Privacy At Partners

Overview

The Privacy At Partners feature in LightBeam's data security and privacy system is designed to provide organizations with insight and control over data shared with external parties. This guide explains how this feature operates to promote transparency and compliance with data privacy regulations.

What is LightBeam Privacy At Partners?

The Privacy At Partners module in LightBeam automatically detects all partners with whom data has been shared, analyzing email metadata and file-sharing data. This function includes identifying external recipients and instances of Personally Identifiable Information (PII) shared via emails or files.

For example, if an email was sent from a user within an organization to an external domain, this recipient would be categorized as an external member, and if the email contained PII, this data would also be recorded.

The system extracts domain names from these interactions, marking them as partners. For instance, domains like 'hitanosecurity.com' or 'lightbeam.ai' are considered partners when they appear in the email or file-sharing data.

What does Privacy At Partners do?

1. Automatic Partner Detection:

   • The system scans integrated data sources for interactions with external entities, such as emails sent or files shared.

   • Identifies and categorizes detected domains or entities as potential external partners.

   • Offers insights into the type and frequency of shared data with each detected partner.

2. Manual Partner Addition:

   • Users can manually define and onboard external partners.

   • Allows input of partner-specific metadata including:

     • Reason for data sharing.

     • Contract URL.

     • Partner ID and manager details.

3. Attribute Definition for Data Sharing:

   • Users can define permissible data attributes for each external partner. Attributes refer to specific data types or pieces of information.

   • The system logs and monitors the types of data shared with each partner against the defined permissible attributes.

4. Comprehensive Dashboard and Analytics:

   • Offers a user-friendly interface displaying:

     • A list of all external partners.

     • Data attributes shared with each partner.

     • Count and details of objects (files, emails, etc.) shared.

   • Provides drill-down capability to view specifics of shared objects with each partner.

5. General Email Filtering Mechanism:

   • Recognizes common public email domains (e.g., gmail.com, yahoo.com) and categorizes them under 'External emails'.

   • These generic domains are separated from specific partner domains to avoid data noise and enhance accuracy.

How to Use Privacy At Partners?

External Members in Datasources

1. On the main dashboard, locate and click on the "Datasources" tab.

2. Browse through the list of datasources that have been registered by your organization.

   • For instance, click on "Google Drive" if it's among the registered datasources.
3. Once inside the datasource dashboard, look for the left navigation panel.

   • Click on "External Members" located in the panel.

4. Identify Mail IDs marked as external interactions, signifying that PIIs have been shared outside the primary domain of your organization.

From the Mail IDs listed here, we can find the partners with whom data has been shared from the organization.

Here, the partners are Gmail.com, HitanoSecurity.com, ZB.io, LightBeam.ai, Outlook.com and Comcast.com

Privacy At Partners finds these partners automatically by analyzing email metadata and file-sharing data.

External Members in Privacy at Partners

1. Return to the main dashboard. Click on Privacy At Partners in the Top Navigation Menu.

2. All the external partners within the Google Drive datasource along with partners detected through other datasources should be visible on the next screen.

   • Manually cross-check this list with your earlier detections from the email IDs for consistency.

Privacy At Partners categorizes certain widely-recognized email domains. For example, mail IDs from domains like Gmail.com and Outlook.com are automatically labeled and transferred into the "External Email" category, given their public nature.

To know more about a specific partner, click on the name of the partner.

For example, if you wish to know more about Comcast.com, click on the panel on the top-left of the screen.

When you click on the panel representing Comcast.com, several sections provide detailed insights into the interactions and shared data with Comcast.

A. Overview

This section provides a snapshot of data exchanges with Comcast:

• No. of Objects with PII: Refers to the number of shared objects containing Personally Identifiable Information. In this case, there are 2 objects with PII shared with Comcast.

• Attributes: LightBeam Spectra monitors a system for specific sensitive data elements, such as SSN, Name, etc. These sensitive data elements are referred to as Attributes. Here, 7 unique attributes were shared.

• Entities: LightBeam Spectra associates attributes based on the context and identifies whose data it is and these are called Entities. 20 unique entities have been shared with Comcast.

• Attribute Instances Distribution Across Attributes: An aggregate number of all the attribute instances, which in this context is 58.

• Attribute Instances: This is a breakdown of the specific attributes and their respective counts shared with Comcast:

  • Gender: 2

  • USA Social Security Number (SSN): 1

  • Birth Date: 1

  • Address: 14

  • Email Address: 19

  • Rest (Other unspecified attributes): 21

• Object Shared From Data Sources: Details the source from which the data objects were shared. In this scenario, both objects were shared from Google Drive.

