A new category of privacy tool – data subject access request (DSAR) and individual rights management – has emerged in the last year, according to the second annual report on privacy tech from the International Association of Privacy Professions (IAPP) and compliance/security firm TrustArc.
The report, “How Privacy Tech Is Bought and Deployed” [registration required], found that nearly a fifth of the respondents to the report’s survey intend to purchase DSAR and individual rights management tools within the next 12 months. This already places such a tool in fourth place among the top purchase choices, along with data mapping and flow tools (24%), data discovery (23%) and assessment management (20%).
The new DSAR/individual rights management category, TrustArc CEO and report co-author Chris Babel told ClickZ via email, shows the maturing of privacy compliance. The sequence now, he said, is: “locate personal data, then map the flow of that data, create a framework to manage, [assess] privacy compliance, then be prepared to respond to your users.”
The purchase patterns for privacy tech are similar among companies, the report found, regardless of their size or whether the company resides in a regulated industry.
He added that there “seems to be an evolution in how organizations are thinking about privacy, as evidenced about their purchase decisions.”
In last year’s report, he pointed out, data mapping and data flow tech was the sixth-highest priority for company, but now it’s the fourth highest. This shift, Babel said, is “evidence that companies understand they need to have an in-depth understanding of the data they are collecting.”
The biggest reason they are collecting this data, and buying many of these privacy tools, is compliance. Babel noted that this isn’t surprising, but it shows “how quickly the regulatory landscape is changing.” Companies are trying to keep pace with the privacy requirements, he said, including the new California privacy law, the European Union’s General Data Protection Regulation (GDPR) and the many state-level laws in progress.
The report noted that GDPR alone, implemented a year ago, has “pushed privacy technology solutions, which had been developing for a few years, into prime time.”
IAPP/TrustArc’s current product categories are grouped into two broad areas: individual privacy and enterprise privacy. Individual privacy program management includes consent managers, assessment managers, data mapping solutions, incident response solutions, website scanning and DSAR/individual rights management. Enterprise privacy management includes activity monitoring, data discovery, de-identification/pseudonymity, and enterprise communications.
The new report shows that the number of privacy tech vendors has grown from 30 in 2017 to nearly 200 today, along with the types of tools, but Babel noted that the “adoption-rate data shows that the privacy technology market is far from saturated.”
In particular, the report says that products to discover and map privacy-protected data flows are “poised for growth.” The biggest types of purchases are network activity monitoring tools, secure enterprise communication, and tools for website scanning and cookie compliance.
The types of tools that are most likely to be purchased in the next 12 months are data mapping and data flow, personal data discovery, and privacy program assessment and management.
The least likely: de-identification/pseudonymity tools.
The report’s survey queried 345 privacy professionals worldwide about how privacy tech products are purchased and deployed, trying to make sense of what the report calls “a cacophony of global privacy frameworks.”Reblogged 3 months ago from www.clickz.com