A confluence of comprehensive data protection regulations, massive data breaches, and corresponding consumer awareness of digital privacy issues means privacy is no longer a niche issue, bent on mere compliance. Obligations to design privacy into products and services from the beginning to stave off curious regulators, an outraged media, and untrusting consumers, means that companies are putting more stock in data protection.
At the same time, the nature of the modern digital economy means that companies big and small must navigate multinational jurisdictions, replete with differing privacy regulations, all the while working with a multitude of vendors, cloud providers, and other digital partnerships.
In other words, being a privacy pro is no cake walk.
Technology vendors, however, are jumping into the fold to help scale privacy programs, assess risk, locate personal information, demonstrate compliance, and educate staff. The are so many vendors jumping into the space that the IAPP has put together a Privacy Tech Vendor Report to help privacy pros locate privacy tech vendors and their solutions. There's a lot to choose from, and since privacy technology is a nascent industry, it might be difficult to tell whether a vendor is the real deal or not.
That's why one group of vendors are banding together to help privacy pros make informed decisions about the space. The Alliance of Global Privacy Solution Providers is a joint adventure from Evidon, MediaPro, Nymity, Prifender, and RADAR, all of which aim to help privacy pros understand when software tools are appropriate for compliance, how make effective business cases to senior management for such tools, and to think about other long-term privacy management goals beyond the GDPR.
"Alliance members understand the liability involved here," Richard Purcell explained in a wide-ranging phone conversation with Privacy Tech. "They're part of the solution. They don't consider their role as being just widgets that are plugged in. They provide solutions that integrate into business strategy and utilize business objectives such as meeting revenue targets, legal obligations, maintaining customer loyalty, and bolstering risk management."
Purcell is no stranger to the privacy profession. He's part of the original class of privacy leaders, long recognized in the field going back to the 1990s. He served as Microsoft's first chief privacy officer, working closely with Bill Gates, and worked on the Data Privacy and Integrity Advisory Committee to the Department of Homeland Security, among many other experiences.
Though Purcell traditionally works behind the scenes, tending to avoid the spotlight, he's serving as an advisor and public representative for the Alliance. His passion for the excellence provided by the vendors in the Alliance is apparent.
"The Alliance members are companies concentrating on how we integrate and weave the thread of data protection into materially substantive and strategic parts of the enterprise," he said. "Evidon does this through advertising. Radar has excellent solutions for containing and mitigating breach incidents. Prifender helps enterprises locate and understand their data. Nymity is there in force to provide enormous background and insight into the complex regulatory ecosystem. And MediaPro is there to help educate the workforce, developing the skills and values that are consistent with the goals of the business."
The suite of complimentary services provided by the Alliance can be a huge help for privacy pros, Purcell said: "They take what were previously analog services, and create a more automated, efficient delivery."
Purcell is philosophical about the rise of technology in recent decades and the need for technology to be part of the solution. "The technological world can develop all at once, but we're still humans," he said. "People don't change, stuff changes."
He used the solutions provided by Prifender as an example. "They are working with artificial intelligence and neural network engines to be smarter about the same things we've tried manually in the past. We used to do data mapping by drawing flow charts, decision trees, all of which were graphically complicated. And we used to print these out! But now as data governance grows more complicated, the old ways just don't scale."
For Purcell, integrating these solutions must be part of a larger strategic decision for the business as a whole. "There are strategies and there are tactics," he explained. "You can't just put a bunch of tactics in place; you have to have a strategy. What are your objectives? Where are you going? What does success look like?" Companies should think about these strategic goals and then use tactics to ensure the overall strategy is strong: bolstering customer loyalty, driving down the cost of information management, and so forth.
Purcell thinks of privacy and data protection as safe guards, not end states. "I can never give you perfect privacy and security - those are states of rest you will never achieve - but I can govern and safeguard resources in ways that minimizes the mishandling of data. We are process-driven people, not destination people," he said of privacy pros.
He said the Alliance is committed to helping the privacy profession understand the options that are out there for this process-driven need. He also said the Alliance plans to launch a number of activities as part of its GDPR Compliance Conference Series in the U.S. and EU, so stay tuned for these upcoming initiatives.