With a major new privacy regulation on the horizon in Europe, and increased media and regulatory scrutiny of companies’ privacy practices around the world, the job of engendering consumer trust and maintaining privacy compliance is getting seemingly more difficult every day. Of course, employing privacy pros is the obvious first step in ensuring a robust internal privacy regime, but more and more, privacy pros are in need of tools to help them do their jobs.
Tracking data flows into and out of an organization – especially for a global business – is no small task. Or, think about the consent obligations under the forthcoming General Data Protection Regulation: Even the best team of privacy pros can only handle so much information and risk management using pens, paper, and the Microsoft Office suite.
Fortunately, startups and venture capitalists are also seeing this need for better privacy and information management tools. The pace at which we've been reporting on new companies landing funding to fuel their R&D and sales efforts has picked up noticeably this year. Enterprising young companies are working hard to find technological solutions to significant privacy management issues.
Often, we hear from companies when they've got product ready and are in full sales mode. Lately, however, I've had the opportunity to chat with companies who are right in the thick of building their tools and products. One top-line takeaway is that these companies are eager to speak with people in the trenches.
Enterprising young companies are working hard to find technological solutions to significant privacy management issues.
Last week, I chatted with Israeli-based startup Prifender. They're working to combine cyber forensics know-how with advanced data search to help privacy pros understand how their data assets are being used across the organization. “With forensics, you need to understand everything that has happened,” Prifender co-founder Nimrod Luria told me, over the phone. “We take that approach to help us understand the data flows.”
Luria also said Prifender’s technology will help organizations identify their data subjects and ensure an individual is that actual data subject. He also said data forensics can easily sift through unstructured data repositories to better find out how data is flowing across the organization, across geographical borders and locate all the necessary legal obligations that go with those data flows.
From my discussions with privacy pros, I know that's something companies currently struggle with.
ConsentCheq is another startup aiming to help privacy pros through technological solutions. Its platform, which is still in development, provides organizations with an easy-to-use consent management scheme for the upcoming GDPR. Dale Smith, a co-founder of ConsentCheq, and a longtime tech developer, told me that the GDPR actually mentions the word consent 72 times as he demonstrated some alpha versions of the solution here in the IAPP offices last week.
The platform provides enterprises with a dashboard to manage consent of users in multiple ways. It includes notice and consent buttons and a back-end solution that controls and compiles user consent. The tool can be used by chief privacy officers and privacy consultants to keep track of user data flows and provide reports on those flows for the purposes of auditing or reporting to data protection authorities. It also provides a portal for IT developers and a separate portal for data subjects interested in managing their own consent.
How are you privacy pros supposed to manage the new requirements for the right to be forgotten, for allowing consumers to revoke their consent, for correcting the information you hold about them, without some kind of technical solution?
Both Prifender and ConsentCheq are works in progress, but both clearly want the feedback from privacy pros to help zero in on providing technological solutions that will make the privacy pro's job more efficient and manageable.
“I make sure to surround myself with people steeped in privacy expertise,” Prifender’s Luria said.
He also noted how difficult it is to program systems for privacy. Mixing privacy law with computer language “is really hard,” Luria said. “Privacy is more subjective than the ones and zeros” in computer language. “But that’s what many companies are trying to do, and so far, no one has succeeded.”
ConsentCheq's Smith said its goal is to provide organizations with software that will help them implement the consent obligations of the GDPR. "We are technologists," he said. "We think we have something here that will really help manage all these consent requirements as things ramp up in the next 22 months."
True, figuring out how to comply with the GDPR will be a massive undertaking, not to mention other privacy regulations popping up around the world. Luckily, there looks to be a broadening technological tool belt to help with the many complexities that will surely arise.
If you're looking for better hammers to address the nails you're seeing all over your organization, now is the time to engage with these kinds of companies and help make sure they're building the solutions to your actual problems.
photo credit: Binary code via photopin(license)