Project Description

Privacy Management Case Study Western Union using Onspring

A case study on privacy management

Western Union’s privacy team fulfills an important role by providing counsel to the organization on how to collect, use, and share personal information for customers, agents, and employees. Managing this data-intensive process demanded a technology that could cover the breadth of the organization without adding administrative oversight. Onspring delivered process automation, content management, and reporting, that enables self-sufficiency and comprehensive privacy management.

150

team members using Onspring

0 minutes

wait time to make updates to workflows & reporting

Profile

Company: Western Union

Industry: Financial Services

ReachGlobal, 200 countries

Size13,000 employees

Solutions:

Challenge

Serving as an advisory function to provide guidance, answer questions, and interpret the law for a Fortune 500 company mandates a small margin of error. It is critical for the privacy team to be able to control data access, destruct consumer data, identify privacy issues, and manage privacy control inventory. The team was grandfathered into the use of RSA Archer alongside another team, which meant they were unable to make process updates without incurring costs and were always waiting in a queue for any requested update.

The goal:

  1. Find a tool that could create several different processes, be centrally managed, and linked together.
  2. And, could be updated on their own, whenever they wanted, without waiting in a queue or incurring costs.

Solution

Western Union started with the compliance and incident management solutions and utilized the Onspring professional services team to customize the workflows, reports, and dashboards to specifically fit their unique needs. The initial launch focused on four key workflows: restricted data requests, consumer data destruction, privacy issue identification, and manage privacy control inventory.

Privacy Management Organization for Western Union in Onspring
Compliance Management Icon Onspring Yellow Line

Restricted data requests

When Western Union employees need access to sensitive data, they now submit a formal request in Onspring that is tracked and reported for privacy control measures. At any point in time, the privacy team can use Onspring to identify every sensitive’s data point based on who, what, where, when, and why.  

Each data request logs:

  • Datapoint(s) needed
  • Why it is needed
  • Where it will be used

Before granting data to users, requests go through a review and approval process with both privacy and legal teams. Once granted, data is provided by the actual data owners within the company.

Common sensitive data use cases: 

  • Marketing needs email addresses to conduct targeted marketing campaigns
  • Compliance must provide regulators with lists of every transaction from one country to another during specific time periods
Start-Mitigation-Plans-in-Onspring

Consumer data destruction

Even before GDPR, consumers contacted Western Union to request the removal of their information from the company’s files. Using Onspring, these requests are now filtered to privacy and legal teams for review before fulfilling with multiple system owners to delete the data.

Through reporting, the privacy team can evaluate each request to track its status, speed of completion, and also identify trends in data destruction requests based on volume, location, or even marketing campaign.

Risk Management Icon Onspring Red Line

Privacy issue identification

By providing a central repository to house identified privacy assessments, Onspring enables the Western Union team with real-time management. The privacy team uses Onspring reporting to provide data visualizations of current open privacy opportunities, as well as an archive of closed gaps.

  •  Global Privacy and Records Management Office adds, assigns, manages, tracks, and reports on the status of opportunities.
  • Remediation Managers assigned to opportunities input remediation plans, update plans, and input progress.

Workflows ensure each opportunity is actively tracked by all required teams.

Privacy Process Flow with Western Union in Onspring
Reveal-Data-Insights-in-Onspring

Privacy control inventory

Questionnaires are now sent via Onspring surveys to various business units to collect data on privacy controls. These automated surveys distribute on an annual schedule, eliminating the need for the privacy team to set manual reminders.

All data submitted through the surveys logs directly into Onspring and is associated with the appropriate data record. Reports on the data collection provide visibility into who has access to personal data and how it is collected and stored.

This survey and reporting process has saved the privacy team hours of time by eliminating manual surveys, data collection, analyses, and remediation.

Result

Regular communication between Western Union and the Onspring professional services team ensured a successful deployment. This collaboration also helped Western Union quickly adapt to the tool with minimal training, which has kept them from hiring a new skill set to manage administration. Every team member is completely self-sufficient.

Self-sufficiency

Team members access and update information on their own, whenever needed

Cost reduction

Replacing the legacy system reduced costs by eliminating IT support needs and removed the need for a full-time administrator

Enterprise benefit

InfoSec team adopted the use of Onspring to manage cybersecurity risk and is integrating with other tools like Power BI

Download this case study

Regulation Solutions for NIST NERC CMMC GDPR by Onspring
Analytics Creates Better Decision Making