Innovators in the Spotlight
Despite the pandemic, investment and innovation goes on as you can see if you read my previous article “Black Swan Day“. Innovation for CCPA compliance is made considerably easier for those companies who were already touting GDPR solutions in their RegTech portfolio. I took a swatch of 3 companies that are innovating in the data privacy space with different implementations of data analytics, machine learning and robotic process automation. I should point out, that I’m not here for product endorsement reasons and have merely researched various solutions that I found to be innovative.
Privitar is one such company which falls under the data analytics category. In early April 2020, they managed to secure a tidy $80 million in series C funding from Accel, Partech, IQ Capital, Salesforce Ventures and ABN AMRO Ventures. Needless to say they have been attracting a lot of household name clients like HSBC and Citi.
Privitar leverages the concept of data de-identification which separates PII such as SSN’s from a data set and stores it separately with only a unique identifier linking the two. Different technical techniques are cited on their page including Data Tokenization, Data Encryption, Data Generalization, Data Masking, Perturbation, Redaction and Substitution.
CEO Jason Du Preez described two of their products to TechCrunch back in 2017 which were Privitar Publisher, which “takes sensitive data and applies a privacy policy to create an anonymised copy which can safely be used for investigative analytics, machine learning, and sharing with trusted parties” by way of tokenization and encryption of identifying fields. The second product was Privitar Lens is a “privacy-preserving query interface for reporting and statistical analysis. Privitar Lens allows analysts to perform sophisticated analytical queries of the data (e.g. counts, sums, histograms), but prevents direct access to the underlying sensitive data,” which is also known as differential privacy. In short, the innovation here is the advanced big data analytics and algorithms at work to successfully de-identify and re-identify data which is really purpose built for CCPA and GDPR type regulations.
Another innovator in the field is Ascent RegTech and their RegulationAI solution which uses Machine Learning and Natural Language Processing to “ingest hundreds of regulations and rapidly determine which obligations apply to your business”. In other words, an automated way of creating an obligations register which identifies what an where in your organization falls under which regulation. It uses a “Change Regulation” engine to identify regulatory changes and provide customer with side by side (old vs new) rule changes.
Lastly Kofax and Lekab launched a joint venture to use RPA (or Robotic Process Automation) to automate many of the data privacy tasks such as fetch my data, A robotic routine to fetch all the data you have stored on them, and where that data is stored forget me, a routine to delete data held on customers on all internal systems check my compliance record, tells you who has access to the data in question, and show you what your status is in terms of data privacy compliance And create new customer data (customer onboarding for example) that is checked for compliance. These robotic routines could have significant time and cost saving potential, particularly for large organizations handling lots of personal data.
In Closing
CCPA, GDPR, New York Shield and other regulations are driving an age of automation in the RegTech space and it has to be said that the innovation is exciting in dealing with a less than exciting problem. CCPA will likely evolve over time, fines will increase and customers will want accountability as breaches continue to happen.
Regulated firms have more options than ever before for meeting the compliance burden with the advent of AI/ML but they also need human resources in place to identify the solutions, implement them and guide privacy programs through this complex space.
Read our related article 10 Steps to designing the right data protection program
The changing face of AI powered analytics and it’s impact on privacy & hiring processes
AI powered analytics is used by 89% of HR depts to pre-screen candidates across the globe. But is emotion analytics and the risk of racial and gender bias make it fit for purpose.
Spotlight on Zoom as they settle their class action suit
Spotlight on Zoom as they settle their class action suit for $86m and join the list of data privacy scoflaws dipping in the advertising dollars cookie jar.
What is the Electronic Privacy Regulation
In this article I talk about the new electronic privacy regulation (ePR) which will replace the ePrivacy directive of 2002/09
How to Secure WordPress
In this article we cover how to secure your wordpress from hackers and spammers using a few simple tips and precautions.