This month, we now have added “API mapping” and “JavaScript file evaluation” as core elements of the NT Analyzer software suite. This submit explains what API Mapping is and the way the function gives essential insights relating to the transmission and processing of person information (a subsequent blogpost will handle JavaScript file evaluation).
NT Analyzer is a privateness testing software that detects private info transmitted by net apps, cell apps, and embedded companies, together with figuring out transmission of information to 3rd events. It makes use of low-level technical information to identify and remediate all kinds of privateness compliance points, together with, for instance, these pertaining to the VPPA, CCPA, HIPAA, and GLBA.
Up to now, NT Analyzer has centered closely on figuring out uncooked information transmissions. Nevertheless, we now have now expanded NT Analyzer’s analytical capabilities to incorporate “API mapping.” API mapping generates technical documentation explaining why an endpoint collects explicit information along with the construction and objective of particular parameters and information components. API mapping gives important insights on how transmitted information is used and for what functions—core inputs in any privateness threat evaluation or evaluation.
What’s an API?
Though the time period “API” is usually utilized in authorized areas referring to privateness and safety, many practitioners might solely have a fuzzy notion of what the time period means until they’ve hands-on expertise with improvement. An “API” or “Utility Programming Interface” is a pre-defined, structured algorithm and/or protocols that gives clear strategies for a way software program techniques talk with one another in an effort to make particular options or companies work for web sites, cell apps, linked TVs, and nearly any network-aware machine or software. APIs can be utilized for quite a lot of features, akin to location companies (geocoding, reverse geocoding, instructions), fee processing (Stripe API, PayPal REST API, Sq. funds API), AWS (S3 storage), analytics, advert supply, advert focusing on, and plenty of different use circumstances. Firms may additionally have their very own first-party APIs as nicely.
Why is API Mapping Important for Privateness Testing?
“API mapping” consists of utilizing a repeatable, formalized course of to indicate how paths, parameters, headers, or request our bodies align with—or “map” to—particular backend features or endpoints. API mapping is used to realize an understanding of what a specific service does and the way it operates by detailing who the info is shared with; what information is shared; when is it shared; and the way the info is used. API mapping gives an organization with the required info to know potential privateness dangers and any attendant compliance obligations.
Within the context of privateness threat assessments and related evaluations, API mapping permits an organization to know and decide:
- Who the info is being shared/disclosed to;
- What information is being shared/disclosed;
- When a specific share/disclosure happens within the person journey;
- Why particular information is shared/disclosed with that third celebration and for what objective;
- How a specific information factor or parameter is utilized by the API; and
- The Accuracy of Third Occasion Reps relating to entry to person information and interactions.
For extra details about NT Analyzer or API mapping, please contact both Steven Roosa steven.roosa@nortonrosefulbright.com or Wenda Tang wenda.tang@nortonrosefulbright.com.
This month, we now have added “API mapping” and “JavaScript file evaluation” as core elements of the NT Analyzer software suite. This submit explains what API Mapping is and the way the function gives essential insights relating to the transmission and processing of person information (a subsequent blogpost will handle JavaScript file evaluation).
NT Analyzer is a privateness testing software that detects private info transmitted by net apps, cell apps, and embedded companies, together with figuring out transmission of information to 3rd events. It makes use of low-level technical information to identify and remediate all kinds of privateness compliance points, together with, for instance, these pertaining to the VPPA, CCPA, HIPAA, and GLBA.
Up to now, NT Analyzer has centered closely on figuring out uncooked information transmissions. Nevertheless, we now have now expanded NT Analyzer’s analytical capabilities to incorporate “API mapping.” API mapping generates technical documentation explaining why an endpoint collects explicit information along with the construction and objective of particular parameters and information components. API mapping gives important insights on how transmitted information is used and for what functions—core inputs in any privateness threat evaluation or evaluation.
What’s an API?
Though the time period “API” is usually utilized in authorized areas referring to privateness and safety, many practitioners might solely have a fuzzy notion of what the time period means until they’ve hands-on expertise with improvement. An “API” or “Utility Programming Interface” is a pre-defined, structured algorithm and/or protocols that gives clear strategies for a way software program techniques talk with one another in an effort to make particular options or companies work for web sites, cell apps, linked TVs, and nearly any network-aware machine or software. APIs can be utilized for quite a lot of features, akin to location companies (geocoding, reverse geocoding, instructions), fee processing (Stripe API, PayPal REST API, Sq. funds API), AWS (S3 storage), analytics, advert supply, advert focusing on, and plenty of different use circumstances. Firms may additionally have their very own first-party APIs as nicely.
Why is API Mapping Important for Privateness Testing?
“API mapping” consists of utilizing a repeatable, formalized course of to indicate how paths, parameters, headers, or request our bodies align with—or “map” to—particular backend features or endpoints. API mapping is used to realize an understanding of what a specific service does and the way it operates by detailing who the info is shared with; what information is shared; when is it shared; and the way the info is used. API mapping gives an organization with the required info to know potential privateness dangers and any attendant compliance obligations.
Within the context of privateness threat assessments and related evaluations, API mapping permits an organization to know and decide:
- Who the info is being shared/disclosed to;
- What information is being shared/disclosed;
- When a specific share/disclosure happens within the person journey;
- Why particular information is shared/disclosed with that third celebration and for what objective;
- How a specific information factor or parameter is utilized by the API; and
- The Accuracy of Third Occasion Reps relating to entry to person information and interactions.
For extra details about NT Analyzer or API mapping, please contact both Steven Roosa steven.roosa@nortonrosefulbright.com or Wenda Tang wenda.tang@nortonrosefulbright.com.
