AI

Privacy data management innovations reduce risk, create new revenue channels

Comment

matejmo
Image Credits: matejmo (opens in a new window) / Getty Images

Mark Settle

Contributor

Mark Settle is a seven-time CIO, three-time CIO 100 award winner and two-time book author. His most recent book is “Truth from the Valley: A Practical Primer on IT Management for the Next Decade.”

More posts from Mark Settle

Privacy data mismanagement is a lurking liability within every commercial enterprise. The very definition of privacy data is evolving over time and has been broadened to include information concerning an individual’s health, wealth, college grades, geolocation and web surfing behaviors. Regulations are proliferating at state, national and international levels that seek to define privacy data and establish controls governing its maintenance and use.

Existing regulations are relatively new and are being translated into operational business practices through a series of judicial challenges that are currently in progress, adding to the confusion regarding proper data handling procedures. In this confusing and sometimes chaotic environment, the privacy risks faced by almost every corporation are frequently ambiguous, constantly changing and continually expanding.

Conventional information security (infosec) tools are designed to prevent the inadvertent loss or intentional theft of sensitive information. They are not sufficient to prevent the mismanagement of privacy data. Privacy safeguards not only need to prevent loss or theft but they must also prevent the inappropriate exposure or unauthorized usage of such data, even when no loss or breach has occurred. A new generation of infosec tools is needed to address the unique risks associated with the management of privacy data.

The first wave of innovation

A variety of privacy-focused security tools emerged over the past few years, triggered in part by the introduction of GDPR (General Data Protection Regulation) within the European Union in 2018. New capabilities introduced by this first wave of innovation were focused in the following three areas:

Data discovery, classification and cataloging. Modern enterprises collect a wide variety of personal information from customers, business partners and employees at different times for different purposes with different IT systems. This data is frequently disseminated throughout a company’s application portfolio via APIs, collaboration tools, automation bots and wholesale replication. Maintaining an accurate catalog of the location of such data is a major challenge and a perpetual activity. BigID, DataGuise and Integris Software have gained prominence as popular solutions for data discovery. Collibra and Alation are leaders in providing complementary capabilities for data cataloging.

Consent management. Individuals are commonly presented with privacy statements describing the intended use and safeguards that will be employed in handling the personal data they supply to corporations. They consent to these statements — either explicitly or implicitly — at the time such data is initially collected. Osano, Transcend.io and DataGrail.io specialize in the management of consent agreements and the enforcement of their terms. These tools enable individuals to exercise their consensual data rights, such as the right to view, edit or delete personal information they’ve provided in the past.

Privacy Operations. PrivacyOps platforms perform multiple functions, either inherently or through integrations with other tools. These platforms typically possess some combination of data discovery, cataloging and access control capabilities. They are frequently used to manage consent privileges, regulatory controls and privacy incidents. They furnish the evidence needed to achieve auditable compliance with relevant privacy regulations. OneTrust, TrustArc, Securiti.ai and Wirewheel are leading PrivacyOps vendors.

The next wave of innovation

The next generation of privacy management tools will build upon the capabilities referenced above and focus on the following functional areas. Early entrants already exist in some of these areas but additional investment and innovation is needed.

Data usage monitoring. As indicated above, privacy security tools have a higher standard of success than conventional infosec tools because they need to prevent the usage of personal data in ways that were never prescribed or implied by the consent agreements that were used to collect such data in the first place. The usage provisions of most consent agreements are too generalized to be translated into an exhaustive set of explicit use cases that can be used to detect inappropriate usage.

This is an area where the application of machine learning and artificial intelligence techniques to identify anomalous usage patterns could pay major dividends. Early detection of new, novel or suspicious data flows based upon departures from past behavior would materially improve a company’s ability to deter misuse. In much the same way that conventional Security Incident and Event Management (SIEM) tools were developed to provide early warning of security intrusions and exfiltration events, a new generation of Privacy Incident and Event Management (PIEM) tools are needed to detect seemingly benign data flows that violate the terms of usage that were guaranteed to the personal data provider. New usage insights could potentially be provided by API management platforms with more granular data inspection capabilities. Deeper insight into the delegation and usage of fine-grained end user authentication privileges could be a useful means of policing inappropriate data flows as well.

