Tech DNA bridges the gap between tech and law to accurately identify privacy violations and risks.
ACTUAL PRIVACY COMPLIANCE STARTS WITH THE TECH ITSELF.
We look at data in, data processing, data storage, and data out. We look at database schemas, API’s, messaging queues, pipelines, caches, logs, secrets management – you name it, we look for it. In the code itself.
ARCHITECTURE & DATA
Tech DNA extracts the full range of intended functionality and data usage from the development team, the software-as-built, and applicable roadmaps. We leverage experience in assessing billions of dollars worth of software to chase down dependencies for each application, data input, data output, data store, and process.
We identify consent flows and T&C prompts across all relevant platforms and user levels. We check for surface-level consistency, as well as under-the-hood technical consistency to ensure all compliance flows draw from the same source and leverage internally consistent tech. We match claimed legal basis against actual usage to identify legal basis violations.
Privacy laws grant no safe harbor for privacy violations programmers weren’t aware of. We see unintended data processing all the time and know where to look both in the code and what engineering questions to ask.
BRIDGING THE GAP
Once we fully understand the data a system has and processes, we then apply the appropriate regulatory regime or regimes.
US-only Clients/TargetsFor US-only projects, in addition to the above we assess the full CCPA, including identification of all data collected and how stored and tagged, notice tracking, consent tracking, reasonable and proportionate business purpose validation, consumer rights compliance and propagation, non-discrimination compliance, and value provided by data for financial incentive data usage.