close
close
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Spotlight

Unlocking Responsible AI with Future-Ready Privacy

Introduction

LastPass set out to embrace AI’s potential while protecting the trust of the millions of people who rely on them. With thoughtful oversight and straightforward safeguards, the LastPass team built an AI governance program that is purpose-built to scale.

Founded: 2008
DataGrail user since: 2023
Industry: Identity Management
Intuitive Risk Assessments

Privacy impact assessments were already a critical component of the LastPass privacy program. As the team focused on AI, they built a new assessment workflow in DataGrail that adapts to the complexity of the request, helps build a complete data journey, and efficiently enables business partners. Their assessments are focused while aligned with compliance frameworks.

The LastPass team utilizes assessments as an educational opportunity: the assessment can inform a requester of supplier risks they weren’t aware of by comparing request details with DataGrail’s System Inventory and help remind requesters of key privacy obligations. The LastPass privacy team is well prepared to navigate the complex AI landscape, empower business partners to innovate to best achieve company goals, and uphold its security and privacy commitments to its customers.

A Living RoPA

By centralizing privacy in DataGrail, LastPass can not only pull an accurate Record of Processing Activity in seconds, but their Data Protection Officer (DPO) also gains real-time insight into AI usage and potential privacy risks across the company, allowing them to easily adjust their focus and provide support where it is needed.

Many RoPAs only represent a single point in time and quickly become outdated. Our RoPA in DataGrail gives us an ability to understand our data landscape at any given moment.”
Steve Irlbacher
Associate General Counsel and Data Protection Officer
A Privacy Program Designed for Trust and Innovation

LastPass partnered closely with DataGrail to build a privacy and AI governance program centered on one priority: keeping customer data private, secure, and protected at all times. They inspired Risk Register, DataGrail’s source of truth to track and mitigate risks detected across their entire privacy ecosystem, from Assessments to the System Inventory and beyond.

Strong AI governance can’t live only behind the screen. LastPass created an AI Usage Policy that governs secure and ethical AI adoption and provides toolkits for teams getting started.

LastPass established two cross-functional teams: an AI Working Group focused on enablement and advocacy as well as an AI Governance Group that ensures strategic oversight.

The deliberate approach at LastPass to responsible AI innovation is why they’re a leader in consumer trust. Users know that LastPass won’t compromise on delivering a great experience and won’t compromise on their values. For that reason, LastPass was recognized as a nominee in the 2025 Data Privacy Hero Awards.

As our needs evolve, DataGrail grows and becomes more nuanced. We can customize whenever we want, but the defaults are a strong starting point and often all we need.”
Steve Irlbacher
Associate General Counsel and Data Protection Officer
Download spotlight PDF
Contact Us image

Let’s get started

Ready to level up your privacy program?

We're here to help.

Talk to an expert
Other Case Studies
Studs
Sportsman’s Warehouse
Poppulo
Okta
nCino
Life360
Labster
GoFundMe
Drata