Newsletter & Blog

Data Discovery and Redaction

Do you know where your data is?  I’ll bet you’ll say yes, or course, I know exactly where it all is.  Well, my experience is somewhat different.  It is not uncommon, in the most well regulated of companies, to find that data has been copied or moved around for convenience.  During the pandemic, with most working from home, that has become a particular problem.  Staff working to a cloud environment, with differing levels of broadband services, become highly tempted to log on and download data to be worked on, and then to upload the results, without remembering to delete what’s on their laptop/desk top, or, actually thinking, ‘I’ll just keep that there – you never know when I might need it’.  And so, the companies data is potentially copied many times over.


This causes 2 very time consuming problems.  The first is finding where all this data is, how many instances are actually in use, and how it’s protected.  You may have good protections in place, based on where you think everything is, taking a solid risk managed approach.  But that won’t help you if you have data in locations outside of your main protections.  In fact, it could blow a rather significant hole in your security architecture, rendering it significantly less effective than you thought it was.


The second relates to data protection/GDPR.  Data subject access requests (DSAR), which are requests from individuals requiring you by law, to disclose what data you hold in regard to that person.  Believe me when I tell you that this is a very time consuming business.  You will have to search through mountains of data to find names, gender, postal addresses, email addresses, this list goes on and on.  And if your data has spread into places you didn’t know about, you are in for a long haul.  A relatively simple DSAR submitted by one person to a financial advisor, took a partner off the road for nearly 3 weeks, sorting it out.


To help with this we are offering a software as a service solution called Savannah.  This is a powerful data discovery and redaction system.  Why redaction you may ask?  Several reasons but chief amongst them is that when working on a DSAR for instance, records attached to the subject but containing data not belonging to the subject, may be found.  That data would need redaction before it gets sent to the complainant.


Savannah consists of 3 modules, Discovery Module, Redaction Module and the DSAR Module.  The discovery module discovers the locations of business data (sometimes referred to as dark data, ie data whose location is hidden within the network).  It maps data locations and can be configured to look for specific data.


The redaction module obfuscates information in compliance with GDPR Articles 15 and 16, that has been discovered by the discovery module and marked as personal information.


Finally, the DSAR module finds information relating to a specific data subject.  It will uncover which files on your network and email system contain information that the data subject was unaware of.


Savannah is aimed specifically at SMEs and is therefore affordable and very appropriate.  It is offered as a service and can be kept on a retainer or as a one off, depending upon the requirement.  Pricing will depend on the size and complexity of the organisation but I think you will be surprised and delighted at how affordable this is.