Part I of this blog post series introduced the 2019 Privacy Tech Adoption Report, benchmarking how privacy tech is bought and deployed.
This blog post will illustrate the differences between the IT office and the privacy office when it comes to privacy tech preferences. Businesses can use this information in two ways: first, to compare their purchasing decisions amongst peers; second, to identify stakeholders across business units as privacy tech evaluation begins.
Privacy Tech Decision Making
The heat map below depicts the percentage of respondents that selected a particular team as the primary decision maker for each technology tested in the survey. Not surprisingly, the Privacy/Data Protection teams are most frequently involved in decision making for privacy-specific product categories such as privacy program assessment and management. What is most interesting about this heat map is the spread of light green across IT, InfoSec, Legal, Compliance, and Privacy/Data Protection teams. This indicates that several business units are stakeholders of privacy.
Privacy Tech Budget Sources
In contrast to the teams involved in making decisions on privacy technology acquisition, the budgets used to purchase these tools are almost exclusively tied to IT, InfoSec, and Privacy/Data Protection. IT and InfoSec have a reputation for large budgets, and more recently are concerning themselves with privacy by design, which may play a role in sourcing these teams to secure budget for privacy technology. The heatmap below illustrates the concentration of teams contributing to budgets for privacy technology.
Privacy Tech Usage
What is perhaps the most interesting part are the findings related to usage of the tools. While IT, InfoSec, Legal, Compliance, and Privacy/Data Protection teams are decision makers (to some degree), the usage of certain product categories is heavily found within Privacy/Data Protection team. The heatmap below depicts the spread of use across all business units tested in the survey.
Leverage these findings for your business by following the tips below.
- Gather the right stakeholders for the product categories which you’re most interested in. The first heatmap above can aid you in identifying who should be engaged for specific product categories.
- Budget is the biggest barrier for privacy tech adoption. Create partnerships with IT, InfoSec, and Privacy/Data Protection teams. If needed, get creative with leveraging other teams such as Marketing.
- Consider allowing the Privacy/Data Protection team to drive the privacy technology initiative, as they will have the best understanding of how to make the most of privacy technology tools.
Part III Coming Soon
In Part III of this series, we will discuss the top three fastest growing privacy tech tools, and how you can gain influencing power over product acquisition.
Learn more about how your peers are buying and deploying privacy technology by downloading the report.
New Name – New Look – Continued Commitment to Privacy Compliance Innovation
Today we changed our name to TrustArc. Our new name reflects our evolution from a privacy certification company into a global provider of technology powered privacy compliance and risk management solutions.
The name change also coincides with our 20th anniversary of delivering innovative privacy solutions.
The TrustArc brand will be used for all corporate communications as well as our technology platform and consulting services. The TRUSTe brand will continue to be used for our certification offerings, including the certification seal. While most of the changes have already been implemented on our website and collateral, some items will be transitioned over the next few weeks.
The TRUSTe name dates back to 1997 when we were founded to provide certifications to help businesses assure users they could share their data online by demonstrating adherence to a high standard for privacy management. The TRUSTe name became synonymous with our certification services and the iconic green privacy seal displayed on thousands of websites worldwide.
While certifications remain an important component of many company’s privacy programs, managing privacy compliance and risk has become increasingly complex due to new regulations such as the GDPR, cyber security concerns, and increased volumes of personal data collection. Businesses need a wide range of technologies and consulting services to help them design, implement, manage and demonstrate their enterprise privacy programs.
To meet these evolving market requirements, we launched the first module of our Data Privacy Management Platform in 2011 to address advertising privacy compliance. Our technology platform has been continuously expanded and now includes data inventory and mapping, risk assessment, website monitoring, consent management, and dispute resolution capabilities.
The platform now generates the largest percentage of our revenue and is used to power TRUSTe certifications and our rapidly growing consulting and managed service business.
The TrustArc name reinforces our deep privacy expertise developed over the past two decades along with our ongoing expansion into new technology powered solutions.
“Trust” reflects our strong history as an innovator and leader in the privacy market, and the value businesses place on ensuring they can build trust with their customers and partners.
“Arc” conveys the broader set of solutions we now offer and our ongoing commitment to continuously expand our technology platform and services to meet the future needs of our clients.
The TrustArc symbol, inspired by the strength and intelligence of dolphins, reflects the continued evolution of the privacy industry along with the continued changes that both our clients and TrustArc will need to make to address new challenges as they arise.
|Intelligence – The dolphin’s brain is the most powerful and complex in animals, second only to humans
||Our solutions are powered by robust technology and regulatory intelligence derived from two decades of experience.
|Collaboration – Dolphins are highly social and usually travel together in pods
||Strong partnerships with clients and other solutions providers help us address the needs of organizations of all sizes, across all industries.
|Agility – With bodies shaped like torpedoes, dolphins can maneuver through the water at rapid speeds of over 20 mph
||Our depth of expertise and agile development approach enables us to rapidly respond to ongoing changes in the global privacy market.
|Protection – Sailors have long believed that dolphins are a good omen and protectors of those in need
||For two decades, we have provided a range of solutions that enable organizations to demonstrate how they protect privacy.
|Inner Strength – Dolphins are fearless in the wild, and if threatened by sharks or orcas, do not hesitate to fight rather than flee
||We have been the privacy solutions market leader for 20 years, and do not hesitate to swiftly adapt to changing market needs.
