Buying Privacy Software: The 10 Categories of Privacy Technology for Business

 
Privacy technology will play an increasingly important role in compliance with privacy regulations as companies adopt software to cope with the added burden resulting from more jurisdictions adopting privacy laws that give rights to consumers. Manual compliance processes simply won’t be able to keep up with the automated collection, processing and sharing of personal data. The difficulties of manual compliance will also grow as more consumers realize that they have these rights and take the time to exercise them.

Privacy software isn’t the only place where this transition from manual compliance to automated processes is playing out. The RegTech industry has been booming as companies are looking to automate aspects of their regulatory compliance with technology to save money and decrease the burden of regulations. RegTech has been widely associated with the financial industry given the heavy regulatory burden there around financial transactions, but the spread of privacy regulations and adoption of privacy tech makes clear that it is in no way limited to FinTech.

Privacy is still at an early phase in this life cycle, as a recent survey published by the International Association of Privacy Professionals indicated. Their survey of 328 privacy professionals during May 2018 found that of the ten categories of privacy tech, not one had more than 70% adoption by businesses and only two had been purchased and implemented by more than 50% of companies. The two categories with the highest adoption levels are both purchased by security teams as part of their efforts to defend data from external threats, which got a jump start on the overall category. California’s landmark data breach law, for example, will have been in effect for 17 years before the California Consumer Privacy Act goes into effect.

One of the helpful aspects of the survey is that it identifies what organizations are planning to purchase or have purchased but not implemented. Here are the 10 categories, an explanation of the type of software that falls within the category, and the percentage of responding organizations that are planning to buy or have just bought it:

Data Mapping and Flow – 33%

These tools aid privacy professionals and organizations in understanding how personal data moves through an organization and which, if any, third-parties receive it.

Personal Data Discovery – 33%

These scanners and spiders assist organizations with determining what data they possess. It replaces manual processes that can be time intensive and costly, as well as miss information or result in bad data.

Privacy Program Assessment / Management – 32%

This technology helps conduct data protection impact assessments, identify risk gaps and demonstrate compliance with privacy laws.

De-Identification/Pseudonymization – 28%

This technology helps organizations protect the privacy of the people involved in a data set while permitting retention in a manner that is still useful to them. De-identification and pseudonymization are important principles in data minimization and privacy by design. It may ultimately become an important tool for businesses that must comply with the California Consumer Privacy Act because they won’t have to delete the data after a request.

Consent Management Platforms – 24%

This software helps organizations collect and manage the consent of users. It typically provides businesses the ability to track the opt-in, opt-out and other preference requests of customers and potential customers. In order to respond to inquiries by government regulators and data protection authorities, it needs to be able to produce an audit trail.

Website Scanning / Cookie Management – 23%

This category of technology aids with cookie consent compliance by displaying cookie banners, tracking opt-in and opt-out consents, and scanning website to ensure that all cookies found are properly disclosed and set.

Incident Response Management – 20%

This technology is used following a data breach to provide information to the company suffering a breach about what was leaked and who must be notified about it.

Privacy Information Management – 19%

This category provides business and privacy professionals with information about privacy laws around the world.

Secure Enterprise Communications – 18%

This technology helps organizations communicate internally and maintain the non-public nature of the communication. It is designed to avoid leaks of employee communications. The sector ranges from software for encrypted business conversations to personal messaging apps. However, due to data privacy concerns, this technology will probably replace email in the future for communications with customers where sensitive personal information is being transmitted.

Network Activity Monitoring – 13%

This technology monitors internal or external access to personal data. It helps to determine who has access and when it is being accessed or processed. Network monitoring is often used by Information Technology professional to log and scan activity on its computer systems and infrastructure. Broadly, it may include intrusion protection and detection systems, firewalls, anti-virus systems and application monitoring.

How Does California Implicate these Numbers?

The survey was conducted before the California Consumer Privacy Act was passed and so it largely does not take into account the purchasing plans of organizations with respect to the California law. The categories that will probably benefit will be data mapping software, personal data discovery, de-identification and consent management.

Related Content

Buying Privacy Software: The 10 Categories of Privacy Technology for Business
Privacy Management Software Tools for Compliance with GDPR and CA
CCPA Privacy Consulting
Data Privacy as a Service
GDPR Compliance Software as a Service (SaaS) Tools
GDPR Consulting Services
History of Data Privacy in the US
History of the Right to be Forgotten