Based on hosts, data of interest, legal tests, and geolocation.
Specific legal analyses for each relevant legal area.
Network traffic viewer
Based on data of interest, view all matching network traffic requests and responses in our proprietary viewer.
Where we can test
- Locally in a Norton Rose Fulbright office
- In the cloud, by region
- On-site, if requested by a client
- Elsewhere as requested by client
NT Analyzer takes the technical findings and applies various legal baselines (ePrivacy, CCPA, GLBA, COPPA, HIPAA, and others). For example, for CCPA, NT Analyzer helps to identify the transmission of data to third parties that may qualify as a “sale” so that companies can follow up and obtain appropriate agreements. For HIPAA, NT Analyzer identifies the transmission of PHI so that companies can review where they may need either additional business associate agreements or to remove third party tracking. For ePrivacy, the tool suite shows where there is a transmission of data stored on terminal equipment, together with identification of cookies and device “fingerprinting.”
An eagle sees the entire landscape, but can spot a rabbit from 3.2 kilometers (2 miles). Similarly, NT Analyzer’s technical dashboards allow you to not only see the entire data collection landscape in high level summaries, but also to immediately drill down—in the same display—to a single data collection event: a single HTTP Request transmitting a particular piece of data of interest to a particular server.
- Dashboards for viewing data collection practices across various devices and overtime.
- Network Traffic Viewer for deep technical drill downs to see specific data transmissions.
- Legal Modules that consist of statute-specific and regulation-specific reports based on specific legal baselines such as GDPR, ePrivacy, CCPA, HIPAA, GLBA, VPPA, COPPA.
- Data Exports on request if you want data from a dashboard or table for your “record of processing” or uploading into your privacy management software.
Most privacy-related enforcement actions, lawsuits, and PR blow-ups happen because CPOs and CISOs lacked visibility into the actual data collection behaviors of their apps, websites, and IoT services. The core problem is that the traditional approach to privacy relied primarily on the representations of vendors or companies involved in marketing or ad operations. That is not due diligence. NT Analyzer shifts the paradigm. It empowers CPOs and CISOs by providing detailed insights about the company’s data collection footprint—including granular insights into third party data collection that was previously a black box.
- What data is being transmitted
- Which companies receive it
- The physical location of the server receiving the data
- The legal impact
NT Analyzer is powerful enough that your developers can easily use the information from NT Analyzer to conduct remediation. For example, select any search term or any Internet host and use NT Analyzer’s Network Traffic Viewer to immediately drill down into the raw HTTP Request/ Responses to find the specific transmission details needed to demonstrate the issue to your engineering team. With NT Analyzer, the right level of detail is always only a few clicks away. We believe the visibility and accountability created by this level of insight is a critical, yet often missing, piece of the CPO and CISO’s risk mitigation plan.
No other commercial tool tracks personal data sharing at such a technical level, much less applies the technical facts to relevant legal baselines.
Economies of scale
- Proprietary database on third parties
- Data analysis and parsing is tuned to relevant privacy laws
- Solve numerous hard corner-cases as they arise; iterative knowledge
- We’ve reviewed analyzed over 1,000 apps and websites across many industries
- Overwhelming amount of time and money to build and troubleshoot this internally
- Costs more to hire one full-time employee
Lawyers who can code
- Privacy lawyers inherently need to be involved (i.e., if your privacy lawyer wasn’t involved in the tool’s generation, then the in-house tool does not exist/do the same thing as NTA)
- Legal findings protected by Attorney client privilege
- Most privacy lawyers do not know how to code
Privacy vs. security
- Most in-house resources are required to focus on security risk typically pulling away from in-house privacy resources.