The Rise of Privacy Tech (TROPT) organization recently surveyed key players in privacy tech to bridge the gaps between tech, capital and expertise in finding technological solutions to privacy problems. The results are published in the newly release whitepaper, Defining the Privacy Tech Landscape 2021: The Rise of Privacy Tech – A Foundational Whitepaper to Help Fuel Privacy Innovation.
We were particularly interested in what B2B privacy tech buyers and consumers had to say about the privacy tech space: the privacy problems they’re trying to solve, and what they want from solutions.
This group put forward a list of areas where they need most help from privacy tech: data minimization, retention, vendor management, de-identification, accountability tools, and what’s called “shift left privacy” tools for developers. Does your organization also need support in these areas? (Go straight to our solution, Sudo Platform, or read on.)
Data minimization
Organizations increasingly need to adopt data minimization, which is both a privacy principle and held up in legislation (such as the GDPR) as a technique that helps organizations comply with the regulation. Data minimization means that organizations should not hold or further use data collected and processed unless it is essential for reasons that they clearly state in advance to support data privacy. The GDPR defines minimal data as data that is adequate, relevant and limited to what is necessary for the purposes for which it is processed.
Many organizations want automated data minimization tools that function at earlier stages in both the data and development lifecycles to help minimize privacy risks and to force them to only process relevant data. Another aspect of data minimization is cultural. The organization needs to be willing to make and maintain an inventory of the data they collect and process, how they use it and how long they keep it – and then be willing to challenge their status quo on every aspect of the inventory.
Data retention and disposition
End-of-life data retention and disposition can be a difficult privacy challenge to solve because holding onto data has become a default mindset for many organizations; it’s not a customer-facing function so tends to be given lower priority; it must be addressed under most data protection regulations; and shadow IT systems make retention and deletion technically difficult to solve. Shadow IT refers to IT systems that the organization doesn’t know about at the enterprise level, such as copies of data that live in other places in the organization that aren’t part of the known inventory.
Vendor and third party management
Organizations are seeking solutions in this area since regulators and the public are increasingly interested in how enterprises are sharing customer data with their vendors and other third parties.
DevPrivOps (or Shift Left privacy tools for developers)
Pleasingly, there’s a trend towards organizations wanting to solve privacy problems earlier on in the data lifecycle. TROPT calls this the “shift left privacy” trend and it’s extending to even before the start of the data lifecycle (before an organization begins to collect customer data) to the privacy product development stage.
TROPT found privacy tech buyers and consumers want to see how code and algorithms affect privacy and are hunting for code governance tools for their developers. The new goal here is to stop the privacy problems before they’re created.
How Sudo Platform solves these privacy concerns
Sudo Platform, our business toolkit of privacy enhancing technologies, is founded on Privacy by Design. We apply its 7 principles to designing, building and operating our products so our brand partners can move easily to a more data minimal culture. (Read How We Apply the 7 Principles of Privacy by Design.)
We designed Sudo Platform with data minimization and data retention and disposition in mind from the outset. Our consumer facing capabilities (platform, SDKs for safe browsing, VPN, password manager, etc.) preempt the potential issues privacy tech buyers and consumers described to TROPT. But not only do we provide these consumer privacy solutions, we’ve got the expertise to build them in a way that adheres to privacy principles from inception.
For vendor and third party management, the challenge for organizations is really about knowing where they put their data. We have business processes in place to take heavy scrutiny of our suppliers. And while Sudo Platform is not a general purpose DevPrivOps tool, for the specific privacy and cybersafety features we offer in Sudo Platform, by choosing our products and the benefits of our deep engineering, privacy and security experience, our brand partners are taking a shift left approach.
Finally, the TROPT whitepaper reveals that privacy tech buyers and consumers look for certain features when buying privacy tech tools: product effectiveness, automation, efficiency, budget, scalability, vendor trust, and ROI.
Sudo Platform is not a ubiquitous or general purpose data management toolkit, but we provide significant benefits. For our brand partners, using the existing capabilities in Sudo Platform delivers a time-to-market and ROI advantage over building the same capabilities themselves. They also gain from the efficiency of integrating with Sudo Platform once to pick up multiple services, rather than going to multiple vendors and going through a vendor evaluation, selection and integration time-after-time. The more Platform products our brand partners license, the greater the efficiency benefit.
We’re saying to the priv tech consumer market, Sudo Platform is a great choice from a budget, efficiency and ROI perspective. Learn more about it here.
Photo By Song_about_summer