Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
As regulatory complexity increases on all sides following the introduction of the California Consumer Privacy Act (CCPA) back in 2018, more and more organizations are struggling to keep up with the demands of regulators.
Decision-makers not only need to be able to discover sensitive data assets — they also need to classify them and implement an appropriate level of access controls.
Providers like Privya, a data privacy code scanning platform that just emerged from stealth, leverage AI to conduct automated privacy assessments, analyze legacy code and identify exposed personally identifiable information (PII).
Using AI in this manner allows security teams to increase transparency over company assets and reduce the chance of non-compliance with data protection regulations like the CCPA and the Global Data Protection Regulation (GDPR).
Identifying data to defend
The announcement comes as more and more organizations are struggling to keep up with the demands of regulators. Nowhere is this more clearly highlighted than in the case of Facebook, which this year received a fine of $18.6 million for non-compliance with the GDPR for breaches that occurred in 2018.
Research also indicates that 89% of organizations are non-compliant with the CCPA.
Compliance remains a challenge not because organizations don’t make the effort to prepare for auditing, but because modern enterprises are managing so much data that it’s difficult to identify and classify.
“There is a huge gap between the data protection officer, chief product officer and the engineering department. They have different interests, different concerns and use different terminology,” said Uzy Hadad cofounder and CEO of Privya.
“FAANG companies have large privacy engineering teams, strong policies and home-grown technology to help them do data privacy, plus richness of privacy architects and privacy teams in-house to translate the legal requirements into a ticketing system and technical requirements which engineering can understand,” Hadad said. “And even they sometimes get privacy wrong and incur huge fines.”
Enterprises need to have the capability to analyze what types of data are being collected during coding, how it’s being used, and crucially, how it is stored and sent to third-party service providers.
Unfortunately, Hadad notes that most companies lack these capabilities because it is incredibly difficult to find privacy architects.
The data protection and privacy market
Privya sits within the global data privacy software market, which researchers valued at $1.68 billion in 2021 and anticipate will reach $25.85 billion by 2029 as more organizations aim to manage their compliance postures.
OneTrust offers a data governance solution that uses AI to discover and classify personal and non-personal data to enable users to identify it in real time while letting them see whether their data sharing activity is compliant with existing regulations.
The TrustArc Privacy Management Platform to measure risks to data, with an assessment manager, planner and benchmarks, risk profile, and dashboard view of their compliance status.
However, Hadad says that Privya’s shift left approach is what separates it from competing solutions.
“Privya shifts privacy left, so it’s integrated with the development life cycle, which reduces the cost to fix issues. Other solutions spot privacy issues in production once they’re already live,” Hadad said.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.