FREQUENTLY ASKED QUESTIONS

Who should use the ContextSpace Privacy Enforcement platform?


ContextSpace is a Data Protection by Design and by Default platform that enforces privacy protection and regulatory compliance across any number of applications simultaneously.

Organizations that wish to earn the trust of consumers, or may be subject to strict privacy regulations, should consider ContextSpace Platform for operational compliance enforcement.

The unique ContextSpace approach significantly reduces the costs and accelerates the realization of enterprise-wide digital privacy compliance.




Why is ContextSpace Platform so different?


Typically, privacy functionality must be custom built into each application.

ContextSpace turns this conventional approach on its head.

ContextSpace removes privacy and data protection coding from your application requirements and, instead, enforces privacy in underlying infrastructure.

This is very similar to the way access management, firewalls, intrusion detection systems, data loss prevention systems, API management systems all work. These technologies impose consistent security and access rules across all your applications, because it is literally infeasible to do this via application-specific coding.

So, why in principle, should privacy be any different?

With this modern approach, ContextSpace can consistently protect any number of digital applications and products simultaneously, at a fraction of the effort and cost of application-specific approaches.

Of course, the devil is in the details. ContextSpace helps through step-by-step privacy design tools for minimizing privacy risk and maximizing privacy rights.

We are also able to strongly protect workforce and/or consumer identity:

  • profiles
  • sensitive attributes
  • health records
  • social and commercial activities
  • IoT data, voice, video and all kinds of unstructured data
  • – across any and all types of digital applications, services and products.

Finally, we enable comprehensive compliance with multiple specific privacy regulations including GDPR, LGPD and CCPA.




How does ContextSpace integrate with my systems?


While ContextSpace is an innovative and even revolutionary solution, it is still based on industry standards and works with the technology that you already have. ContextSpace integrates with applications via simple REST APIs. It supports federated identity standards to work with virtually all Identity & Access Management products that you've implemented over the past 15 years. Its Privacy Firewall service integrates with API Management suites, EAI and RPA tools to extend GDPR protection to 3rd party programming interfaces. ContextSpace integrates with legacy and cloud data infrastructure via its Identity Data Gateway (ID Gateway). This service enables discovery, mapping and access to virtually all types of existing structured and unstructured data found in a typical organisation. ContextSpace protects access to data via its Privacy Firewall technology, which uniquely enforces Purpose-Based Access Control - critical to sustainable and provable compliance. The Privacy Firewall transparently enforces compliance for existing data infrastructure - databases, middleware and 3rd party API functionality. Sometimes, existing infrastucture may be unsuitable for processing large volumes of sensitive personal data. ContextSpace is able to extend this infrastructure via its own secure data management capability. This employs containerized, massively scalable, highly available and distributed "big data" technology with unique, personalised data encryption. Our data repository works across multiple premises and cloud providers simultaneously and is so scalable and redundant that it never needs SLA degradation or downtime for any purpose.




How does "Personalised Encryption" work?


The majority of systems processing personal data do not perform encryption. This is why there are so many data breaches: personal data is largely unprotected.

Even where crypto is used, it often protects only a small portion of sensitive personal data such as passwords.

ContextSpace is able to protect the full collection of each person's data: structured data, activities, behavior records, IoT data plus unstructured data (documents, images, voice and video).

We encrypt this data uniquely and specifically for each person, using personalised, AES-256 military-grade algorithms and integrated, scalable and secure key management technology.

Once encrypted, personal data can only be decrypted for lawful purposes when requested by an authorised party or caller via our Privacy Firewall.

This approach comprehensively ensures confidentiality - whether against unauthorised internal actors, or from theft from external intruders. It provides exceptionally strong data breach prevention and renders such attempts harmless and non-reportable.

Our solution makes successful theft and exploitation of personal data very complicated for the attacker, who would need to defeat formidable encryption and multi-party computation protections separately for each different person's stolen data.




