Cillian Kieran wants privacy to be at the “heart” of an organization's data processing activities, and thanks to a new round of funding, his startup is on its way to make it happen.
Kieran is the founder and CEO of Ethyca, a platform designed to assist organizations in their privacy compliance efforts by targeting their infrastructure.
Users can install lines of code into their existing tech stacks in order to implement Ethyca’s privacy features. The code helps automate various compliance activities that users can manage through an internal control panel.
Those compliance activities include mapping out data that flows through tech stacks, answering data subject access requests, managing consent, conducting data protection impact assessments, and determining who has access to information.
Kieran said Ethyca has an enterprise offering for larger organizations and a cloud solution designed for smaller organizations that may not operate all their solutions and infrastructure. Those organizations can sign up for an account on Ethyca’s website in order to connect any third-party applications they use.
Similar to other tech vendors in the market, Ethyca recently received an influx of cash as it announced it had raised $4.2 million in funding. Kieran said the startup plans to hire more privacy engineers and specialists with its new financial resources. He also echoed what others had said after their organizations were funded: Privacy tech vendors are getting money because the need for solutions grows as compliance requirements continue to mount.
Though the privacy tech market has expanded over the years, Kieran saw a gap he felt Ethyca could fill as entities in the U.S. and Europe race to shore up their compliance practices.
“There were compliance workflows and processes you can follow to try and achieve compliance, but there wasn’t an infrastructure component to technology to ensure that the system you were building was safe in the way that it managed data from the get go,” Kieran said. “We thought about building that ourselves.”
One part of putting privacy at the “heart” of processing and compliance activities is to lighten the load on businesses operationally, Kieran said. He added current solutions only tackle technical changes to compliance efforts and that organizational processes could stand to be improved.
“Impact assessment workflows are often conducted through a form that comes from engineers, the contents of the form are assessed by privacy stakeholders and managers, then there’s ongoing remediation if anything is identified,” Kieran said. “The process is quite labor intensive and often concerns a lot of friction in the development of software systems and increases the challenges for addressing privacy within an organization.”
Kieran believes Ethyca can make the workflow for maintaining privacy “cleaner” through its internal panel, which engineers and data scientists can consult to make any necessary changes and then allow its services to take it from there.
“When they want to do something new, such as extend a service or build a new piece of a product that might change a processing activity, instead of submitting a manual form for an impact assessment, they can submit code from their current coding environment and send it directly to Ethyca’s services,” Kieran said. “Ethyca evaluates it and generates a document that can be sent directly to a privacy appointed manager or a DPO within an organization to assess the risk to a business and see if it exceeds the organization’s threshold.”
While organizations may have different commercial priorities, Kieran said many handle data in jurisdictions covered by laws such as the EU General Data Protection Regulation and the upcoming California Consumer Privacy Act. Kieran said Ethyca was designed to help entities handle the requirements for those two major laws, as well as other bills that appear in the ever-shifting legislative landscape.
The stakes for compliance are high, as organizations do not only face financial penalties, but they also face losing the trust of their customers, Kieran notes. It is why he wants Ethyca to help bake privacy into the practices of its users. A monetary loss is notable, but damage to a company’s brand can also be detrimental in the long term.