Alerts

The alerts section is pivotal for identifying potential data issues or concerns:

• Unresolved Alerts: These signify ongoing issues or alerts that haven't been addressed:

  • A timeline representation (today, age 1-7, age > 30) showcases how long an alert has remained unresolved. This can be visualized with the corresponding '# of Days' and '# of Alerts' metrics.

• Critical Alerts: These are immediate concern alerts. For Comcast, there are two critical alerts:

  1. Internal User Attribute Policy-lb-google-drive from 5 months ago.

  2. External User Policy-lb-google-drive from 5 months ago.

Both these alerts provide an "Assign" action, which lets you delegate the responsibility of addressing these alerts to appropriate team members.

B. Objects Shared:

When you delve into the "Objects Shared" section, you'll find a comprehensive view of the data items that have been exchanged.

• Data Sources: This tab will present a detailed breakdown of where the shared objects come from.

  • GOOGLE_DRIVE: As per the current context:

    • Total Objects: It's indicated that 2 objects have been shared from Google Drive.

    • Attribute Instances: A total of 58 instances of attributes have been shared from this source.

• Senders: Here, you will find details about who shared these objects.

C. Entities

• Search Bar: Allows users to search for a specific entity by name or type.

• Displayed Information:

  • Name: This is the name of the entity.

  • Risk: The risk level associated with the entity. "AT RISK" signifies that there might be potential threats or vulnerabilities associated with this entity based on the data shared.

  • # of Attributes: This indicates the total number of distinct attributes associated with the entity.

  • # of Objects: Refers to the number of shared objects associated with the entity.

  • # of Data Sources: Shows from how many different data sources the entity's data has been shared.

  • Entity Type: Defines the nature of the entity, for example, whether it's a human, an organization, etc.

D. Attributes

• Listed Attributes: Attributes are listed based on their type. Beside each attribute type, you'll find the number of objects associated with it, its risk level, and the number of instances where the attribute appears.

• Displayed Information:

  • Number of Objects: Indicates the number of shared objects where the attribute appears.

  • Attribute Instances: Specifies the total count of this specific attribute across all shared data.

Filter Options: Attributes can be filtered based on categories such as Classification Status, Sensitivity and Attribute Name to help streamline and categorize the data for easier analysis.

View Options:

1. Grid View: Attributes are displayed in a grid format, providing a quick snapshot of each attribute type.

2. List View: Each attribute is displayed in a linear manner, one item after the other, in rows. Each row represents an attribute.

E. Alerts

For each alert, the following information is presented:

1. Alert Name: This describes the nature of the alert. Both alerts appear to be related to policies on Google Drive: one concerning an internal user attribute and the other concerning an external user. Both alerts are categorized under "Information Exposure", suggesting that sensitive information might have been exposed or accessed in a manner that was not intended or secure.

2. Assignee: This indicates the individual or team responsible for addressing the alert. In both cases, the assignee is "pd@lightbeam.ai", suggesting that either a person or a team associated with that email address is in charge of resolving these issues.

3. Last Occurred: This denotes when the alert was last triggered or detected. For both alerts, the incident happened "5 months ago".

Manual Onboarding of Partners

To manually add a Partner, return to the main dashboard. Click on Privacy At Partners in the Top Navigation Menu.

Click on Onboard a Partner.

Enter the general details of the partner:

• Partner Name: Name of the partnering company or entity.

• Data Exchange Purpose: Reason for exchanging data with the partner.

• Domain: The website domain belonging to the partner.

• Partner Manager: The individual responsible for managing this partnership.

• Contract URL: Link to the partnership or collaboration contract.

• Partner Contact: Contact details or point of contact from the partner's side.

Once all the details have been filled in, click on Save to onboard the partner.

You'll be redirected to the main 'Privacy At Partners' page where the newly onboarded partner should now be listed.

If you need to make any changes or updates to the partner's details, locate their name and click on the 'Update Partner' option.

By following these steps, you should be able to successfully onboard new partners and manage their information as needed.

About LightBeam

LightBeam automates Privacy, Security, and AI Governance, so businesses can accelerate their growth in new markets. Leveraging generative AI, LightBeam has rapidly gained customers’ trust by pioneering a unique privacy-centric and automation-first approach to security. Unlike siloed solutions, LightBeam ties together sensitive data cataloging, control, and compliance across structured and unstructured data applications providing 360-visibility, redaction, self-service DSRs, and automated ROPA reporting ensuring ultimate protection against ransomware and accidental exposures while meeting data privacy obligations efficiently. LightBeam is on a mission to create a secure privacy-first world helping customers automate compliance against a patchwork of existing and emerging regulations.