Thursday, December 5, 2019
Corporate Compliance Insights
  • Home
    • Home
  • About
    • About CCI
    • Writing for CCI
    • Advertise With Us
  • Articles
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
    • Home
  • About
    • About CCI
    • Writing for CCI
    • Advertise With Us
  • Articles
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

The Evolving Relationship Between Privacy Pros and IT

by Chris Babel
September 21, 2018
in Data Privacy, Featured
man holding tablet with padlock icon

Tech Solutions Emerging to Meet Increasing Regulation

Privacy and data protection have challenged organizations for decades, but with companies’ increasing reliance on data to drive business, the old, manual processes and ad hoc program management tools no longer cut the mustard. Chris Babel of TrustArc discusses the recent progress made in the adoption of automated tools.

Historically, most companies have addressed data protection and privacy compliance through a combination of legal and consulting services. However, three factors are changing this approach: many organizations now increasingly rely on data to drive their business; organizations employ cross-border business activities; and, finally, regulatory requirements for demonstrating ongoing compliance have increased in number and scope (e.g., GDPR). These changes have necessitated the purchase of technology solutions to enable privacy management systems that can scale and be operationalized more efficiently.

The ePrivacy Directive mandates in the European Union in 2002 spurred the growth of privacy-dedicated solutions for monitoring website trackers and managing cookie consent. Still, many companies continue to rely on manual processes and ad hoc tools to manage their programs. Recently, however, in part due to the complexity of complying with the EU General Data Protection Regulation (GDPR), we have seen an increased demand for technology tools to automate and scale privacy assessments and data mapping.

To understand the factors driving the increased adoption of technology solutions to manage privacy compliance, TrustArc, along with the International Association of Privacy Professionals (IAPP), the world’s largest global information privacy community, surveyed hundreds of organizational leaders about their implementations. The survey results highlight the types of technologies firms consider important. The findings also shine a light on the evolving relationship between privacy and IT and infosec teams.

Privacy Tech Adoption Approaching the Tipping Point

As a result of privacy mandates, such as the GDPR, organizations are searching for tools that help them account for how personal data is entering the organization, how it is being used, the permissions that are attached to it and who has responsibility for managing it. Eight of the 10 categories of technology tools the survey addressed are projected to see increased adoption rates based on purchase plans and top 50 percent adoption.

Currently, decision-makers believe the following technologies will help them best achieve these goals; more than 60 percent of respondents have already purchased or are planning to purchase solutions in the following categories:

  • Network activity monitoring
  • Secure enterprise communications
  • Website scanning/cookie management
  • Privacy program assessment/management

There is also a forming wave of technology adoption for a new breed of privacy solutions. At least 30 percent of respondents plan to purchase or have purchased, but not yet implemented tools including:

  • Data mapping and flow
  • Personal data discovery
  • Privacy program assessment/management

The growth of these tools tells us that privacy-centric technology adoption is on the rise. Privacy program management tools that help operationalize new policies are in high demand today and in forward-looking product roadmaps. These facts underscore the mad scramble for solutions that can handle the rigors of GDPR and other regulatory requirements.

Purchase Decisions Don’t Always Align with Public Perception

While it appears companies more or less agree on the technologies that enable them to automate privacy assessment processes, there is not a consensus on who should pay for and manage those platforms.

The technologies organizations are evaluating fall under two primary categories. The first are privacy program management tools designed specifically for the needs of the privacy officer. These include assessment managers, consent managers and data mapping. An organization’s privacy department owns the purchase decision for these types of solutions. The second category of tools are enterprise privacy management solutions built with the needs of the entire organization in mind. These technologies include network activity monitoring, data discovery and enterprise communication. These purchase decisions typically fall under IT or infosec teams.

Though IT and infosec control the budgets for enterprise privacy management technologies, results from the survey show that privacy has influence and provides significant input on eight of the 10 categories of technology surveyed, including privacy program assessment, consent management and data mapping.

Privacy Has a Strong Influence on Purchase Decisions Across Most Product Categories

Regardless of which department’s budget covers a given technology solution, organizations’ privacy teams still have influence over many purchase decisions. For incident response solutions, 69 percent of respondents said privacy had input into the decision-making, even though IT budget was typically responsible for the purchase. Similarly, nearly three-quarters of respondents believe privacy teams have sway over the purchase of personal data discovery tools, despite the budget for such a purchase coming most often from IT. Part of this phenomenon is due to the increasing importance of privacy requirements. It’s also reflective of the size of the company. As an organization grows, the budget moves from IT and infosec into legal and privacy.

The Entire Organization Benefits from Privacy Technology

An organization is more likely to reap the benefits of a purchase if the entire organization can easily use the tool, no matter which department is responsible for the purchase. Organizations that plan to purchase and operationalize privacy technology solutions should prepare themselves for a widespread usership. More than three-quarters of respondents observe that privacy teams use data mapping and flow and personal data discovery tools. Forty-six and 41 percent, respectively, feel those tools are used by other teams within the organization. Privacy program assessment tools, which are both heavily used already and in future plans, are primarily used by the core privacy teams.

Forward-Looking Organizations Should Plan for Greater Privacy Focus

Second to lack of budget, respondents state that the largest barrier to purchase for any of these tools is inadequate internal resources for implementation. Organizations must develop processes and teams responsible for managing technology implementation even before devoting budget to those tools. Without the resources available to manage the purchase, implementation and usage process, the organization risks operationalizing technology that quickly falls out of use. Privacy standards are only proliferating and becoming stricter. Decision-makers should plan for the growth of privacy technology adoption ahead of time, lest their initiatives lead to missed compliance requirements.


Tags: GDPRinformation security
Previous Post

Protiviti Study: Data and Analytics Are Top Priorities for Finance Executives

Next Post

Treat Regulatory Compliance as an Opportunity, Not a Threat

Chris Babel

Chris Babel is CEO of TrustArc. He has led the company through significant growth and transformation into a leading global privacy compliance and risk management company. Before joining TrustArc, Chris spent over a decade building online trust, most recently in the security industry as Senior Vice President and General Manager of VeriSign’s worldwide authentication services business. He holds a B.A. in Mathematical Methods in the Social Sciences and Economics with Highest Distinction from Northwestern University.

 

Related Posts

blue corporate culture puzzle being assembled by multiple hands

Managing Organizational Culture as an Enterprise Asset

December 5, 2019
job candidates awaiting inerview

An Unconventional Interview Question: “Do You Have an HR Department?”

December 5, 2019
closeup of magnifying glass on gray background

DiCianni’s Idea: How It All Got Started

December 4, 2019
woman's hand touching beam of light on digital blue screen

The Evolution of Compliance

December 3, 2019
Next Post
note with both options for "carrot" or "stick" checked

Treat Regulatory Compliance as an Opportunity, Not a Threat

Free Downloads

OFAC whitepaper cover
Compliance Job Interview Q&A
Reputation Risk Management Research

RSS SEC Litigation News

  • Lester Burroughs December 5, 2019
    SEC Charges Connecticut Man with Defrauding Retail Investors
  • SBB Research Group LLC, et al. December 4, 2019
    SEC Charges Hedge Fund Adviser and Top Executives with Fraud
  • NIT Enterprises, Inc., et al. November 29, 2019
    SEC Halts Penny Stock Scheme Targeting Seniors

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks Big Data blockchain board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management corporate culture corporate governance culture of ethics cyber risk data analytics data breach data governance decision-making Dodd-Frank DOJ due diligence fcpa enforcement actions GDPR GRC HIPAA information security internal audit internet of things (IoT) KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • Audit
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • HR Compliance
  • Leadership and Career
  • News
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights