This week we hosted our first Early Adopters Council briefing, focused on privacy and security and the emerging market trends and technologies in response to legislations such as CCPA, GDPR, New York Privacy Act, Canadian Privacy Act, and more.
We kicked off the event with an overview of the privacy and security landscape from two members of our investment team, Pranavi Cheemakurti and Akul Penugonda, followed by a look at two startups solving for privacy & security compliance: Polymer & Private.ai.
Privacy is defined as the ability for an individual or a company to control what data is shared with and by third parties. A lot of the need to protect data is primarily driven by legislation – GDPR, CCPA, Canadian Privacy Act, and the New York Privacy Act. This legislation is constantly evolving, making it fairly difficult for companies to keep up with compliance. Luckily, there are some amazing emerging technologies that can help companies comply with the evolving privacy rules and regulations.
Let’s look at three of these emerging technologies that we’re excited about: AI and machine learning, synthetic data, and Edge computing.
1. Artificial Intelligence (AI) and Machine Learning
AI is changing privacy technology in a few major ways:
1. Automation of access management. In other words, making it easy for organizations to provision who should have access to what data, depending on roles, and doing that in a very automated way.
2. Routing data privacy requests. In the GDPR and CCPA, it’s required for organizations to be able to handle requests from end consumers about their data. AI is effective for managing those requests at scale.
3. Observation of where PII is in your systems. A lot of companies have been collecting data for a very long time, and it’s hard to know which data is PII and which is not, especially at scale. AI can automatically scan through these records and determine which information and data needs to be protected or not.
4. Effective generation of synthetic data (we’ll get more into this one in the next section)
2. Synthetic Data
Synthetic data is the generation of data that is not real but is a reflection of real data, and can feed into data science and machine learning models.
Since the GDPR, CCPA, and other legislations require that only specific users can view user data, it becomes difficult for data scientists to do their jobs and produce algorithms that lead to more value for consumers, as they need to view data records to train their models.
Synthetic data circumvents this by producing fake data sets based on the characteristics and usage patterns of the personal data a company has, which allows data scientists to successfully build algorithms and gain the same insights without violating data restrictions.
3. Edge Computing
Edge computing isn’t an emerging technology directly related to privacy, but we’ve included it in this list because it actually leads to more privacy concerns and therefore necessitates solutions.
Edge computing is the use of computers closer to the edge of a network to do computing. This is needed for more feature-rich experiences and websites, like augmented reality on mobile, that require a lot of processing power to provide a good experience. This means using more computers and more servers outside of your own, and in turn, exposing your users’ data to these computers and servers, creating additional risks for privacy as the attack surface for a malicious actor is much higher.
This necessitates solutions for how data is being encrypted, protected and secured as it is transported and hosted across these different machines. Here are some of the solutions we’re seeing so far:
- Onion Routing: Helps anonymize data and makes it impossible to reconstruct
- Homomorphic Encryption: Ability to perform operations and computations on data without actually viewing the data itself
- Automated Data Mapping: Ability to visualize data without human input where your data is travelling, and ensure you’re not leaking any PII
How companies and enterprises can best leverage emerging technologies to stay on top of compliance requirements:
1. Buy Not Build
There is a tendency for companies to want to build third party software solutions for privacy protection in house. However, there are major limitations to this such as lack of in-house expertise to build and time to market. Startups in this space are already bringing together best in class talent to solve for this, so it’s easier and quicker for companies and enterprises to buy and implement, especially because a lot of these softwares are self-serve.
We recommend companies conduct an internal privacy assessment in order to understand your privacy needs before you engage with startups. For example, end to end privacy software is difficult to implement in large companies due to the large number of teams with different needs and tech stacks. Understand what your needs are first and then create a targeted search so that you talk to the most relevant startups that can help you solve these.
2. Be An Internal Champion
Every new innovation project needs an internal champion to be successful. Most large companies have several departments, levels, and a lengthy procurement process, and without a champion, it would be near impossible to get a project like this going. One of the best ways to successfully launch an external privacy focused innovation is to become that internal champion and help your startup partner navigate the process from the inside out.
3. Leverage Pilot Projects
Running a pilot project with a privacy-focused startup will allow you to justify the cost benefit to your team, as these are generally more cost-effective than working with a more established software company. Early stage startups are more than happy and willing to create pilot projects with enterprises in order to push the needle forward.
Two category innovators we’re excited about:
PRIVATE AI - Automated Data Anonymization
“Processing personal data in a regulatory compliant manner can get really complicated really fast”, explained Patricia Thaine, Co-Founder and CEO of Private AI. Between access requests, data mapping, requests for deletion, and more, there is a lot to consider around compliance.
Private AI is a Toronto- and Berlin-based startup working on making privacy preservation and GDPR compliance simple and affordable. Their anonymization suite is designed to run directly on-device to strip personal data from text, images, and video before it leaves the device using state-of-the-art AI and homomorphic encryption. They support a wide range of platforms including web, iOS, Android and on-premise.
POLYMER - Data Privacy as a Service
“Higher Cloud adoption across companies is correlated with greater frequency and severity of data leaks”, explained Yasir Ali, Founder and CEO. This includes challenges like hard-to-govern SaaS based architecture, missing access management across third party tools, and complicated implementations of current DLP solutions.
Polymer protects against data loss and cyber breaches on modern collaboration tools like Slack, Dropbox, Zoom, Splunk, Github and more with configurable real-time encryption and permissioning of sensitive and regulated information such as PII, PHI, financial and security data.
DATASHIPS - Outsource your Data Privacy Compliance
"Business owners understand the importance of having a compliance data privacy program but don't have the in-house expertise to achieve it," explains founder and CEO Michael Storan. "Not only do users expect to see this, but increasingly companies procuring software want to ensure they are only allowing third parties with robust privacy programs into their ecosystem."
Dataships is a Dublin, Ireland and San Francisco based company that acts as an extension of leadership teams to implement and maintain a robust 'Privacy Centre' with all necessary policies and procedures to achieve a best in class Privacy Program.
This briefing is part of a brand new bi-monthly series we're hosting exclusively for members of our Early Adopters Council to arm executives with new insights, emerging tech solutions and industry connection.