Innovators in the Spotlight
Despite the pandemic, investment and innovation goes on as you can see if you read my previous article “Black Swan Day“. Innovation for CCPA compliance is made considerably easier for those companies who were already touting GDPR solutions in their RegTech portfolio. I took a swatch of 3 companies that are innovating in the data privacy space with different implementations of data analytics, machine learning and robotic process automation. I should point out, that I’m not here for product endorsement reasons and have merely researched various solutions that I found to be innovative.
Privitar is one such company which falls under the data analytics category. In early April 2020, they managed to secure a tidy $80 million in series C funding from Accel, Partech, IQ Capital, Salesforce Ventures and ABN AMRO Ventures. Needless to say they have been attracting a lot of household name clients like HSBC and Citi.
Privitar leverages the concept of data de-identification which separates PII such as SSN’s from a data set and stores it separately with only a unique identifier linking the two. Different technical techniques are cited on their page including Data Tokenization, Data Encryption, Data Generalization, Data Masking, Perturbation, Redaction and Substitution.
CEO Jason Du Preez described two of their products to TechCrunch back in 2017 which were Privitar Publisher, which “takes sensitive data and applies a privacy policy to create an anonymised copy which can safely be used for investigative analytics, machine learning, and sharing with trusted parties” by way of tokenization and encryption of identifying fields. The second product was Privitar Lens is a “privacy-preserving query interface for reporting and statistical analysis. Privitar Lens allows analysts to perform sophisticated analytical queries of the data (e.g. counts, sums, histograms), but prevents direct access to the underlying sensitive data,” which is also known as differential privacy. In short, the innovation here is the advanced big data analytics and algorithms at work to successfully de-identify and re-identify data which is really purpose built for CCPA and GDPR type regulations.
Another innovator in the field is Ascent RegTech and their RegulationAI solution which uses Machine Learning and Natural Language Processing to “ingest hundreds of regulations and rapidly determine which obligations apply to your business”. In other words, an automated way of creating an obligations register which identifies what an where in your organization falls under which regulation. It uses a “Change Regulation” engine to identify regulatory changes and provide customer with side by side (old vs new) rule changes.
Lastly Kofax and Lekab launched a joint venture to use RPA (or Robotic Process Automation) to automate many of the data privacy tasks such as fetch my data, A robotic routine to fetch all the data you have stored on them, and where that data is stored forget me, a routine to delete data held on customers on all internal systems check my compliance record, tells you who has access to the data in question, and show you what your status is in terms of data privacy compliance And create new customer data (customer onboarding for example) that is checked for compliance. These robotic routines could have significant time and cost saving potential, particularly for large organizations handling lots of personal data.
In Closing
CCPA, GDPR, New York Shield and other regulations are driving an age of automation in the RegTech space and it has to be said that the innovation is exciting in dealing with a less than exciting problem. CCPA will likely evolve over time, fines will increase and customers will want accountability as breaches continue to happen.
Regulated firms have more options than ever before for meeting the compliance burden with the advent of AI/ML but they also need human resources in place to identify the solutions, implement them and guide privacy programs through this complex space.
Read our related article 10 Steps to designing the right data protection program
Cryptocurrency Security! How to Keep Your Digital Wallet Private
HIPAA covered entities saw an 85.71% month-over-month in reported breaches as of June this year which equates to about 1 million patient records a month.
HIPAA covered entities saw an 85.71% month-over-month in reported breaches as of June.
HIPAA covered entities saw an 85.71% month-over-month in reported breaches as of June this year which equates to about 1 million patient records a month.
The ICO Issues data protection guidance for AI, but do we now need an AI solution to implement it?
The ICO has released it's data protection guidelines for building and deploying AI systems. But given the manual burden of implementing some of the suggestions for a complex technology, shouldn't there be support tools from the ICO too?
GDPR | CCPA – 10 Steps to Designing the Right Data Protection Program
In this article I discuss ten steps to build a successful data protection program to comply with GDPR, CCPA and NY Data Shield Acts.