Aware 2.0 - Understanding Data Sensitivity by Application & User Access

This article contains information on data sensitivity levels, their impact on collaboration platform data, and guidelines for assigning permissions to Aware applications based on sensitivity and impact considerations.

Some Aware applications can potentially surface highly sensitive data. Understanding the data sensitivity levels of each application and their impact on your collaboration platform data will help you determine permissions for your Aware users.

Data Sensitivity

Sensitive data can be defined as information that must be protected against unauthorized disclosure, including PII (personally identifiable information), PHI (protected health information), confidential projects, and more. Data Sensitivity should be considered when granting permissions to highly sensitive applications or policies that have the potential to surface highly sensitive content.

Impact

Actions taken within specific Aware applications can have a low to high impact on your collaboration data, both within the collaboration platform and the Aware Intelligent Data Fabric. Some actions are permanent and cannot be undone. The Impact should be considered when granting permissions to high-impact applications.

Aware Administrators have access to all applications and Aware system settings.

Aware User Permissions can be set by the admin for an individual Aware user and/or an individual Signal Policy level.

Below is an outline of each application's data sensitivity and impact on typical use cases by persona. Use this information as a guide when granting permissions to your Aware users.

SPOTLIGHT: High Data Sensitivity/Low Impact

Spotlight provides conversational insights. It allows you to understand the health and sentiment of your digital community/workspace over time, allowing you to make effective decisions faster. It is typically used by HR, Communications, Workplace owners, Employee Engagement teams, etc.

• Internal Communications and/or Marketing: Understand trends in conversation sentiment or health at the community level. Gain a deeper understanding of where and how conversations transpire. Pin groups to easily watch activities in key groups. Identify areas needing high-touch moderation or engagement.
• Human Resources: Identify negative trends in mood, attitude, or conversation health to prevent potential HR violations before they become a larger issue. Surface behavior anomalies at the community or group level.

SIGNAL: High Data Sensitivity/Low Impact

Near real-time Signal for DLP, capture the employee's voice, or identify conversation around external events. Typically used by HR, Communications, IT, and Legal (permissions can be created around specific Policies)

• Legal & Compliance: Identify and respond to industry regulations such as PCI, HIPAA, or FINRA violations in public or private communication areas.
• Human Resources: Identify and respond to harassment, discrimination, or bullying incidents before they become legal or PR nightmares.
• Info Security: Leverage the policy engine to identify incidents of insider threats regardless of malicious or negligent intent.

SEARCH & DISCOVER: High Data Sensitivity/Medium Impact

eDiscovery capability. Build a searchable intelligent data fabric of your community’s collaboration content and its corresponding context, as well as any edits or deletions. Typically used in Legal & Compliance, eDiscovery, and IT.

• Legal & Compliance: Carry out early case assessment and eDiscovery processes using advanced filtering to search and export historical user data and the surrounding conversation context.
• Info Security: Investigate file and sensitive content-sharing incidents and the corresponding context in public or private conversation areas.
• Human Resources: Investigate the context of a signal incident, such as sexual harassment or discrimination. Export the employee's historic content and context to better inform the next steps or escalation.

DATA HOLD: Medium Data Sensitivity/High Impact

Employee legal hold capability. Create and release legal holds by the content author. This is only applicable if you have a Retention in place. Typically used in Legal & Compliance, eDiscovery, and IT.

• Legal & Compliance: Preserve specified employee conversation data and its corresponding context for early case assessment and eDiscovery workflows.
• Compliance: Adhere to industry regulations by preserving content of interest from deletion due to retention policies.

RETENTION: Low Data Sensitivity/High Impact

Apply records retention policies and permanently purge select content from the collaboration platform and the Aware Intelligent Data Fabric. Many customers collaborate with Legal and Info Security to determine retention policies, and then the Aware administrator implements the policy.

• Legal & Compliance: Reduce your liability for litigation by systematically purging stored conversation data from your collaboration platform.
• Info Security: Reduce your risk of breach by systematically purging stored conversation data from your collaboration platform.