Posted on by ivanfanta

Is Privacy Automation Here to Help?

Is Privacy Automation Here to Help?
Samuel Omosuyi | October 14, 2022

Data privacy has recently emerged to be a well known buzzword. It could mean different things to different people, but with respect to the content of this blog, data privacy includes data collection, data storage, data sharing, and compliance of any applicable laws such as GDPR, GLBA, HIPAA, or CCPA, among others. Although the privacy laws and restrictions are geared towards the proper handling of data, consumer sentiments about privacy are typically about expectations at the individual level. This means users or what we could call “data subjects” will have different privacy preferences and companies are expected to protect such preferences. So how does one company protect the numerous combinations of preferences that might exist across its user base while complying to multiple privacy laws and restrictions across different countries and sometimes individual cities/states? Privacy Automation.

[4]
So what is privacy automation? Another privacy law? Luckily for us – No. Privacy automation is “the process of automating the handling of data, notice, consent, and regulatory obligations” [1]. Privacy automation is important to really help navigate and automate the different best practices outlined by the numerous laws with the goal of limiting the risk of noncompliance that could result if done manually. “Compared to data privacy automation, the problem with manual compliance of these laws is that the practical implications are incredibly complex”[1]. Data scientists, technology professionals and managers feel that absolute compliance is still a doubt.

From a “data subject” perspective, it is easy to see how most people are confused about what rights they have and how it applies to the product they are using. Fortunately, there is a privacy law that makes it mandatory to inform “data subjects” what privacy law applies to their product. However, we have a long way to go to make these privacy disclosures easily understandable by an everyday “data subject” without a law degree. “​​With a flurry of data regulation legislation either passing or coming into the mainstream conversation over the past year, 2021 will also go down as a watershed for data governance and the Internet as we know it. As of now, countries both big and small from every inhabited continent on the planet have turned to data regulations to both protect their citizens’ data and to catch up with the evolution of the internet, trying to morph the sphere into a more manageable entity” [2]

 

“With so many countries passing their own data protection legislation, many of which are embracing data localization, which requires sensitive data to remain within the country of origin and essentially shuts down cross-border data transfers, onlookers are worried that the internet will soon look more like a jigsaw puzzle than a single canvass, with each country segmented in its own bubble” [2]

Given all the intricacies that companies need to navigate around “data subject” data and multiple privacy laws, new companies have emerged to facilitate adherence to privacy laws through data privacy automation. These data privacy automation companies such as Immuta, BigID, and OneTrust among others offer solutions around ensuring compliance, ease of policy enforcement, and policy centralization. With “Sixty-eight percent of US organizations are expected to spend between US$1 million and US$10 million to meet GDPR requirements, and 9 percent of US organizations will spend more than US$10 million” [3], there is a huge focus to implement solutions that could scale and are deemed effective.

So what’s the measure of success for privacy automation? Will it help or is this another technology fad with maily profit in mind without actually solving the problem? Short answer – Only time will tell :). If deemed successful, we should see more and more companies being more comfortable disclosing the full extent of their privacy adherence, easier ways for companies, data scientists, technology professionals to develop solutions with privacy built in, comprehensive audit trails on data sharing, and finally “data subjects” having visibility and the comfort that their privacy preferences are being enforced.

Reference:

  1. Hamzah Shaikh (March 31, 2021). What is Data Privacy Automation and Why Is It So Important? Retrieved October 10, 2022, from https://martechlive.com/data-privacy-automation-and-importance/#:~:text=The%20process%20of%20automating%20the,rights%20of%20consumers%20and%20businesses.
  2. InCountry Staff (December 14, 2021), The 2021 Data Regulation Recap. Retrieved October 10, 2022, from https://incountry.com/blog/the-2021-data-regulation-recap/
  3. Ulf Mattsson (May 13, 2020). Practical Data Security and Privacy for GDPR and CCPA. Retrieved October 10, 2022, from  https://www.isaca.org/resources/isaca-journal/issues/2020/volume-3/practical-data-security-and-privacy-for-gdpr-and-ccpa
  4. Chris Bluvshtein (September 26, 2022). The 20 Most Difficult to Read Privacy Policies on the Internet? Retrieved October 12, 2022 from https://vpnoverview.com/research/most-difficult-to-read-privacy-policies/