TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Tech | Tool seeks to help manage, distribute privacy policies Related reading: OneTrust valued at $1.3B after $200M in Series A funding




OneTrust Vice President of Products Blake Brannon said privacy policies face a problem of fragmentation. Privacy and legal teams have to draft up privacy policies for different products, divisions and subsidiaries within a company, Brannon explained, as well as different variations of a policy to reflect where customers live around the world.

It is a challenge Brannon hopes OneTrust can help remediate with the release of its Policy & Notice Management solution. The tool was created to give privacy professionals a resource to manage the creation and distribution of their organizations' privacy policies.

The solution allows users to upload their policies to OneTrust, and through the tool's dashboard, they can then set the parameters for the policy's requirements.

"You can take a policy and say you need to show it in five different languages and manage any version or deviations of that policy based on location," Brannon said. "For example, a [California Consumer Privacy Act] version of the policy versus a [EU General Data Protection Regulation] version of the policy."

After the policy has been finalized, the tool produces a segment of code. Rather than having to implement the code manually, Brannon said, the solution automatically updates the policy wherever it needs to be, either on a website or on a mobile application. The solution will display the proper notice based on the page a visitor lands on or whether it needs to display a privacy notice, a terms of use policy or a disclosure policy.

The tool ensures the correct document is installed to match the legal requirements for the visitor's country of residency, as well as translates it into their native language. Brannon said the solution recognizes more than 200 different languages. He added this includes different variations of English, meaning the spelling of certain words will change depending on if the viewer is from the U.S., U.K., Canada or Australia.

"If you are in the U.S. and you market your product and sell to buyers in both English and Spanish, your expectation is to provide those policies and terms in the same language that you are providing the offering in," Brannon said.

The dashboard can alert privacy professionals to policies that have not been updated over a period of time. Brannon said the dashboard uses what he cites as "callback technology" to notify privacy professionals of pages where visitors have not seen recently viewed a policy. Brannon notes this may help in instances where a privacy policy may have accidentally been removed from a webpage and can be key to avoiding any risk of noncompliance.

A web developer may unintentionally knick a privacy policy when a site is modified. Web developers have a different agenda than the privacy team, and Brannon believes those discrepancies can put certain elements of a webpage on the sidelines, such as, say, a privacy policy.

"Updating a policy might be priority one for the privacy person. It’s probably the lowest priority for the marketing web developer that is managing the website," Brannon said. "This creates a massive inefficiency in the process of finding a better way to manage these policies and get them updated when they need to be updated." 

Brannon said OneTrust has released the offering at a time where more emphasis has been put on the policies than ever before. Previously, privacy policies were not a high priority for any department, but with the GDPR and CCPA, that has obviously changed. Brannon feels this lack of attention is a reason why a similar solution has not appeared on the market to date. Another reason is that the technology was simply not there yet.

"The amount of technology that exists today that can help you with your privacy challenges is exponentially higher than what it was five years ago," Brannon said.

In its current iteration, the tool only handles privacy notices, but Brannon envisions it could be used to not only upload legal documents, but also to display logos of an organization's ISO or SOC or certification. He believes the solution can help convey a company's credentials to its users in order to build a stronger relationship.

"Our vision for how this all unfolds started at policies, but it’s about building an overall trust center," Brannon said. "It's about how do I build a trust center on my site to showcase my policy, my certifications, my security clearances, how we respect data and how do we do training and awareness. All of these things show the market your overall governance and trust and respect for the data that you are getting from your users. This is an area we see this product going in the near future to expand far beyond text-based policy."

Image courtesy of OneTrust

Credits: 1

Submit for CPEs


If you want to comment on this post, you need to login.