Innovators in the Spotlight
Despite the pandemic, investment and innovation goes on as you can see if you read my previous article “Black Swan Day“. Innovation for CCPA compliance is made considerably easier for those companies who were already touting GDPR solutions in their RegTech portfolio. I took a swatch of 3 companies that are innovating in the data privacy space with different implementations of data analytics, machine learning and robotic process automation. I should point out, that I’m not here for product endorsement reasons and have merely researched various solutions that I found to be innovative.
Privitar is one such company which falls under the data analytics category. In early April 2020, they managed to secure a tidy $80 million in series C funding from Accel, Partech, IQ Capital, Salesforce Ventures and ABN AMRO Ventures. Needless to say they have been attracting a lot of household name clients like HSBC and Citi.
Privitar leverages the concept of data de-identification which separates PII such as SSN’s from a data set and stores it separately with only a unique identifier linking the two. Different technical techniques are cited on their page including Data Tokenization, Data Encryption, Data Generalization, Data Masking, Perturbation, Redaction and Substitution.
Another innovator in the field is Ascent RegTech and their RegulationAI solution which uses Machine Learning and Natural Language Processing to “ingest hundreds of regulations and rapidly determine which obligations apply to your business”. In other words, an automated way of creating an obligations register which identifies what an where in your organization falls under which regulation. It uses a “Change Regulation” engine to identify regulatory changes and provide customer with side by side (old vs new) rule changes.
Lastly Kofax and Lekab launched a joint venture to use RPA (or Robotic Process Automation) to automate many of the data privacy tasks such as fetch my data, A robotic routine to fetch all the data you have stored on them, and where that data is stored forget me, a routine to delete data held on customers on all internal systems check my compliance record, tells you who has access to the data in question, and show you what your status is in terms of data privacy compliance And create new customer data (customer onboarding for example) that is checked for compliance. These robotic routines could have significant time and cost saving potential, particularly for large organizations handling lots of personal data.
CCPA, GDPR, New York Shield and other regulations are driving an age of automation in the RegTech space and it has to be said that the innovation is exciting in dealing with a less than exciting problem. CCPA will likely evolve over time, fines will increase and customers will want accountability as breaches continue to happen.
Regulated firms have more options than ever before for meeting the compliance burden with the advent of AI/ML but they also need human resources in place to identify the solutions, implement them and guide privacy programs through this complex space.