


Control
Regain control of personal data
Know exactly where you handle data with the worldwide IP and Domain Map and see all cookies set on your website with the Cookie Tracker. See all customer, prospect, and employee data in a Personal Data Inventory, including email addresses, identification numbers, and more.
Comply
Respect privacy requests
Laws related to data privacy regulate the access and deletion of personal information. For instance, GDPR stipulates that anyone whose data has been collected and processed in the EU has the "right to be forgotten." Use the Universal Search function to instantly locate their data on any web page or within the metadata of PDFs, documents, and images. From there, create an in-tool plan to remove their data and be sure it gets flagged if it pops up again.
Document
Show your compliance track record
Governing personal data on your website—and being able to prove it—is key to data privacy compliance. Minimize risk by implementing site-wide Data Privacy and Security policies that instantly catch potential risks to personal data, like exposed credit card or ID numbers. Every action your team takes within the platform is also logged in the User Actions Log, helping you document compliance efforts to management and authorities.



Data Privacy F.A.Q
What is Data Privacy Management?
Data privacy management refers to the handling of sensitive and/or personal information in a proactive and responsible manner.
Organizations that collect or store such data must ensure they do it in a way that:
- Obtains the data in a legal and transparent way
- Ensures that the data is used and shared appropriately
- Is compliant with relevant local regulations
Why is Data Privacy so important?
For many organizations, the personal data that they collect and store is their key – if not their primary – asset.
At the same time, it’s critical for these organizations to maintain customer trust. To retain this goodwill, they must demonstrate that their collecting, storing, and processing of sensitive or personal consumer data is handled with the utmost care.
Organizations that are careless with this information risk losing money, business, and even their reputations.
Legal concerns are another pressing reason to focus on good data privacy health. Many countries, particularly in the European Union and North America, are adopting increasingly stringent personal data and privacy regulations. Going forward, implementing robust data privacy management processes will be essential for staying compliant with the law.
What type of data is included in Data Privacy?
Data privacy mainly governs the handling of so-called “sensitive” data. Sensitive data tends to fall into the following categories:
- Personally identifiable data: Any piece of information that can be used to identify and track an individual, either directly (e.g. social security number) or indirectly (e.g. pseudonyms).
- Confidential data: This covers private information that is not intended for public dissemination. Confidential data includes certain financial figures, protected intellectual property information, and so on.
What are the types of data not included in Data Privacy?
There are some notable exceptions to the types of information that are subject to data privacy protection. The two broad exclusion areas are:
- Non-sensitive personally identifiable information: This refers to cases where personally identifiable information can be otherwise obtained from public sources like phone books, open internet forums, and business directories.
- Non-personally identifiable information: This is data that can’t be traced to a specific person. In the online context, this can be any anonymized and/or aggregated data like your users’ device usage, their browsers, or masked IP addresses.
What are the differences between Data Privacy and Data Security?
While there’s certainly some overlap between them, data privacy and data security are two different fields.
Data security refers to how well you protect sensitive data from unauthorized access by external third parties or internal bad actors. This often involves the use of web security measures to prevent damaging data breaches or hacks.
Data privacy, on the other hand, refers to the way your organization itself handles that data or shares it with others. It is about the internal processes you put in place, how you train your staff, and how transparent you are in collecting the data in the first place.
What kind of Data Privacy regulations are there in the US?
When operating in the US, it’s important to keep in mind and comply with the following data privacy regulations.
HIPAA for healthcare
The Health Insurance Portability and Accountability Act (HIPAA) governs the way organizations use an individual’s health information. It’s relevant for the following types of companies:
- Healthcare providers
- Healthcare insurance companies
- Healthcare clearinghouses
- Any organization or person that comes in contact with sensitive health information as part of their work activities
GLBA for financial institutions
The Gramm-Leach-Bliley Act (GBLA) requires financial service providers that work with individuals to be explicit in explaining their data sharing practices to their customers. It states that organizations should take careful steps to protect sensitive data and decrees that they allow people to opt-out of sharing such data in the first place. It’s relevant for the following businesses:
- Financial institutions like banks
- Companies offering financial products or services like loans or insurance
- Companies that provide finances-related consulting like investment advice
GDPR for US businesses dealing with the EU
The General Data Protection Regulation (GDPR) is the key piece of EU legislation that governs the way companies collect and process the data of EU citizens.
The GDPR states that this data must be obtained with the individual’s informed consent and can only be used in a secure and confidential manner.
This law applies to any entity that processes the data of EU citizens, regardless of whether that entity is itself located in the EU. This includes organizations using this data in the course of doing business with EU citizens, but it also covers any organization collecting such data for survey or analysis purposes.
CCPA in California
The California Consumer Privacy Act (CCPA) gives the residents of California additional privacy protection compared to the rest of the US. The law requires that a business actively informs customers in California about its data privacy practices.
CCPA also grants Californians specific privacy rights, which include:
- The ability to access and delete their personal information collected by a business
- The right to opt-out of having their personal information sold
- Protection from being discriminated against for exercising these CCPA rights
Siteimprove Data Privacy can help you achieving CCPA compliance.
Data privacy resources
Keep working towards data privacy compliance with our latest eBooks, webinars, and more.