Self-service rights management. In reality, consumers rarely read or understand the rights they’ve surrendered or retained when they provide personal information to a commercial business. They simply don’t have the time, interest or knowledge to comprehend the terms or implications of the consent agreements they’ve accepted. Any technology that can provide individuals with a deeper understanding of the rights they’ve retained; the ability to exercise those rights directly without the facilitation of an intermediary agent; comparative insight into the relative stringency or laxness of the safeguards guaranteed by different agreements; or operational insight into the implementation or effectiveness of such safeguards would be hugely welcomed by most individuals. Information of this nature could be used to construct privacy scores for corporations that consumers could use to protect their personal data in much the same way that corporations use the credit scores of their customers to protect their profits.

Sophisticated self-service tools will also pay dividends for corporations by enabling them to cope with the continual expansion of data provider rights without expanding the administrative staff required to fulfill individual requests for data access, viewing, editing and deletion.

Application development tools. Privacy by design refers to the construction of IT systems using a set of architectural principles and associated business practices that automatically protect personal data from its point of collection to its point of destruction with no action required on the part of the individual providing such data. New development tools are needed to incorporate privacy-related features in the construction of applications and systems that adhere to these principles. Privacy-specific development tools such as programming kits, software widgets and API services could potentially be used to automate the maintenance of privacy data catalogs, cleanse and normalize data collected by different systems, encrypt and obfuscate specific data types, manage data rights and fulfill the requests of data providers.

Early entrants in this space are emerging. Ethyca currently offers developers a variety of data discovery, viewing, editing and deletion services that can be used to customize the way individuals interact with their personal data while navigating a consumer website or e-commerce platform. Skyflow and Evervault provide storage as a service capabilities that automate the obfuscation of privacy data. Additional tools for data modeling and provisioning would be valuable additions to this embryonic engineering toolkit.

Risk reduction or revenue opportunity?

The current and future capabilities listed above can go a long way toward reducing the business risks associated with the ever-expanding and sometimes chaotic privacy landscape confronting every enterprise. Enlightened companies may consider this landscape to be as much of a business opportunity as it is a risk. Most B2C companies have spent the last five years digitally transforming the online experiences of their customers, making online interactions more substantive, personalized and engaging.

During the next five years, B2C companies that provide their customers with a superior privacy experience are highly likely to gain a competitive edge. Investments in privacy tools and management practices now are almost certain to deliver major business dividends in the future.

More TechCrunch

Chang She, previously the VP of engineering at Tubi and a Cloudera veteran, has years of experience building data tooling and infrastructure. But when She began working in the AI…

LanceDB, which counts Midjourney as a customer, is building databases for multimodal AI

Trawa simplifies energy purchasing and management for SMEs by leveraging an AI-powered platform and downstream data from customers. 

Berlin-based trawa raises €10M to use AI to make buying renewable energy easier for SMEs

Lydia is splitting itself into two apps — Lydia for P2P payments and Sumeria for those looking for a mobile-first bank account.

Lydia, the French payments app with 8 million users, launches mobile banking app Sumeria

Cargo ships docking at a commercial port incur costs called “disbursements” and “port call expenses.” This might be port dues, towage, and pilotage fees. It’s a complex patchwork and all…

Shipping logistics startup Harbor Lab raises $16M Series A led by Atomico

AWS has confirmed its European “sovereign cloud” will go live by the end of 2025, enabling greater data residency for the region.

AWS confirms will launch European ‘sovereign cloud’ in Germany by 2025, plans €7.8B investment over 15 years

Go Digit, an Indian insurance startup, has raised $141 million from investors including Goldman Sachs, ADIA, and Morgan Stanley as part of its IPO.

Indian insurance startup Go Digit raises $141M from anchor investors ahead of IPO

Peakbridge intends to invest in between 16 and 20 companies, investing around $10 million in each company. It has made eight investments so far.