What is the "Purpose Limitation Principle" and why should I care?


Purpose Limitation is a highly-regarded privacy best practice. It consists of two very important rules:

- Personal Data must be collected for specified, explicit and legitimate purposes only (purpose specification);

- Personal Data must not be further processed in a way that is incompatible with those purposes (compatible use).

(Definition by the International Association of Privacy Professionals - IAPP)

With purpose-limitation, an organization collects personal information about an individual that can only be used for a specific and legal purpose. Whenever that organization wishes to process the individual's data for a different purpose, it must define its scope, determine lawfulness, necessity and fairness, and also assess any risks of harm that it might pose to the individual. Personal data in inventory cannot casually be re-purposed.

If this approach sounds improbable or even impossible, think again: it is the law across all of the European Union, in California, Canada, Brazil, India, Japan, Singapore and is being rapidly adopted by virtually all other countries.

The difficulty of applying the Purpose Limitation principle to legacy applications is the reason why Data Protection by Design is also being adopted and even mandated.

ContextSpace transparently enforces Purpose Limitation - on all its personal data collection and processing operations. This includes access to encrypted data managed within ContextSpace itself, as well as data accessed via 3rd Party APIs and legacy database that have been protected by our Privacy Firewall service.




How scalable, highly available and high performance is the ContextSpace platform?


ContextSpace is a modern, containerized, scalable and highly-available privacy enforcement solution.

This matters as unlimited growth and zero unplanned downtime are non-negotiable business constraints.

ContextSpace uses a state-of-the art, distributed and redundant platform with truly linear and unlimited scalability.

Our solution supports active-active dynamic failure control for all critical services, ensuring extremely high availability. In fact, thanks to its highly distributed and redundant architecture, ContextSpace does not require any planned downtime for maintenance activities - the integrated redundancy allows maintenance to be performed without any outages at all..

ContextSpace performance is uniformly excellent. Thanks to its inherent scalability, performance levels can be maintained regardless of the growth in the size of the population being served or the number of organizations that may leverage the ContextSpace services in a community setting.

In addition, data can be ingested at very high velocity, with high integrity. This means that ContextSpace is able to support "Internet of Things" applications including personal activities, health, locations, security and device telemetry that increasingly falls under regulatory privacy protection regimes.




How is ContextSpace Platform deployed and licensed?


ContextSpace Platform can be flexibly deployed in the following configurations:

1. Fully managed Data Protection as a Service deployment. We currently support Google Cloud Platform, Amazon Web Services, IBM Cloud and Microsoft Azure. We can support any major public cloud platform upon request.

2. Private Cloud-based deployment with or without ContextSpace Managed Services.

3. Premises-based deployment, with or without ContextSpace Managed Services

4. Hybrid Deployment, where services are distributed across a mix of premises and cloud.

Licensing depends upon the deployment model chosen. ContextSpace offers a simple and standardised "pay as you go" licensing approach for its public cloud-based deployments, with volume-based pricing tiers.

Other deployment types, such as Premises and Hybrid incur additional costs according to the scope of customisation, integration and support that may be requested.




What is a “Privacy Firewall”?


According to Wikipedia, “a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.” Simply put, firewalls transparently enforce rule-based security policies onto network traffic.

Likewise, our “privacy firewall” sits in-between data clients and data sources to authorize, examine and permit requests to access personal data on a purpose-limited basis. Any data that is processed outside the scope of defined and lawful purposes is either refused or stripped out of the request.

The Privacy Firewall is also used to generate detailed and contextual “records of processing” that provide the foundation for any defense against regulatory fines and civil or class-action lawsuits.

By transparently preventing non-compliance, the Privacy Firewall greatly simplifies the controls needed to ensure compliance, including workforce training, application coding, purpose limitation and auditing.





Copyright  2020 © ContextSpace Solutions Ltd (Israel). All Rights Reserved.