Snap Finance + Lightbeam: Building a Scalable Privacy Program

Snap Finance built a scalable privacy program with Lightbeam—discover how Kiran’s team automated data discovery, classification, and governance.

Snap Finance + Lightbeam: Building a Scalable Privacy Program | Customer Testimonial

Hear from Kiran at Snap Finance as he shares how Lightbeam helped transform their privacy program—moving from privacy by design to full privacy operations.
With Lightbeam, Snap Finance:

📊 Identified and classified sensitive data across all sources
🌐 Discovered and mapped data sources for complete visibility
🔐 Built a scalable privacy foundation to meet compliance needs

Kiran chose Lightbeam for its comprehensive, identity-centric approach to data privacy—and the results speak for themselves.

Transcript

Ki to talk to you.
Why don't you start with, uh, a bit of your question.
My name is KI and I've been with SNAP
for 18 months now in capacity
of a senior privacy program manager.
And, uh, currently my role is
to establish the privacy program from privacy by design
to privacy operations.
Part of that process, one of the biggest challenges
that we have is to identify
and classify the data in all of our data sources.
When I started, we had a privacy policy
and we know what kind of data we were collecting,
but identifying those data sources
where the data is being stored and what kind of data we have
and who has access to it, was problems
that I was hired to solve.
When we started looking at the breadth of the data
that we have, we understood quickly
that there's no single silver bullet
to solve all of our problems.
So we, we thought, let's prioritize the requirements.
The top three requirements for us was to identify the data
and classify the data.
That's how, uh,
we started prioritizing those two requirements
and started to look at the different tools
that are available in the market.
And being an IAB member
and being in privacy for almost six, seven years now,
I had access to different tools
that were available in the market,
but none of the tools were kind of coming close
to what we were looking for.
Either. Either the price was too high
or possibly it was not doing the whole thing,
that identification, classification of our data.
And because we also had a requirement to not only identify
and classify the data, also identify data sources too,
that's how we were looking at different tools.
Yeah, if I remember sometime back when we were doing the
discovery of all different tools, I remember
that we were looking at two three out there in the market
figuring out what one, which one works and what.
So how do you go about finalizing on livestream solution?
So when we started looking at different tools, uh, we,
based on the IAPP vendors list, I I went
through literally analyzing the 40 different tools
that were available for us
and spoke to each one of them, understanding
and, you know, prioritizing the requirements
and talking to them on a regular basis to come up with,
okay, how can you solve our problem in identifying
and classifying the data?
And being a medium DM scale business ourselves,
we were looking at somebody who can partner with us,
not just, you know, solve one or the other problem for us.
We wanted a partner that can kind of understand our problem
and kind of grow the technology along with us.
So that's, that's where we identified lightbeam.
And Lightbeam was introduced to us from, um, uh, CSO
who was, uh, back then was working with us,
and he was introduced to Lightbeam through Zscaler,
and that's how we got introduced.
And, uh, I'm glad that we got introduced
because when we started looking at Lightbeam, uh, we had
a whole bunch of requirements given to them
and the, the entire roadmap was shared with them so
that they can understand what we are looking for
rather than just promising the moon and not delivering it.
Like some of the tools that we saw in the market
to Lightbeam was there for us to kind
of understand the way we want it
and how, how it has to be implemented.
Not only by designing the implementation along
with the roadmap, they, they were also part of every step
to identify the data sources that we have.
And, uh, the best part of it was the customer success team.
Uh, they were contacting us
or in connect with us on a regular basis.
They understood the problem and they
provided the solution that was amicable to us, not just,
you know, Hey, I have this tool, I have this, uh, you know,
solution that that may work.
You know, they, they literally sat with us
as a design partner and they, they literally, we went back
to the drawing board and started to understand
how we can integrate lightbeam into our environment
because ours is a complex
and unique environment like any other
companies that we have right now.
And data was all over the place.
And having that design partner in Lightbeam helped us a lot
because the POC part went smooth.
We kind of identified the data sources
and there was no sales rush on us that kind
of gave us the flexibility to, to understand what,
what are the capabilities of the tool,
and if, if the tool was kind of, you know,
providing us some information
and they were ready to listen for feedback
and implement that feedback into the roadmap, which,
which gave us the flexibility not only to, you know, hey,
we can only solve one or the other problem.
Right now we have a partner
that can help us to grow with this.
Like I said, as a technology partner, we can build
with our data sources.
So now we have the confidence
