The EU General Data Protection Regulation, California Consumer Privacy Act and other privacy laws around the world have a wide set of compliance requirements organizations are well familiar with nowadays. Those companies have to work within those laws to avoid enforcement penalties and may have invested in privacy technology to keep track of their obligations.
While adhering to privacy legislation continues to be vital, Sentinel Co-Founder and Vice President of Strategy Aaron Weller, CIPP/US, CIPM, CIPT, FIP, wanted to create a technology solution that helped organizations with privacy issues beyond what's found in legislative text and onto the ethical use of data and balance between responsible data use and innovation.
It is what Sentinel hopes it has achieved with its Ethos platform, which allows organizations to track their privacy requirements against legal obligations all around the world, in addition to contractual, ethical and strategic goals. Weller said the platform can offer a model of a privacy program by analyzing the entity's geographical locations and those of its customers, data use cases and information it has in its possession via automation.
"When you model your organization, what we typically recommend is that if you go and pick up a privacy notice from an external-facing website," Weller said. "You are going to find that it includes the data types and the use cases because that is required these days. We can very quickly model an organization, even a fairly complex one, by just taking their privacy notices across different websites and then adding all of these as business contexts. You've then quickly got a good model of what an organization looks like and how it uses privacy."
The platform identifies the applicable frameworks and requirements based on the criteria used to model the organization. Ethos then provides tasks to help companies meet those requirements and includes metrics to track organizational progress, which can be used to report up to senior leadership.
As a privacy law's implementation date approaches, organizations can use the platform's "what if" function to see how their obligations will shift and prepare for upcoming changes without affecting their current privacy operations. Companies can also use this feature to assess potential strategic moves, such as expanding operations in a new jurisdiction. Ethos also measures what Sentinel identified as the 12 components that make up a privacy program, including data subject rights, incident response, notice and collection, retention and deletion, and training and awareness.
These 12 components are stylized to look similar to the periodic table of elements. Weller said the periodic table-inspired design helps to keep the language and structure consistent throughout the platform, which can be helpful for anyone looking over the metrics who does not have in-depth privacy knowledge.
As part of its efforts to evolve the mentality around privacy past a focus on compliance, Sentinel established a method it calls the "Culture of Privacy," which centers on accelerating innovation while instilling a commitment to ethical data use within an organization.
Weller said privacy legislation stops organizations from using data in certain instances; however, ethical considerations do not usually factor into any type of decision making. He added there can be overlap between legal obligations and the ethical use of data. For example, privacy laws include sections on transparency, and while they may be legally required to be transparent with data use, Weller said companies can place an emphasis on it simply because it is the right thing to do.
"We are treating those ethical requirements the same way we are treating legal requirements," Weller said. "Just like how you can report out on how you are doing compliance wise, you can also report out on how you are doing in terms of customer trust and ethics. You have a really clear visible way to show your responsibility toward your consumers and toward the individuals whose data you hold, which can go a long way toward building consumer trust. It’s hard to measure ethics. It’s hard to show in any quantifiable way what you are doing in that regard. It’s important that the tool provides that for companies."
Sentinel Content Manager Emily Leach, CIPP/E, CIPP/US, said the platform can also help organizations with these commitments by allowing them to give consumers rights under privacy laws regardless of where they reside.
"A lot of companies are choosing to give CCPA rights to everyone in the U.S. or do GDPR globally," Leach said. "We are crafting a model so that just because you say you are not in Europe, it doesn’t mean you don’t have the option or the ability to choose some or all of those requirements that come out of the GDPR and incorporate them into your privacy program."
By focusing on trust and ethics, Sentinel hopes it can bridge the gap between companies' desire to innovate and respecting consumers' privacy. Sentinel Chief Technology Officer Chris Carter said organizations want to innovate and consumers are happy to reap the benefits, but consumers have also become more aware of data breaches and other infringements of their rights.
Carter said Sentinel believes it can help solve the issue of consumer trust by directly showing them the fruits of their innovation.
"We are not only deploying tools that can help organizations get their hands around exactly what’s going on, but also helping them understand how they can create a reversed viewpoint on what value looks like," Carter said. "Where they actually are executing strategies in how they build their products and how they go to market that are focused on the value they driving back to the consumer. That’s how you solve that consumer trust issue. You show commensurate value for the innovation that you are driving."
Image courtesy of Sentinel