the M&A process.
Speed-to-market is essential when launching a new product, but it shouldn’t come at the cost of security. Many of our customers came to Osano in search of a compliance solution that would be fast to set up and that featured access controls like Organizations. Having access to both meant they could be faster releasing new products or launching new websites without getting bogged down in the security and compliance process, or worse — foregoing that process entirely.
As part of complying with data privacy laws, businesses need to adopt reasonable security practices. And a part of what makes for “reasonable security” is robust access control management.
Osano helps you comply with both the explicit requirements of data privacy laws, like consent management, DSAR management, and more, as well as the more open-ended requirements like adopting reasonable security practices. Schedule a demo with us today to see how Organizations and our other access features can help you stay compliant.
Matt Davis is a writer at Osano, where he researches and writes about the latest in technology, legislation, and business to spread awareness about the most pressing issues in privacy today. When he’s not writing about data privacy, Matt spends his time exploring Vermont with his dog, Harper; playing piano; and writing short fiction.