Innovators in the Spotlight
Despite the pandemic, investment and innovation goes on as you can see if you read my previous article “Black Swan Day“. Innovation for CCPA compliance is made considerably easier for those companies who were already touting GDPR solutions in their RegTech portfolio. I took a swatch of 3 companies that are innovating in the data privacy space with different implementations of data analytics, machine learning and robotic process automation. I should point out, that I’m not here for product endorsement reasons and have merely researched various solutions that I found to be innovative.
Privitar is one such company which falls under the data analytics category. In early April 2020, they managed to secure a tidy $80 million in series C funding from Accel, Partech, IQ Capital, Salesforce Ventures and ABN AMRO Ventures. Needless to say they have been attracting a lot of household name clients like HSBC and Citi.
Privitar leverages the concept of data de-identification which separates PII such as SSN’s from a data set and stores it separately with only a unique identifier linking the two. Different technical techniques are cited on their page including Data Tokenization, Data Encryption, Data Generalization, Data Masking, Perturbation, Redaction and Substitution.
CEO Jason Du Preez described two of their products to TechCrunch back in 2017 which were Privitar Publisher, which “takes sensitive data and applies a privacy policy to create an anonymised copy which can safely be used for investigative analytics, machine learning, and sharing with trusted parties” by way of tokenization and encryption of identifying fields. The second product was Privitar Lens is a “privacy-preserving query interface for reporting and statistical analysis. Privitar Lens allows analysts to perform sophisticated analytical queries of the data (e.g. counts, sums, histograms), but prevents direct access to the underlying sensitive data,” which is also known as differential privacy. In short, the innovation here is the advanced big data analytics and algorithms at work to successfully de-identify and re-identify data which is really purpose built for CCPA and GDPR type regulations.
Another innovator in the field is Ascent RegTech and their RegulationAI solution which uses Machine Learning and Natural Language Processing to “ingest hundreds of regulations and rapidly determine which obligations apply to your business”. In other words, an automated way of creating an obligations register which identifies what an where in your organization falls under which regulation. It uses a “Change Regulation” engine to identify regulatory changes and provide customer with side by side (old vs new) rule changes.
Lastly Kofax and Lekab launched a joint venture to use RPA (or Robotic Process Automation) to automate many of the data privacy tasks such as fetch my data, A robotic routine to fetch all the data you have stored on them, and where that data is stored forget me, a routine to delete data held on customers on all internal systems check my compliance record, tells you who has access to the data in question, and show you what your status is in terms of data privacy compliance And create new customer data (customer onboarding for example) that is checked for compliance. These robotic routines could have significant time and cost saving potential, particularly for large organizations handling lots of personal data.
In Closing
CCPA, GDPR, New York Shield and other regulations are driving an age of automation in the RegTech space and it has to be said that the innovation is exciting in dealing with a less than exciting problem. CCPA will likely evolve over time, fines will increase and customers will want accountability as breaches continue to happen.
Regulated firms have more options than ever before for meeting the compliance burden with the advent of AI/ML but they also need human resources in place to identify the solutions, implement them and guide privacy programs through this complex space.
Read our related article 10 Steps to designing the right data protection program
How to achieve privacy by design with some examples
GDPR and US privacy law requires that businesses implement privacy by design in their environment, but what does that mean and what are some examples?
Electronic Health Records – What are they and how to protect them
Last year 46 million medical records were stolen in the US in over 500 recorded incidents. In this article we look at what they are, what the regulations are and how to protect them,
What are the Key Qualities of a Good Data Protection Officer!
What are the key qualities of a good data protection officer and what to look for in the hiring process, read our tips here.
What Data Privacy Changes to Expect in 2023
What data privacy changes to expect in 2023. We examine some important changes in legal and technical due to come into effect.