that even if I spin up a new data source tomorrow,
or if my analytics team decides to do something different
with the data, I know exactly how to integrate it.
Like, and I know how to identify the data
and how to classify the data,
and now I can take the next step in the data governance
that, that's the glue, any goal that we're trying to achieve
to kind of access, provide the access controls of the data
that we have and being in the financial sector is more
important for us to kind of control that data access,
not just provide the access to everything
that everybody asks for.
So what marketing team wants,
we can get only nonsensitive data analytics team want.
They can get some, some sort of anonymized
or pseudo anonymized
or even master now, um, if, if a customer care rep wants
to see, they know exactly what data they need to access.
So that's, that's a roadmap we are trying to build with li
and uh, I would say we have successfully done
so far is identifying class time
and we're in progress of implementing the next stages
of data governance, which we are happy to say
that we made much progress than what we started with.
Wonderful. Thank you so much for the time.
We really appreciate, super excited we working on with you
and your team.
Um, let's take it away from IB for a second.
So we we're here at IBP global, there are probably
15 out there.
Uh, I would like to ask you, what message have
privacy tools, privacy that are market has you,
how would you like them to shape their roadmap,
which then becomes more real
and more useful for you as a customer?
You know, you cannot throw a tool at a problem, right?
So as, as a privacy expert, what I'm trying
to understand is basically if I can solve a problem
with a tool, good, but if I can solve two
or three problems, then from budget perspective,
I have one hand up.
Because not only privacy folks are fighting for the budget,
security's also fighting for the budget along with you.
And if security says I can protect the data,
then privacy gets a second chance in claiming that budget.
Because if security says I've encrypted everything, there's,
there's nothing you can look at it.
Now you have a problem in claiming the budget
or getting that tool that you want.
And the biggest challenge any company has is having
that data governance starting from lineage glossary
to access controls, to, to identifying
and building that trust for the end consumer, right?
So if,
if you are in the tool space from privacy perspective,
I would recommend to kind of look at how you can solve
not just one problem, right?
If, if you talk to a privacy expert
or anybody in the privacy space, first thing
that would come up is, hey, we can solve the DS R problem
for you, right?
But does everybody have the DS R problem?
No, not everybody has a DS R problem.
Like if, if you are in a space
where there are other regulations
that take over privacy regulation, right?
Like for example, GLBA, trumps CCPA
and any other regulation out there, if that is the case,
then these ares is not a big selling point.
So what else can you do
to help a privacy expert in that space?
So what you can do is probably look at privacy by design,
how, how you can help in data minimization
or how you can help help the privacy experts in
anonymizing the data.
Because analytics is gonna be key in the market, right?
So it's data is a new goal
and everybody wants to perform analytics, machine learning,
artificial intelligence is gonna take over the world.
Now, if artificial intelligence comes up
and you know, it can consume a lot of data that, that,
you know, we don't have to worry about running the machine
learning or the algorithms yourself just write the code
and it takes care of itself.
Now, how do you control and protect individual's privacy?
When you are running a, you know, algorithm
that consumes terabytes of data, how do you make sure
that there's no bias on place and all that?
So when, when, when you're looking at holistic perspective,
think about data governance, how can you help in terms of
from, from the design
and collection of data,
the entire life cycle of data, right?
So not just collection, you know, processing when
transmitting and, and the, the deletion
and retention of the, so I mean, at the end of the day,
there is no single silver bullet
that can solve all the problem for data.
If there was, then it, it's a different story altogether.
But if we can solve not just one problem,
that will definitely help.
Uh, because we don't have to worry about the budget,
you don't have to worry about how can I implement this?
And if you look at the privacy space, either the lawyers
or the privacy experts in an organization,
or probably there's 1D PO on one privacy engineer,
not every organization have tons of privacy engineers
who can help you out.
So you need to have that collaboration between teams,
which means you need to educate them on other teams like
development teams, sales, marketing,
and all the other teams that you need to educate as well.
And when, when you're trying to kind
of solve the privacy problem in a holistic way, think about
what other problems for an organization
that you can solve security space.
You have the code scanning tools which are already in place.
People can, you know, kind of tell you
how the data is moving in that space.
So that, that's also one thing that you can look at.
And like shifting left is a new, it's not a new term,
but it's a new term in privacy, right?
So privacy engineering
and how, how you can help integrate
that privacy engineering into privacy operations.