Food VC Peakbridge has new $187M fund to transform future of food, like lab-made cocoa

For over six decades, the nonprofit has been active in the financial services sector.

Accion’s new $152.5M fund will back financial institutions serving small businesses globally

Meta’s newest social network, Threads, is starting its own fact-checking program after piggybacking on Instagram and Facebook’s network for a few months.

Threads finally starts its own fact-checking program

Looking Glass makes trippy-looking mixed-reality screens that make things look 3D without the need of special glasses. Today, it launches a pair of new displays, including a 16-inch mode that…

Looking Glass launches new 3D displays

Replacing Sutskever is Jakub Pachocki, OpenAI’s director of research.

Ilya Sutskever, OpenAI co-founder and longtime chief scientist, departs

Intuitive Machines made history when it became the first private company to land a spacecraft on the moon, so it makes sense to adapt that tech for Mars.

Intuitive Machines wants to help NASA return samples from Mars

As Google revamps itself for the AI era, offering AI overviews within its search results, the company is introducing a new way to filter for just text-based links. With the…

Google adds ‘Web’ search filter for showing old-school text links as AI rolls out

Blue Origin’s New Shepard rocket will take a crew to suborbital space for the first time in nearly two years later this month, the company announced on Tuesday.  The NS-25…

Blue Origin to resume crewed New Shepard launches on May 19

This will enable developers to use the on-device model to power their own AI features.

Google is building its Gemini Nano AI model into Chrome on the desktop

It ran 110 minutes, but Google managed to reference AI a whopping 121 times during Google I/O 2024 (by its own count). CEO Sundar Pichai referenced the figure to wrap…

Google mentioned ‘AI’ 120+ times during its I/O keynote

Firebase Genkit is an open source framework that enables developers to quickly build AI into new and existing applications.

Google launches Firebase Genkit, a new open source framework for building AI-powered apps

In the coming months, Google says it will open up the Gemini Nano model to more developers.

Patreon and Grammarly are already experimenting with Gemini Nano, says Google

As part of the update, Reddit also launched a dedicated AMA tab within the web post composer.

Reddit introduces new tools for ‘Ask Me Anything,’ its Q&A feature

Here are quick hits of the biggest news from the keynote as they are announced.

Google I/O 2024: Here’s everything Google just announced

LearnLM is already powering features across Google products, including in YouTube, Google’s Gemini apps, Google Search and Google Classroom.

LearnLM is Google’s new family of AI models for education

The official launch comes almost a year after YouTube began experimenting with AI-generated quizzes on its mobile app. 

Google is bringing AI-generated quizzes to academic videos on YouTube

Around 550 employees across autonomous vehicle company Motional have been laid off, according to information taken from WARN notice filings and sources at the company.  Earlier this week, TechCrunch reported…

Motional cut about 550 employees, around 40%, in recent restructuring, sources say

The keynote kicks off at 10 a.m. PT on Tuesday and will offer glimpses into the latest versions of Android, Wear OS and Android TV.

Google I/O 2024: Watch all of the AI, Android reveals

Google Play has a new discovery feature for apps, new ways to acquire users, updates to Play Points, and other enhancements to developer-facing tools.

Google Play preps a new full-screen app discovery feature and adds more developer tools

Soon, Android users will be able to drag and drop AI-generated images directly into their Gmail, Google Messages and other apps.

Gemini on Android becomes more capable and works with Gmail, Messages, YouTube and more

Veo can capture different visual and cinematic styles, including shots of landscapes and timelapses, and make edits and adjustments to already-generated footage.

Google Veo, a serious swing at AI-generated video, debuts at Google I/O 2024

In addition to the body of the emails themselves, the feature will also be able to analyze attachments, like PDFs.

Gemini comes to Gmail to summarize, draft emails, and more

The summaries are created based on Gemini’s analysis of insights from Google Maps’ community of more than 300 million contributors.

Google is bringing Gemini capabilities to Google Maps Platform

Google says that over 100,000 developers already tried the service.

Project IDX, Google’s next-gen IDE, is now in open beta