Innovators in the Spotlight
Despite the pandemic, investment and innovation goes on as you can see if you read my previous article “Black Swan Day“. Innovation for CCPA compliance is made considerably easier for those companies who were already touting GDPR solutions in their RegTech portfolio. I took a swatch of 3 companies that are innovating in the data privacy space with different implementations of data analytics, machine learning and robotic process automation. I should point out, that I’m not here for product endorsement reasons and have merely researched various solutions that I found to be innovative.
Privitar is one such company which falls under the data analytics category. In early April 2020, they managed to secure a tidy $80 million in series C funding from Accel, Partech, IQ Capital, Salesforce Ventures and ABN AMRO Ventures. Needless to say they have been attracting a lot of household name clients like HSBC and Citi.
Privitar leverages the concept of data de-identification which separates PII such as SSN’s from a data set and stores it separately with only a unique identifier linking the two. Different technical techniques are cited on their page including Data Tokenization, Data Encryption, Data Generalization, Data Masking, Perturbation, Redaction and Substitution.
CEO Jason Du Preez described two of their products to TechCrunch back in 2017 which were Privitar Publisher, which “takes sensitive data and applies a privacy policy to create an anonymised copy which can safely be used for investigative analytics, machine learning, and sharing with trusted parties” by way of tokenization and encryption of identifying fields. The second product was Privitar Lens is a “privacy-preserving query interface for reporting and statistical analysis. Privitar Lens allows analysts to perform sophisticated analytical queries of the data (e.g. counts, sums, histograms), but prevents direct access to the underlying sensitive data,” which is also known as differential privacy. In short, the innovation here is the advanced big data analytics and algorithms at work to successfully de-identify and re-identify data which is really purpose built for CCPA and GDPR type regulations.
Another innovator in the field is Ascent RegTech and their RegulationAI solution which uses Machine Learning and Natural Language Processing to “ingest hundreds of regulations and rapidly determine which obligations apply to your business”. In other words, an automated way of creating an obligations register which identifies what an where in your organization falls under which regulation. It uses a “Change Regulation” engine to identify regulatory changes and provide customer with side by side (old vs new) rule changes.
Lastly Kofax and Lekab launched a joint venture to use RPA (or Robotic Process Automation) to automate many of the data privacy tasks such as fetch my data, A robotic routine to fetch all the data you have stored on them, and where that data is stored forget me, a routine to delete data held on customers on all internal systems check my compliance record, tells you who has access to the data in question, and show you what your status is in terms of data privacy compliance And create new customer data (customer onboarding for example) that is checked for compliance. These robotic routines could have significant time and cost saving potential, particularly for large organizations handling lots of personal data.
In Closing
CCPA, GDPR, New York Shield and other regulations are driving an age of automation in the RegTech space and it has to be said that the innovation is exciting in dealing with a less than exciting problem. CCPA will likely evolve over time, fines will increase and customers will want accountability as breaches continue to happen.
Regulated firms have more options than ever before for meeting the compliance burden with the advent of AI/ML but they also need human resources in place to identify the solutions, implement them and guide privacy programs through this complex space.
Read our related article 10 Steps to designing the right data protection program
Snapshot Trends in Intellectual Property Theft
Corporate espionage has seen a marked increase in sophistication and involvement by hired hackers and nation states on a global scale. In this article we discuss boardroom espionage methods, motivations and the law in the US and Europe.
Whose Selling Me Out?
In this article I take a look at data brokers and how they're selling out our data, how their doing it and what you can do to protect yourself.
Trends in GDPR in 9 Slides
Click/Touch to navigate through slides [web_stories_embed url="https://securitytrainingslides.com/web-stories/gdpr-trends" title="Trends in GDPR [...]
What is GDPR and the Data Protection Acts?
Whether your new to GDPR or you’ve been working with data privacy for awhile, it’s important to understand the basics of what it is and why it’s needed in the first place. The basic question for many people is, "what is GDPR?".