Virtru Vice President of Product Management Robert McDonald said if you were to look at the privacy compliance landscape as it stands today, you would see that almost every organization collects, stores and uses consumer data.
While there are legacy compliance regimes, such as the Payment Card Industry Data Security Standard and the Health Insurance Portability and Accountability Act, that will continue to be in effect for the foreseeable future, McDonald believes the way organizations collect, protect and control the personally identifiable information will inevitably change.
It is one of the reasons why the vendor has released the Virtru Developer Hub, a solution designed to protect the personal information in a data owner’s possession by allowing them to implement lines of code into their custom applications in order to ensure any regulated data they hold is safe.
“For example, say you have mortgage lenders that have these data management portals where they are going to request data on behalf of their applicant or customers,” McDonald said. “They could integrate the hub into that data management portal so that, as the data is being uploaded, it is protected before it leaves the applicant’s computer.”
The developer hub allows data owners to adjust who has control over the information and for how long, as well as what data they can access, Virtru Co-Founder and Chief Technology Officer Will Ackerly said. The hub can track where information goes, how it was shared, and who has received the information. This allows entities to share information for collaborations where sensitive data is at play.
Organizations can also incorporate it into how they handle data subject access requests. Ackerly said one company uses the hubs exclusively to answer requests for immediate and persistent access to their personal information.
As the company dove into the creation of the hub, Virtru set its sights on application developers. While developers have plenty of options for encryption technology, McDonald believes those solutions have not always addressed data privacy, sharing and collaboration.
In order to address the gap, McDonald said organizations either rely on cloud platforms for basic data controls or turn to an independent vendor or try to build something themselves. The latter avenue, McDonald notes, leads to overly complex solutions that do not have the necessary privacy measures in place, “such as expressing who should have access, under what conditions, and over what timeline. There is no tracking or audit data.”
McDonald wants the developer kit to assist those developers who are tasked with not only creating applications, but also ensuring that whatever they make stays on top of an ever-changing regulatory environment.
“We felt like they needed a toolkit that was able to build around ease-of-use and the changing privacy landscape so that those developers and engineers who are building the future of these applications would have the tools they needed without having to go deep to the cryptographic weeds,” McDonald said.
As for who has looked at the developer hub so far, McDonald said Virtru has received interest from the government space and research initiatives. He pointed to researchers as a group who could benefit from the hub, as those projects often involve sensitive data and instances where data frequently changes hands.
The development hub may also help companies that wish to tout their data protection practices as a way to stand out from their competitors.
“I think we are seeing a lot of change for organizations building these market-facing consumer applications that are collecting data and monetizing it. Those organizations are looking to differentiate themselves,” McDonald said. “It indicates that you should differentiate yourself by giving the optionality for how that data is protected and managed.”
The legal landscape may twist and turn in the years ahead, and the team at Virtru acknowledge that the future may be challenging for everyone in the data ecosystem. Organizations may feel as though they have the best methods in place to address data concerns right now, but all it takes it one new law to completely change their plans.
McDonald feels confident that Virtru has taken the right first steps to help organizations address whatever global compliance requirements they ultimately may face.
“We focused on the developer hub on data ownership so you can draw a clear line of delineation for the data and who you are protecting it for,” McDonald said. “We will be evolving this to marry with the changes in the privacy landscape from a legal perspective, but we think that what we landed with, which is different than some of our competitors around data ownership, allows to have that longevity and adaptability for what will be many more legal changes to come.”
If you want to comment on this post, you need to login.