Project Description

A case study on privacy management
Western Union’s privacy team fulfills an important role by providing counsel to the organization on how to collect, use, and share personal information for customers, agents, and employees. Managing this data-intensive process demanded a technology that could cover the breadth of the organization without adding administrative oversight. Onspring delivered process automation, content management, and reporting, that enables self-sufficiency and comprehensive privacy management.
150
team members using Onspring
0 minutes
wait time to make updates to workflows & reporting
Challenge
Serving as an advisory function to provide guidance, answer questions, and interpret the law for a Fortune 500 company mandates a small margin of error. It is critical for the privacy team to be able to control data access, destruct consumer data, identify privacy issues, and manage privacy control inventory. The team was grandfathered into the use of RSA Archer alongside another team, which meant they were unable to make process updates without incurring costs and were always waiting in a queue for any requested update.
The goal:
- Find a tool that could create several different processes, be centrally managed, and linked together.
- And, could be updated on their own, whenever they wanted, without waiting in a queue or incurring costs.
Solution
Western Union started with the compliance and incident management solutions and utilized the Onspring professional services team to customize the workflows, reports, and dashboards to specifically fit their unique needs. The initial launch focused on four key workflows: restricted data requests, consumer data destruction, privacy issue identification, and manage privacy control inventory.


Restricted data requests
When Western Union employees need access to sensitive data, they now submit a formal request in Onspring that is tracked and reported for privacy control measures. At any point in time, the privacy team can use Onspring to identify every sensitive’s data point based on who, what, where, when, and why.
Each data request logs:
- Datapoint(s) needed
- Why it is needed
- Where it will be used
Before granting data to users, requests go through a review and approval process with both privacy and legal teams. Once granted, data is provided by the actual data owners within the company.
Common sensitive data use cases:
- Marketing needs email addresses to conduct targeted marketing campaigns
- Compliance must provide regulators with lists of every transaction from one country to another during specific time periods

Consumer data destruction
Even before GDPR, consumers contacted Western Union to request the removal of their information from the company’s files. Using Onspring, these requests are now filtered to privacy and legal teams for review before fulfilling with multiple system owners to delete the data.
Through reporting, the privacy team can evaluate each request to track its status, speed of completion, and also identify trends in data destruction requests based on volume, location, or even marketing campaign.

Privacy issue identification
By providing a central repository to house identified privacy assessments, Onspring enables the Western Union team with real-time management. The privacy team uses Onspring reporting to provide data visualizations of current open privacy opportunities, as well as an archive of closed gaps.
- Global Privacy and Records Management Office adds, assigns, manages, tracks, and reports on the status of opportunities.
- Remediation Managers assigned to opportunities input remediation plans, update plans, and input progress.
Workflows ensure each opportunity is actively tracked by all required teams.


Privacy control inventory
Questionnaires are now sent via Onspring surveys to various business units to collect data on privacy controls. These automated surveys distribute on an annual schedule, eliminating the need for the privacy team to set manual reminders.
All data submitted through the surveys logs directly into Onspring and is associated with the appropriate data record. Reports on the data collection provide visibility into who has access to personal data and how it is collected and stored.
This survey and reporting process has saved the privacy team hours of time by eliminating manual surveys, data collection, analyses, and remediation.
Result
Regular communication between Western Union and the Onspring professional services team ensured a successful deployment. This collaboration also helped Western Union quickly adapt to the tool with minimal training, which has kept them from hiring a new skill set to manage administration. Every team member is completely self-sufficient.
Download this case study

