Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
As regulatory complexity increases on all sides following the introduction of the California Consumer Privacy Act (CCPA) back in 2018, more and more organizations are struggling to keep up with the demands of regulators.
Today’s data decision makers not only need to be able to discover sensitive data assets, they also need to classify them, and implement an appropriate level of access controls.
In an attempt to support this effort, providers like Privya, which today emerged from stealth with $6 million in funding for a data privacy code scanning platform, leverage AI to conduct automated privacy assessments, analyze legacy code, and identify exposed Personally Identifiable Information (PII).
Using AI in this manner enables security teams that don’t have the expertise to identify and classify data in their environments to increase transparency over assets and reduce the chance of non-compliance with data protection regulations like the CCPA and the Global Data Protection Regulation (GDPR).
Identifying data to defend
The announcement comes as more and more organizations are struggling to keep up with the demands of regulators. Nowhere is this more clearly highlighted than in the case of Facebook, who this year received a fine of $18.6 million for non compliance with the GDPR for breaches that occurred in 2018.
More broadly, research also indicates that 89% of organizations are non-compliant with the CCPA.
Compliance remains a challenge not because organizations don’t make the effort to prepare for auditing, but because modern enterprises are managing so much data that it’s difficult to identify and classify.
“There is a huge gap between the Data Protection Officer /Chief Product Officer and the engineering department. They have different interests, different concerns and use different terminology,” said PHD, co-founder and CEO of Privya, Uzy Hadad.
“FAANG companies have large privacy engineering teams, strong policies and home-grown technology to help them do data privacy, plus richness of privacy architects and privacy teams in-house to translate the legal requirements into a ticketing system and technical requirements which engineering can understand. And even they sometimes get privacy wrong and incur huge fines!,” Hadad said.
Enterprises need to have the capability to analyze what types of data are being collected during coding, how it’s being used, and crucially, how its stored and sent to third party service providers.
Unfortunately, Hadad notes that most companies lack these capabilities, due to the fact it’s incredibly difficult to find privacy architects.
The data protection and privacy market
Privya sits within the global data privacy software market, which researchers valued at $1.68 billion in 2021 and anticipate will reach $25.85 billion by 2029 as more organizations aim to manage their compliance postures.
The provider is competing against a range of organizations including OneTrust, which raised a $210 million Series C extension last year and raised its total funds to $920 million.
OneTrust offers a data governance solution that uses AI to discover and classify personal and non-personal data to enable users to identify it in real-time, while letting them see whether their data sharing activity is compliant with existing regulations.
Another key competitor is Trustarc, which raised $70 million in funding as part of a Series D funding round in July 2019, bringing its total funding raised to over $100 million.
The TrustArc Privacy Management Platform to measure risks to data, with an assessment manager, planner and benchmarks, risk profile, and dashboard view of their compliance status.
However, Hadad says that Privya’s shift left approach is what separates it from competing solutions. “Privya shifts privacy left, so it’s integrated with the development life cycle which reduces cost to fix issues. Other solutions spot privacy issues in production once they’re already live.”