close
Case study

eCommerce Giant Brings Home Automated Privacy Management for 10X ROI

Overstock.com is a leading online retailer and technology company. Amidst a changing regulatory landscape, their privacy team partnered with DataGrail to automate and scale a customer-first privacy program.
Introduction

With a vision of “dream homes for all,” Overstock is an online retailer and technology company that offers furniture, decor, rugs, bedding, and other home goods for millions of consumers.

As emerging comprehensive data privacy regulations gained momentum, the team knew that it was time to upgrade their program in favor of an automated, scalable approach to privacy that would reinforce customer trust.

logo
Founded: 1999
Industry: Online Retail
Location: Salt Lake City, UT
Size: 1600+ Employees
Privacy Team: 4 across Legal & IT
Highlights
  • Before DataGrail, Overstock.com’s privacy efforts relied on manual processes, spreadsheets, interviews, and costly engineering resources to fulfill data subject requests (DSRs). “Do not sell” requests (DNS) took up to three weeks to complete.
  • With DataGrail, Overstock.com achieved a 10x ROI by empowering a single IT Compliance manager to effortlessly manage the company’s privacy requests, in turn freeing up dozens of engineers to refocus on core strategic development.
  • With end-to-end automation of data subject requests, the team is now able to fulfill “do not sell” requests in minutes. In addition, the Overstock.com team leverages continuous data discovery across dozens of cloud and on-premises systems.
The Challenge

In 2019, Brandon Greenwood, CISO, VP Security & IT, and Heidi Asbrand, Privacy & IT Compliance Manager, foresaw that their existing privacy program wasn’t positioned to scale with emerging regulations.

With the CCPA taking effect in January 2020, they expected to see an increase in DSRs that were costly and inefficient, especially when it came to customers opting out of the sale of their data. They were relying on manual processes that required valuable engineering time to go into each and every database, find the pertinent data, and manually fulfill the request. Admins for third-party SaaS systems were also tapped to manually fulfill requests on their end. This whole process often took up to three weeks, which was frustrating for the internal teams, and not timely for customers.

They set out to find a solution that would enable the team to:

  • Effortlessly adapt their privacy program beyond the GDPR to include to emerging regulations like the CCPA
  • Provide a better, faster, centralized experience for customers exercising their data privacy rights
  • Eliminate “lost” data by understanding where personal data was flowing through business apps and infrastructure (without having to manually update spreadsheets)
  • Save time with end-to-end automation and by integrating key business apps and on-prem databases into customized privacy workflows
  • Remove valuable engineering resources as a bottleneck in fulfilling data requests
  • Manage all privacy requests from one place, automatically retrieving and updating data across all business systems, as well as maintaining full history and audit logs of requests.
We knew there had to be a better way to address privacy requests and prepare for future regulation. With DataGrail, we found our answer.”
customer headshot
Carter Lee
Chief Administrative Officer
The Solution

The Overstock.com team implemented DataGrail’s Request Manager for automated DSRs, including Do Not Sell requests. The team is now confident that data won’t get lost or overlooked in the request fulfillment process, which was not feasible before.

They have automated access requests with their systems of record, including their customer engagement platform, customer data platform, and cloud and on-prem data sources. Fulfillment of data subject requests is customized to meet the company’s security needs. Fulfilling DSRs is seamless— notifications and data extraction are fully automated, coupled with human oversight for sensitive actions such as data deletion.

The DataGrail team has been incredibly responsive when we have issues or suggest improvements. We have a true partnership with them. They understand how important it is to deliver a privacy experience that matches customer expectations of our brand.”
customer headshot
Brandon Greenwood
CISO, VP Security & IT
The Results

The team has been thrilled with the results of implementing DataGrail’s data privacy platform. They’ve greatly reduced time and effort spent on data privacy compliance, and the team didn’t break a sweat when DSRs increased with CCPA taking effect in 2020.

Looking ahead, the team knows they will be ready for any emerging regulations, such as Virginia’s CDPA. As the team upgrades and migrates their database architecture, they’re confident that their privacy program will continue to be well supported through their DataGrail integration. The team also looks forward to leveraging improved analytics and more customized workflows, and deepening their partnership with DataGrail.

  • 10x ROI in the first year
  • 3 mins vs. 3 weeks time to fulfill DNS request
  • 2+ hours saved per DSR
Now with DataGrail, I can manage privacy from a single dashboard. The automation and smooth admin experience have turned hours into minutes. It’s made my job easier, given our engineers more consistency, and ultimately provided our customers a quicker response to their privacy requests.”
Heidi Asbrand
Privacy & IT Compliance Manager

Find out how DataGrail can
work for your business

Request a Demo Download Case Study PDF