Control

Regain control of personal data

Know exactly where you handle data with the worldwide IP and Domain Map and see all cookies set on your website with the Cookie Tracker. See all customer, prospect, and employee data in a Personal Data Inventory, including email addresses, identification numbers, and more. 

Comply

Respect privacy requests

Laws related to data privacy regulate the access and deletion of personal information. For instance, GDPR stipulates that anyone whose data has been collected and processed in the EU has the "right to be forgotten." Use the Universal Search function to instantly locate their data on any web page or within the metadata of PDFs, documents, and images. From there, create an in-tool plan to remove their data and be sure it gets flagged if it pops up again. 

Document

Show your compliance track record

Governing personal data on your website—and being able to prove it—is key to data privacy compliance. Minimize risk by implementing site-wide Data Privacy and Security policies that instantly catch potential risks to personal data, like exposed credit card or ID numbers. Every action your team takes within the platform is also logged in the User Actions Log, helping you document compliance efforts to management and authorities. 

IP and domain map

No matter how long your organization has been around, it’s possible you've forgotten about certain domains or IP addresses—which means forgotten data. Displayed in a global map, Siteimprove identifies all domains and IP addresses possibly associated with your organization so you can be sure no one’s personal data slips through the cracks. 

The Siteimprove IP and Domain Map shows you: 

  • Who registered the domain or IP address 
  • When it expire 
  • Option to reject domains that you do not own 

Personal data inventory

To keep personal data secure and to strengthen your data privacy practices, you first need a complete overview of the personal data your organization handles. Siteimprove Data Privacy runs regular scans across your domains to pinpoint and compile identifiable information, including: 

  • Email addresses 
  • Phone numbers 
  • ID numbers 

Data privacy and security policies

Predefined privacy and security policies keep you on track by scanning and flagging your website for potential problems like: 

  • Exposed credit card numbers 
  • Pages linking to unsafe domains 
  • HTML forms on unsecured HTTP pages 

You also have the ability to create custom website policies within Siteimprove Policy. 

User actions log

Get an overview of all the actions your team takes within the Data Privacy module. By keeping track of these, your compliance efforts are transparent to management and compliance authorities.  

The User Actions Log will chronologically show you:

  • Specific action taken
  • Date and time of the action
  • The specific feature in which the action was taken

Data Privacy F.A.Q

Data privacy management refers to the handling of sensitive and/or personal information in a proactive and responsible manner.  

Organizations that collect or store such data must ensure they do it in a way that: 

  1. Obtains the data in a legal and transparent way 
  2. Ensures that the data is used and shared appropriately 
  3. Is compliant with relevant local regulations 

For many organizationsthe personal data that they collect and store is their key – if not their primary – asset. 

At the same time, it’s critical for these organizations to maintain customer trust. To retain this goodwill, they must demonstrate that their collecting, storing, and processing of sensitive or personal consumer data is handled with the utmost care.  

Organizations that are careless with this information risk losing money, business, and even their reputations. 

Legal concerns are another pressing reason to focus on good data privacy healthMany countries, particularly in the European Union and North America, are adopting increasingly stringent personal data and privacy regulations. Going forward, implementing robust data privacy management processes will be essential for staying compliant with the law. 

Data privacy mainly governs the handling of so-called “sensitive” dataSensitive data tends to fall into the following categories: 

  1. Personally identifiable data: Any piece of information that can be used to identify and track an individual, either directly (e.g. social security number) or indirectly (e.g. pseudonyms). 
  2. Confidential data: This covers private information that is not intended for public dissemination. Confidential data includes certain financial figures, protected intellectual property information, and so on. 

There are some notable exceptions to the types of information that are subject to data privacy protection. The two broad exclusion areas are: 

  1. Non-sensitive personally identifiable informationThis refers to cases where personally identifiable information can be otherwise obtained from public sources like phone books, open internet forums, and business directories. 
  2. Non-personally identifiable informationThis is data that can’t be traced to a specific person. In the online context, this can be any anonymized and/or aggregated data like your users’ device usage, their browsers, or masked IP addresses. 

While there’s certainly some overlap between them, data privacy and data security are two different fields. 

Data security refers to how well you protect sensitive data from unauthorized access by external third parties or internal bad actors. This often involves the use of web security measures to prevent damaging data breaches or hacks. 

Data privacy, on the other hand, refers to the way your organization itself handles that data or shares it with others. It is about the internal processes you put in place, how you train your staff, and how transparent you are in collecting the data in the first place. 

When operating in the US, it’s important to keep in mind and comply with the following data privacy regulations. 

HIPAA for healthcare 

The Health Insurance Portability and Accountability Act (HIPAA) governs the way organizations use an individual’s health information. It’s relevant for the following types of companies: 

  • Healthcare providers 
  • Healthcare insurance companies 
  • Healthcare clearinghouses 
  • Any organization or person that comes in contact with sensitive health information as part of their work activities 

GLBA for financial institutions 

The Gramm-Leach-Bliley Act (GBLA) requires financial service providers that work with individuals to be explicit in explaining their data sharing practices to their customers. Istates that organizations should take careful steps to protect sensitive data and decrees that they allow people to opt-out of sharing such data in the first place. It’s relevant for the following businesses: 

  • Financial institutions like banks 
  • Companies offering financial products or services like loans or insurance 
  • Companies that provide finances-related consulting like investment advice 

GDPR for US businesses dealing with the EU  

The General Data Protection Regulation (GDPR) is the key piece of EU legislation that governs the way companies collect and process the data of EU citizens.  

The GDPR states that this data must be obtained with the individual’s informed consent and can only be used in a secure and confidential manner.  

This law applies to any entity that processes the data of EU citizens, regardless of whether that entity is itself located in the EU. This includes organizations using this data in the course of doing business with EU citizens, but it also covers any organization collecting such data for survey or analysis purposes. 

CCPA in California 

The California Consumer Privacy Act (CCPA) gives the residents of California additional privacy protection compared to the rest of the US. The law requires that a business actively informs customers in California about its data privacy practices. 

CCPA also grants Californians specific privacy rights, which include: 

  • The ability to access and delete their personal information collected by a business 
  • The right to opt-out of having their personal information sold 
  • Protection from being discriminated against for exercising these CCPA rights  

Siteimprove Data Privacy can help you achieving CCPA compliance.