Focusing on meeting the minimum bar of industry standards and legal compliance instead of building true data privacy into your products puts your company’s reputation and customers at risk.

Founded in 2019, Skyflow is a data privacy safe for sensitive data. Its founders wanted to radically transform the way companies manage their users’ financial, health and other personal data – the data that powers the digital economy.

Robin AndrusChief Privacy Officer at Skyflow, has over 13 years of privacy experience, including leadership positions at Google, Yahoo, Trust Arc and Twilio.

Andruss explains here why customers deserve data privacy.

Robin Andruss, Chief Privacy Officer, Skyflow

Your customers want true data privacy when entrusting their data to you, not just “compliance” with laws and regulations such as GDPR, GLBA, SOC2 and PCI. They want you to ensure that their sensitive data is only used for authorized purposes by those who need it, and protected against hacks, breaches and leaks.

Go beyond compliance

Every business must go beyond dealing with compliance after the fact to deliver true data privacy. For example, in the Equifax data breach, the personal information of more than 140 million customers was compromised. This happened while Equifax was complying with all applicable laws and industry standards.

Equifax suffered lasting damage to its brand. And, while offering consumers a year of free credit monitoring reduces the damage to customer relationships, no remedy can completely undo the impact of such an incident.

What could they have done differently? Protecting the privacy of sensitive data by isolating it and applying strong data governance would have helped.

This is just one example of how compliance is necessary, but not sufficient, to ensure data privacy.

ACH data deserves better

For another example of the need to go beyond compliance to protect sensitive data, consider the gap between PCI regulations and Automated Clearing House (ACH) data in the United States. If you process transactions using both PCI and ACH data, you’ve probably noticed that PCI data regulations are strict, but ACH data is very lightly regulated. This is because payment card data is regulated by PCI DSS standards, and no equivalent to PCI DSS exists for ACH data.

I would say ACH data should have After protection than PCI data – consumers can dispute fraudulent credit card charges, but electronic transfers are almost impossible to reverse. Should we wait for new regulations before securing ACH data? Of course not. You need to centralize ACH and other sensitive data in a data privacy vault that tightly isolates, secures, and controls access to manage and use sensitive data — and works with your existing infrastructure.

Raise the bar for customer data privacy

Skyflow’s Data Privacy Vault is designed to centralize and protect sensitive data, including financial data, health data, and PII. Skyflow offers a wide range of features, including:

  • Data Governance Engine: What control do you have over your data if employee credentials are compromised? With Skyflow’s unique data governance engine, you can control who sees what, when, where and how. You can also add data access controls at the column and row level, based on any combination of policy, role, or attribute; so you can keep your most sensitive data out of reach of employees who don’t need it.
  • Polymorphic encryption: Encryption at rest is required by several industry standards, and it’s far better than storing unencrypted data. But in many cases, encryption at rest is not enough. Skyflow’s polymorphic encryption allows you to treat each type of sensitive data differently, so when you only need the last four digits of a customer’s SSN, that’s all you decrypt. Plus, it lets you run match and compare operations on encrypted data without needing to decrypt it, so you can run credit and KYC checks while keeping sensitive data fully encrypted.
Tokenize and centralize sensitive data

By using Skyflow’s APIs to collect sensitive data and tokenize it, you can manage sensitive data without your backend systems ever touching it. Instead, your backend manages tokens that point to centralized and isolated sensitive data in your Skyflow Vault.

SkyflowTo detokenize sensitive data, your backend provides these tokens to Skyflow, which confirms that your request meets zero-trust access controls before detokenizing and resending the requested data.

Centralizing sensitive data has many benefits, making it easier to meet data residency requirements and narrowing the scope of PCI compliance.

Building for Data Privacy with Skyflow and Plaid

PlaidAPI connectivity to over 12,000 banks and financial services makes it a popular choice for businesses that need financial data about their customers. Skyflow has partnered with Plaid to make protecting sensitive data easier than ever. So you can use Plaid’s APIs while using Skyflow’s Data Privacy Vault to protect sensitive PII and financial data.

Try Skyflow

By centralizing sensitive data in Skyflow’s Data Privacy Vault, you can ensure that your product goes beyond compliance with slowly evolving standards and laws to meet the threat landscape. To learn more about how Skyflow Data Privacy Vault can help you isolate and protect your customers’ data, try Skyflow.