Securiti.ai President and CEO Rehan Jalil looked at how organizations conducted their privacy compliance practices and saw areas that could use improvement. He saw solutions that only handled part of an entity’s compliance efforts and a lot of work privacy professionals had to conduct manually.

It is why Jalil and his company launched Privaci.ai, a platform designed to automate compliance tasks through the use of artificial intelligence and bots.

Privaci was created to tackle data subject access requests, collect consent, assess third-party vendors and assist organizations as they conduct privacy impact assessments.

To help bolster these efforts, Privaci recently announced it has obtained $31 million in Series A funding, which Jalil said will be used to continue to service its customers, as well as provide support to its team of 130 employees.

Jalil said the AI and bots that power the platform have been created to help privacy professionals discover information across their entire enterprise in order to fulfill whatever task needs to be done.

“You connect a bot to your systems through APIs. The bot, at that point, will do an intelligence scan. If you do the personal data discovery across different systems, it will extract that personal data and classify it to say what kind of data it is automatically,” Jalil said. “You don’t have to tell the bot. It knows. Then it will link it to the identity of the user and you can see a heat map of where this person’s data is sitting around the world and in different systems.”

As an example, Jalil cited how automation can help fulfill data subject access requests. Should an organization use Privaci for DSARs, Jalil said bots would collect the request, verify the data subject and gather all the relevant information. From there, it would invite all relevant stakeholders into the platform’s multi-channel team collaboration system.

Questions around the verification process for data subject access requests have been in the news of late after an Oxford Ph.D. student was able to obtain personal information through bogus inquiries. It is an issue the company has taken into consideration with the Privaci platform.

"When a person submits a DSAR request, identity can be verified using multiple methods. If the person has an account with the company, the system uses SSO or account email verification," Jalil said in an emailed statement to Privacy Tech. "If the person does not have a user account with the entity, a full cycle of identity proofing is exercised to verify the person."

The stakeholders would be anyone needed to review and approve the request. The collaboration space was created to ensure privacy professionals had one joint space to take on their roles rather than bouncing back and forth between less reliable means, Jalil explained.

“Look at all the tools out there. With DSARs for example, if you have to extract information from some systems, you have to send emails to people to get it approved and reviewed,” Jalil said. “Essentially, the collaboration is outside privacy ops, which means there is more personal information sprawl because the system is not contained.”

Once a request has been approved, the platform sends the request back in an encrypted form only the data subject can view.

As privacy professionals work within the Privaci platform, they can converse with the Auti chatbot, which Jalil cited as another way the platform automates compliance.

“Users can converse with Auti in natural language to find answers, such as finding a subject's personal data, understanding data risks across the company, finding the status of DSRs, understanding issues with” vendor assessments and understanding compliance statuses, Jalil said via email.

The company hopes the $31 million funding round it closed can help it continue its existing efforts. Jalil said his team is excited about its new financial resources, and he believes his company’s experience supporting large enterprises in the “very complex environment” of data security made Securiti attractive to investors.

Privacy tech vendors continue to receivemillions of dollars in funding and the influx in cash seems to have driven by demand. Organizations wish to stay on top of their compliance requirements and retain consumer trust. Jalil is no different, as he points to increased digitization as a key factor in the growing interest in privacy tech.

“Everything has become digitized. This is just the way things evolve. Now people want rights to their data and policies and regulators are listening to it. They are giving them those rights, and it’s the right thing to do,” Jalil said. “Companies also want to do the right thing by being good custodians of people’s data and giving them rights, which means new sophisticated technologies need to be built, and that’s why you are seeing so much attention.”

Jaili’s company is the latest to receive such attention, and he feels Privaci may be able to help organizations become the data custodians they need to be in order to handle today’s compliance environment.

Photo courtesy of Securiti