Your company is buried in digital privacy risk.

NT Analyzer provides in-house counsel and other privacy and security professionals the tools needed to ensure compliance for their company. Unlike other privacy tools, NT Analyzer uses a rigorous technical approach to identify and mitigate legal risk through the lens of the data protection law most applicable to the company (CCPA, GDPR, HIPAA, GLBA, etc). This method ensures legal compliance and gives companies confidence in their data practices.

The Product

Personal data collection is hidden at the technical level

As if the wide array of data protection laws were not challenging enough for companies, most third party data collection is hidden from view. Indeed, even companies with robust technical teams are unable to reliably detect the collection of all potential categories of personal data, much less track which third parties receive this data or apply those findings to legal baselines.

Why detecting and tracking the collection of personal data is difficult

Third party code is a black box. Developers make widespread use of third party code—for functionality, marketing, advertising, and other uses. Third parties collect a large amount of personal data, and companies almost never test third party code for its data collection properties. The reason is because no technical standard directly addresses this issue, and there had not been a commercial solution available until now.

Third parties collect code directly from end-user devices. Most third party data collection is invisible to you: it is intermediated by the end-user’s mobile device or laptop, so it never appears in your own server or web logs. Whether it’s JavaScript tags or mobile SDKs, the personal data is transmitted directly to the third party. Detecting the full range of personal data is hard. Personal data includes not only traditional, individually identifiable data such as names, email addresses, social security numbers, etc., but also advertising identifiers, hardware identifiers, network information, geolocation, and various attributes about the environment and devices. Many times this data will be collected in an encoded or obfuscated form, increasing the difficulty of detection.

NT Analyzer detects and tracks the collection of data

Using network traffic analysis and other technical methods, NT Analyzer detects and tracks the full range of personal data including technical and obfuscated information. It is not unusual for our data detection engine to attempt to find over 10,000 data elements, including encoded and hashed data. In addition to tracking transmitted data, and the parties to which it is sent, we also analyze code associated with the “fingerprinting” of browsers as well as data used for “fingerprinting” mobile devices.

Abstract technology image

How It Works

Technical dashboards

Based on hosts, data of interest, legal tests, and geolocation.

Legal modules

Specific legal analyses for each relevant legal area.

Network traffic viewer

Based on data of interest, view all matching network traffic requests and responses in our proprietary viewer.

Where we can test

  • Locally in a Norton Rose Fulbright office
  • In the cloud, by region
  • On-site, if requested by a client
  • Elsewhere as requested by client

Product Advantages:

Our tool suite maps technical findings to the law

NT Analyzer takes the technical findings and applies various legal baselines (ePrivacy, CCPA, GLBA, COPPA, HIPAA, and others). For example, for CCPA, NT Analyzer helps to identify the transmission of data to third parties that may qualify as a “sale” so that companies can follow up and obtain appropriate agreements. For HIPAA, NT Analyzer identifies the transmission of PHI so that companies can review where they may need either additional business associate agreements or to remove third party tracking. For ePrivacy, the tool suite shows where there is a transmission of data stored on terminal equipment, together with identification of cookies and device “fingerprinting.”

Eagle-like vision

An eagle sees the entire landscape, but can spot a rabbit from 3.2 kilometers (2 miles). Similarly, NT Analyzer’s technical dashboards allow you to not only see the entire data collection landscape in high level summaries, but also to immediately drill down—in the same display—to a single data collection event: a single HTTP Request transmitting a particular piece of data of interest to a particular server.

Easy and Useful

NT Analyzer provides Chief Privacy Officers and CISOs with three mission-critical views:

  • Dashboards for viewing data collection practices across various devices and overtime.
  • Network Traffic Viewer for deep technical drill downs to see specific data transmissions.
  • Legal Modules that consist of statue-specific and regulation-specific reports based on specific legal baselines such as GDPR, ePrivacy, CCPA, HIPAA, GLBA, VPPA, COPPA.
  • Data Exports on request if you want data from a dashboard or table for your “record of processing” or uploading into your privacy management software.

Addressing privacy exposures head-on

Most privacy-related enforcement actions, lawsuits, and PR blow-ups happen because CPOs and CISOs lacked visibility into the actual data collection behaviors of their apps, websites, and IoT services. The core problem is that the traditional approach to privacy relied primarily on the representations of vendors or companies involved in marketing or ad operations. That is not due diligence. NT Analyzer shifts the paradigm. It empowers CPOs and CISOs by providing detailed insights about the company’s data collection footprint—including granular insights into third party data collection that was previously a black box.

We level the playing field

NT Analyzer provides you with the information and insights you need to manage privacy effectively. NT Analyzer will show you:

  • What data is being transmitted
  • Which companies receive it
  • The physical location of the server receiving the data
  • The legal impact

Easy technical drill down

NT Analyzer is powerful enough that your developers can easily use the information from NT Analyzer to conduct remediation. For example, select any search term or any Internet host and use NT Analyzer’s Network Traffic Viewer to immediately drill down into the raw HTTP Request/ Responses to find the specific transmission details needed to demonstrate the issue to your engineering team. With NT Analyzer, the right level of detail is always only a few clicks away. We believe the visibility and accountability created by this level of insight is a critical, yet often missing, piece of the CPO and CISO’s risk mitigation plan.

No other solution compares

No other commercial tool tracks personal data sharing at such a technical level, much less applies the technical facts to relevant legal baselines.

Contact Us

For more information about NT Analyzer or to schedule a demo of the tool suite, please send us a request using the form.