TrustArc offers an unmatched combination of solutions backed by over 150 employees dedicated to privacy, a comprehensive purpose-built technology platform used by over 1,000 clients, and a proven methodology honed through thousands of customer engagements over the past 20 years.
In addition to continuously expanding our technology platform and services to meet our clients needs, we are opening our platform to integrate with other key business systems as well as making our platform available for partners across the privacy ecosystem to use to deliver their services.
The spirit of innovation that has inspired TRUSTe for the past 20 years will continue to guide TrustArc into the future. It’s why more than 1,000 clients worldwide rely on us to minimize risk and help fuel new business initiatives.
For more information on TrustArc, visit www.trustarc.com
15 December 2016
By Hilary Wandall
General Counsel & Chief Data Governance Officer, TRUSTe
Yesterday, I shared the first lesson I’ve learned “Be a counselor” over the past 15 years while seeking to navigate the ever-changing privacy terrain in order to help business teams manage data responsibly and effectively. The second lesson I learned first caught me by surprise and then over time convinced me that the methods the business teams I was counseling were seeking to solve their business challenges were in fact the potential answer to a problem I encountered six years into serving as a privacy leader. Before I share my tips on building sustainable solutions, I thought sharing my personal story on how I learned this lesson could provide some helpful context.
I was fortunate to learn how to be a privacy leader from an amazing leader, lawyer, counselor, philosopher and friend. He had the vision and the courage of his convictions to lead us to develop a global privacy and protection policy that would set a baseline standard for governance and protection of data across our business globally. Over two years, he persuaded all areas of the organization on the business value of the approach. Over the next thirteen years, only the proliferation of breach notification laws and a mega-merger would necessitate a few substantive changes to that policy.
The surprise to me was the sustainability of the policy given the frequency with which new privacy laws continued to be enacted. Regardless of how often the laws continued to change, the policy always provided the basis for complying with the substantial majority of any new legal and regulatory requirements. The best evidence of that policy’s sustainability, as evidenced by its ability to address even the latest developments in global privacy standards, is that earlier this year, it ultimately became the basis for the first EU approval of a company’s binding corporate rules (BCRs) that were based on a program previously certified by TRUSTe as compliant with the APEC Cross-Border Privacy Rules (CBPR) system.
While we were able to develop a sustainable policy all of those year ago, we were less fortunate in dealing with the rapidly growing number of initiatives that moved from paper to automation to cloud computing to data analytics. Six years into running a global privacy program primarily off of email, documents and sheets, we made our first attempt at using technology to automating some of our workflows. After piloting a number of approaches over the next five years, we concluded that the only way to really serve the business efficiently and effectively over time was to build an integrated privacy management platform that would allow us and business teams to readily determine the risks of a particular technology or business process at any point in its lifecycle. Put simply – build sustainable solutions. Here are some tips to help you develop your own approach.
2. Build sustainable solutions. Not all organizations are ready to put robust, sustainable solutions in place. Some are only resourced to handle obligations on an initial ad hoc basis. Others are beginning to move up the maturity curve toward repeatable, defined, managed and optimized.
a. Business is not static. Regardless of an organization’s privacy and data governance program maturity, most organizations have data and technology needs that continue to evolve as business needs change and technology improves.
b. Privacy regulation is unlike any other regulatory area. Because data about people can be generated in some many different forms and contexts – from where we go, to what we eat, to how we feel, what we spend and whether we sleep – privacy and data protection requirements can be enforced by many different types of regulators, and in some cases, by private parties as well. In this complex regulatory environment, the privacy leader, as well as others in the business, legal and compliance, need to be able to demonstrate accountability and compliance upon request at any point in time.
c. Good governance and technology solutions. Good governance, clearly documented roles and responsibilities are critical not only to putting a program in place, but also to enabling it to be implemented effectively and to mature over time. Technology solutions support these goals as well. Other business functions that rely on data, such as finance and human resources, have recognized the importance of investments in workflow automation, cloud computing and data analytics. Privacy and data governance programs can be made sustainable through technology solutions that facilitate creating data processing inventory, evaluating of associated risks, documenting mitigating controls, identifying changes, managing potential incidents and demonstrating what is in place and its effectiveness. While this can be a substantial undertaking, investment in modular solutions in ways that are tailored to an individual company’s culture and maturity can enable an organization to manage privacy much more effectively so that the privacy leader can focus on tackling new and emerging issues.
In summary, sustainable solutions such as good governance and technology position the privacy leader well for helping the organization to maximize net data value – a concept we’ll explore further in my final post in this series.