PK Protect uses the notion of Data Groups or Data Source Groups to provide isolation between different sub-organizations within an organization. It is a form of multi-tenancy, just for the DSAR capability. Data Group, Data Source Group and Groups are synonymous under the Privacy module.
Let’s take an example of an ecommerce organisation where we can have two different types of account Buyer and Seller. The Data Subjects pertaining to these two businesses are different, and so are the systems that contain the Data Subject information. In this case, the administrator would create two Data Source Groups, one for Buyers and the other for sellers. Systems containing Data Subject information for the Buyers business will be added to the Buyers Data Source Group. The list of Data Subjects for the Buyers business will also be associated with the Buyers Data Source Group. A similar set of associations will be made for the Seller business.
A Data Subject is an entity that has identifying information such as name, address, email ID, SSNO, and CCNO. These pieces of identifying information are called Identifiers. The name and datatype of an identifier are specified while creating the identifier in PK Protect. The values of identifiers for a given Data Subject are entered while adding that Data Subject to the system. The rules defined in Data Group helps in identifying the Data Subject’s entries in the source systems while retrieving the data in response to a DSAR request.
For example, in the below table, Jane Doe, John Doe and John Douglas are the Data Subjects. These Data Subjects have identifying information such as the Name, SSNO, Region in which they reside, and Email IDs.
In PK Protect, there are three ways to add the Data Subjects:
By uploading a file containing data subject details, with known format
By uploading a file containing data subject details, with unknown format
To establish an identity for a Data Subject, we need to know it identifying attributes or features. Name, Phone, SSNO, CCNO, Email, Phone Number, etc. are examples for identifying features of a Data Subject. Such attributes are known as Identifiers. The values for identifiers are provided at the time of adding the Data Subject. Identifiers serve as the basic building block in finding Data Subjects.
There are two types of Identifiers within PK Protect.
These identifiers help in identifying a Data Subject uniquely. These strong Identifiers are also the ones required to retrieve information related to the Data Subject multiple sets of systems. Examples of strong identifiers are Credit Card Number, Social Security, and Email Address.
Mandatory identifiers are mandatory only for the Privacy Screens and not for the Automated DSAR flow. They are used for slicing and dicing the Data Subject information in the Privacy Screens. Examples are Region, Country, Zip Code, Department, and Organization.
E.g., in the above table Jane Doe, John Doe and John Douglas are the Data Subjects. The attributes of the Data Subjects i.e., their Name, SSNO, Region and email_id are the Identifiers. The email_id and SSNO are the Strong Identifiers since they uniquely identify each Data Subject. The Region is a Mandatory Identifier.