Using TerraTrue’s Taxonomy for Structured Data Collection in Reviews
TerraTrue’s strength as a review tool lies in its ability to collect and organize structured data. At the core of this functionality are our taxonomy questions, which form the foundation of the Data Spec, Privacy Worksheet, and Assessments and are also key aspects used to visualize analytics data about your privacy program in Privacy Central. Through these taxonomy questions, you or your business users can select values from a dynamic list of taxonomy items. TerraTrue’s Taxonomy includes 6 types, each customizable in your settings. Below are the 6 types with examples from our default taxonomy:
- Data Subjects: customers, prospects, employees, contractors
- Data Uses: build interest profiles, manage employee devices
- Data Types: email address, phone number, genetic information
- Data Transfers (Data Regions): Europe, United States, California
- Retention Periods: 7 days, account duration, indefinitely
- Launch Goals: develop new products, onboard a new vendor
- Third Parties: Amazon, Google, Mailchimp
These taxonomies can be customized and managed in Customization > Settings. *Note: third parties are stored and managed in Third Party Management.
You can read more about how to customize your taxonomy here: Customizing TerraTrue's taxonomies.
These taxonomy types can be configured with options like risk levels, SPI (Sensitive Personal Information) flags, custom branching logic, privacy modules, and more. Key benefits include:
- Powerful Multi-Dimensional Reporting: Privacy Central, TerraTrue’s privacy reporting hub, won't just be a spreadsheet of answers collected in a form; it’ll also provide relationships between taxonomy items, like which data types are used for specific data uses across all launches.
- Custom Question Logic: Tailor your workflows like your Data Spec to trigger specific questions based on taxonomy selections. For example, if a business user selects “Employees” as data subjects, additional questions can appear to capture details about relevant internal teams.
- Built in Privacy Law Guidance: Guidance automatically appears based on taxonomy selections in the Privacy Worksheet. For instance, if “Europe” is chosen as a data region, TerraTrue can prompt the reviewer to specify the Bases for Processing.
- Automated Assessments: TerraTrue can also trigger privacy assessments based on taxonomy selections in the Privacy Worksheet. For example, if a business user selects high-risk data types in a Data Spec, this may trigger a DPIA review.
- Risk Alerts: If a sensitive data type is indicated without user consent, TerraTrue can alert the user completing the Privacy Worksheet.
Configuring Your Taxonomy
Upon setup, TerraTrue provides an out-of-the-box taxonomy populated with commonly used values and triggers. Many users can start right away, only needing to add a few custom types initially and as needed. You can also import an existing list of taxonomy items if you have one ready.
Admin users can edit, delete, or hide any taxonomy item in settings at any time.
We’ll dive deeper into viewing reports on taxonomy-collected data later, but here’s what’s essential now:
- A Launch includes a Data Spec to collect details on data usage.
- Data Specs include taxonomy questions that gather structured data, triggering guidance for users and reviewers in the Privacy Worksheet.
- Privacy Worksheet intelligently provides reviewers guidance and suggestions on assessment requirements based on the inputs from the Data Spec and Privacy Worksheet
- Once completed, this structured data flows to your reporting module, ROPA, where you can easily explore documented data types, uses, and more.
Next, let’s focus on how you can design an intake process that collects all the key information you need.