Whatever the industry, privacy professionals have always had to fight for their place at the table when it comes time to launch a new product.
However, more often than not, privacy has been rendered into an afterthought throughout the design and engineering process, and privacy pros are primarily consulted only at the last minute before a launch, instead of designing a product’s privacy features at each stage of development.
TerraTrue, a privacy-by-design vendor based in San Francisco, believes the first-of-its-kind pre-deployment privacy platform is just the solution enterprises of all sizes can utilize to meet privacy regulation compliance needs without stymying product development.
“If you think about the world of products and all the data they collect, you can divide the privacy issues into two buckets: pre-deployment of products and post-deployment,” said TerraTrue co-founder and Chief Operating Officer Chris Handman. “On the post-deployment side of the ledger, there are the cookie consents, there (are) data subject requests, and a lot of the privacy market after the EU (General Data Protection Regulation), initially all crowded around serving the market for those post-deployment needs. We saw the market ignore all the significant privacy issues that take place before you ever ship your products (and) before you ever start collecting that data.”
While the movement of privacy “shifting left” in product development isn’t exactly a new concept, officials at TerraTrue are confident their pre-deployment privacy platform is a comprehensive product that allows companies to scale their privacy-by-design operations with a user-friendly interface. The platform is available for trial and has already been adopted by major technology companies, such as Lyft, Robinhood and Roku.
“Increasingly, as the world's privacy laws become more complex and more fragmented, and as companies are looking to collect more data that create more risks under a variety of different rules, companies need a platform that can scale robust privacy programs that still empower teams to ship products faster and faster,” Handman said. “We recognized that there was this divide, basically, between the product world and the review world and privacy.”
The platform, which is customizable, works through collaboration among all the team members associated with a given product’s launch. For whatever the product engineers aim to build, TerraTrue will identify certain privacy risks associated with developing that aspect of the product and alert the privacy engineers, so potential compliance issues are identified from the jump, instead of last minute.
The privacy review is then separated into two workflows. The first identifies what specific types of data will be collected, how it is stored and used. The second workflow offers the entire product development team recommendations on how best to comply with the specified regulations.
“We see TerraTrue itself as being a single source of truth for all of your privacy-by-design or security-by-design work,” TerraTrue Head of Privacy Anthony Prestia said. “We want to be part of that development lifecycle, but not really disrupt folks from the work they're doing. We've tried to make it as easy as possible to have that kind of bi-directional communication with the types of tools other parts of the business are already using.”
Handman said TerraTrue’s platform was built after his experiences at Snap. In 2014, the company was forced to settle claims with the U.S. Federal Trade Commission that it deceived users over what types of data it retained, misleading them into thinking images sent on Snapchat would disappear and the security measures taken to protect user data.
Had a more rigorous privacy-by-design regime been in place at Snap at the time, Handman said, it would have saved the company a major public relations crisis and regulatory headache after the fact.
“That experience (at Snap) taught us about the importance of bringing privacy front-and-center, weaving it into the fabric of the development lifecycle, and how important that is to ensure trust, building scale and developing a privacy program that actually can give teams more flexibility,” Handman said. “A lot of those early learnings we had at Snap we were able to then expand on. And now that we have the ability to build an entire company, and the expertise to develop that platform, we absolutely did leverage all that experience to build something at TerraTrue that is bespoke and purpose-built for the way modern agile companies need to build privacy in this day and age.”
Photo by Dayne Topkin on Unsplash