Privacy management vendor Osano announced a USD25 million round of Series B funding led by Baird Capital Aug. 10.
Osano co-founder and CEO Arlo Gilbert said the company will utilize the capital infusion to expand multiple departments and invest in research and development, in part.
"At Osano's inception, we had a singular focus: revolutionizing data privacy and compliance while growing responsibly, and this raise is a testament to that focus," Gilbert said in a statement. "With this raise, we are doubling down in the space and ensuring that our vision and mission revolve around helping enterprises keep up with the constantly changing laws and regulations."
The new round of funding is at least the second notable investment in the privacy tech vendor space in the last month, which may be a welcome sign that investment in the tech space is potentially ramping back up. Earlier this year, TechCrunch reported venture capital firms were raising and investing "a lot less money than in recent years."
New management tools
Gilbert said Osano fancies itself as the "easy button" for data privacy compliance. The funding announcement comes on the heels of the recently released "Privacy Program Maturity Model" and data mapping tool, which can aid organizations develop their privacy program for wherever they may currently find themselves on the compliance spectrum. He said he expects approximately half of his customers to seek out the new offerings.
While many Fortune 100 companies have well-established data privacy programs in place, many small- and medium-sized enterprises are still piecemealing their privacy program management tools together, according to Gilbert, and his hope is the new products streamline that work onto a single platform.
"When you look further down the market at the midmarket, small businesses, even the smaller side of large enterprise, most of these companies do not have centralized privacy buying," Gilbert said in a recent interview with the IAPP. "It's rarely managed by a single entity."
When companies first build out their privacy management programs, newly hired or dedicated privacy teams will often seek cookie consent management solutions because they serve as visual evidence of the productivity of the privacy team to C-suite executives. However, Gilbert said data mapping can be just as critical as a starting point for privacy teams getting off the ground.
"All the companies that don’t start with cookie consent, they start with data mapping," Gilbert explained. "So, this an important release for use because it means that we now have two entry points for our platform."
Beyond informing customers where various pieces of personal data are stored, Gilbert said Osano's new data mapping tool offers more of a legend to identify what data sources, data storage operations and third-party applications are using personal data stored by a given customer.
Customers will be able to integrate the data mapping tool with Osano's existing rights management platform or vendor risk monitor tool.
"Our data mapping solution is all about figuring out what data sources, data stores and third-party vendors you are using that likely contain personal data," Gilbert said. "That then provides customers with a jumping off point to say, 'I found 1,000 applications. Now I need to go and connect each of these into Osano's system to automate our rights management process.'"
"Or, 'I've identified 1,000 vendors and then I auto-connected them into Osano's vendor risk monitor, and identified 50 companies that are being flagged as very high risk, as related to our privacy program,'" he continued.
The vendor risk monitor is powered by a proprietary database, in which a team of Osano attorneys reviewed scores of companies' compliance documents and answered questions about their takeaways from the respective companies' compliance policies. The tool applies a scoring algorithm to determine the level of risk each data input presents to the organization employing the solution.
"Data mapping brings in the list of vendors, that then kicks off a vendor risk analysis and also kicks off invitations to connect data stores," Gilbert said. "When you connect your data stores, you now have full end to end rights management that includes summaries, deletions, redactions, corrections. All of that begins getting fully automated because you've now discovered your vendors, connected your vendors, risk-rated your vendors and you've connected those vendors into workflows that will allow them to auto-populate the personal data records.”