As a core component of Ethyca's privacy platform, Atlas allows you to fulfill data subject requests on the most complex part of your owned infrastructure: your databases.
It can be useful to think of Atlas as the counterpart to Ethyca's data integrations. Data integrations act like a bridge for Ethyca to manage data in your business' 3rd-party SaaS applications like Mailchimp and Zendesk. But most businesses also have highly custom databases on owned infrastructure that are built on the likes of MongoDB, Snowflake, or RedShift. For truly automated privacy compliance, you also need a tool for implementing data privacy controls in those owned databases too. That's where Atlas comes in.
Importantly, Atlas lives in your company's infrastructure. Your data never leaves your company.
Your Atlas deployment interacts with Ethyca's web services only to exchange basic information that never reveals the structure of your databases. Atlas polls Ethyca's web services to retrieve the queue of Data Subject Requests. Then, Atlas notifies web services of your databases' responses to those DSRs.
Suppose that one of your users, a California resident, submits a request for their information to be deleted from your company's data systems. To respect their data rights protected under the CCPA (and its successor, the CPRA), your team must take a comprehensive inventory of your systems to identify and remove that user's information. Atlas streamlines this otherwise time-intensive task by automatically orchestrating all the appropriate database operations -- in this case, information deletion and pseudonymization -- across all of your database, no matter how custom your schemas are.
Another common use case is an access request: a user may contact your company asking to receive a copy of all personal information you hold about them. Atlas helps you standardize databases so that you can promptly deliver on these access requests with outputs that are both comprehensive and readable.
Atlas is known for its flexibility. More flexible than any other tool on the market, Atlas works with a variety of database types: both SQL and NoSQL. It is compatible with a growing number of databases such as MongoDB, Snowflake, Databricks, Redshift, MySQL, PostgreSQL, and Microsoft SQL.
To get Atlas up and running, Ethyca's Privacy Success team will help you get started with the latest version of Atlas. The team will provide the necessary API key for your Atlas deployment. You can customize a variety of Atlas settings for fulfilling DSRs, including:
- How often your Atlas instance polls Ethyca's web services for pending DSRs
- How many DSRs your Atlas instance runs concurrently
Once you have Atlas deployed, you can start setting up connections to your infrastructure's databases. Using your log-in information for the Ethyca Control Panel, you can access your Atlas deployment.
In the clip below, you can see how Atlas connects with your in-house databases. After providing a database's basic credentials and fine-tuning the access/erasure permissions, you will have a successful connection. Just to make sure the connection works, Ethyca instantly and automatically checks the connection upon set-up.
It is vital for teams to know where they store all personal data across business systems. With databases connected via Atlas, you can review your databases and identify personally identifiable information (PII) in each table. Ethyca offers two approaches for PII mapping:
- We can provide your team with a .yaml file to provide the mapping
- You can use the user interface to map the PII yourself
Because Atlas instantly and actively connects to the schemas of your proprietary databases, there's no need to hunt down disparate engineering teams in your organization to find out where PII lives. Atlas serves you a holistic view of the database tables and columns where you can easily identify where your PII resides and how to surgically access and delete information. The mapping actions for include:
- A customizable label for each data type that is easily readable for customers who submit an access request; for instance, you could label the analytics_customer_id column as "Your ID in our analytics."
- The particular category of PII for a given data type
- A customizable masking strategy to be executed when a customer submits a deletion request; for instance, you can choose to literally remove data from your databases, or you could implement a pseudonymization strategy like cryptographic hashing
- Any relevant relationships between data types
This exercise of identifying personal data in Atlas automatically sources your overall data map, which fulfills the GDPR's Article 30 RoPA requirements and inventories personal data throughout your company. Knowing where all personal data resides is foundational for compliance with today's privacy regulations like CCPA and GDPR.
If you have any questions about Atlas, please reach out to us at [email protected]
Updated 3 months ago