AI

Privacy data management innovations reduce risk, create new revenue channels

Comment

matejmo
Image Credits: matejmo (opens in a new window) / Getty Images

Mark Settle

Contributor

Mark Settle is a seven-time CIO, three-time CIO 100 award winner and two-time book author. His most recent book is “Truth from the Valley: A Practical Primer on IT Management for the Next Decade.”

More posts from Mark Settle

Privacy data mismanagement is a lurking liability within every commercial enterprise. The very definition of privacy data is evolving over time and has been broadened to include information concerning an individual’s health, wealth, college grades, geolocation and web surfing behaviors. Regulations are proliferating at state, national and international levels that seek to define privacy data and establish controls governing its maintenance and use.

Existing regulations are relatively new and are being translated into operational business practices through a series of judicial challenges that are currently in progress, adding to the confusion regarding proper data handling procedures. In this confusing and sometimes chaotic environment, the privacy risks faced by almost every corporation are frequently ambiguous, constantly changing and continually expanding.

Conventional information security (infosec) tools are designed to prevent the inadvertent loss or intentional theft of sensitive information. They are not sufficient to prevent the mismanagement of privacy data. Privacy safeguards not only need to prevent loss or theft but they must also prevent the inappropriate exposure or unauthorized usage of such data, even when no loss or breach has occurred. A new generation of infosec tools is needed to address the unique risks associated with the management of privacy data.

The first wave of innovation

A variety of privacy-focused security tools emerged over the past few years, triggered in part by the introduction of GDPR (General Data Protection Regulation) within the European Union in 2018. New capabilities introduced by this first wave of innovation were focused in the following three areas:

Data discovery, classification and cataloging. Modern enterprises collect a wide variety of personal information from customers, business partners and employees at different times for different purposes with different IT systems. This data is frequently disseminated throughout a company’s application portfolio via APIs, collaboration tools, automation bots and wholesale replication. Maintaining an accurate catalog of the location of such data is a major challenge and a perpetual activity. BigID, DataGuise and Integris Software have gained prominence as popular solutions for data discovery. Collibra and Alation are leaders in providing complementary capabilities for data cataloging.

Consent management. Individuals are commonly presented with privacy statements describing the intended use and safeguards that will be employed in handling the personal data they supply to corporations. They consent to these statements — either explicitly or implicitly — at the time such data is initially collected. Osano, Transcend.io and DataGrail.io specialize in the management of consent agreements and the enforcement of their terms. These tools enable individuals to exercise their consensual data rights, such as the right to view, edit or delete personal information they’ve provided in the past.

Privacy Operations. PrivacyOps platforms perform multiple functions, either inherently or through integrations with other tools. These platforms typically possess some combination of data discovery, cataloging and access control capabilities. They are frequently used to manage consent privileges, regulatory controls and privacy incidents. They furnish the evidence needed to achieve auditable compliance with relevant privacy regulations. OneTrust, TrustArc, Securiti.ai and Wirewheel are leading PrivacyOps vendors.

The next wave of innovation

The next generation of privacy management tools will build upon the capabilities referenced above and focus on the following functional areas. Early entrants already exist in some of these areas but additional investment and innovation is needed.

Data usage monitoring. As indicated above, privacy security tools have a higher standard of success than conventional infosec tools because they need to prevent the usage of personal data in ways that were never prescribed or implied by the consent agreements that were used to collect such data in the first place. The usage provisions of most consent agreements are too generalized to be translated into an exhaustive set of explicit use cases that can be used to detect inappropriate usage.

This is an area where the application of machine learning and artificial intelligence techniques to identify anomalous usage patterns could pay major dividends. Early detection of new, novel or suspicious data flows based upon departures from past behavior would materially improve a company’s ability to deter misuse. In much the same way that conventional Security Incident and Event Management (SIEM) tools were developed to provide early warning of security intrusions and exfiltration events, a new generation of Privacy Incident and Event Management (PIEM) tools are needed to detect seemingly benign data flows that violate the terms of usage that were guaranteed to the personal data provider. New usage insights could potentially be provided by API management platforms with more granular data inspection capabilities. Deeper insight into the delegation and usage of fine-grained end user authentication privileges could be a useful means of policing inappropriate data flows as well.

Self-service rights management. In reality, consumers rarely read or understand the rights they’ve surrendered or retained when they provide personal information to a commercial business. They simply don’t have the time, interest or knowledge to comprehend the terms or implications of the consent agreements they’ve accepted. Any technology that can provide individuals with a deeper understanding of the rights they’ve retained; the ability to exercise those rights directly without the facilitation of an intermediary agent; comparative insight into the relative stringency or laxness of the safeguards guaranteed by different agreements; or operational insight into the implementation or effectiveness of such safeguards would be hugely welcomed by most individuals. Information of this nature could be used to construct privacy scores for corporations that consumers could use to protect their personal data in much the same way that corporations use the credit scores of their customers to protect their profits.

Sophisticated self-service tools will also pay dividends for corporations by enabling them to cope with the continual expansion of data provider rights without expanding the administrative staff required to fulfill individual requests for data access, viewing, editing and deletion.

Application development tools. Privacy by design refers to the construction of IT systems using a set of architectural principles and associated business practices that automatically protect personal data from its point of collection to its point of destruction with no action required on the part of the individual providing such data. New development tools are needed to incorporate privacy-related features in the construction of applications and systems that adhere to these principles. Privacy-specific development tools such as programming kits, software widgets and API services could potentially be used to automate the maintenance of privacy data catalogs, cleanse and normalize data collected by different systems, encrypt and obfuscate specific data types, manage data rights and fulfill the requests of data providers.

Early entrants in this space are emerging. Ethyca currently offers developers a variety of data discovery, viewing, editing and deletion services that can be used to customize the way individuals interact with their personal data while navigating a consumer website or e-commerce platform. Skyflow and Evervault provide storage as a service capabilities that automate the obfuscation of privacy data. Additional tools for data modeling and provisioning would be valuable additions to this embryonic engineering toolkit.

Risk reduction or revenue opportunity?

The current and future capabilities listed above can go a long way toward reducing the business risks associated with the ever-expanding and sometimes chaotic privacy landscape confronting every enterprise. Enlightened companies may consider this landscape to be as much of a business opportunity as it is a risk. Most B2C companies have spent the last five years digitally transforming the online experiences of their customers, making online interactions more substantive, personalized and engaging.

During the next five years, B2C companies that provide their customers with a superior privacy experience are highly likely to gain a competitive edge. Investments in privacy tools and management practices now are almost certain to deliver major business dividends in the future.

More TechCrunch

A Jio Financial unit plans to purchase customer premises equipment and telecom gear worth $4.32 billion from Reliance Retail.

Jio Financial unit to buy $4.32B of telecom gear from Reliance Retail

Foursquare, the location-focused outfit that in 2020 merged with Factual, another location-focused outfit, is joining the parade of companies to make cuts to one of its biggest cost centers –…

Foursquare just laid off 105 employees

“Running with scissors is a cardio exercise that can increase your heart rate and require concentration and focus,” says Google’s new AI search feature. “Some say it can also improve…

Using memes, social media users have become red teams for half-baked AI features

The European Space Agency selected two companies on Wednesday to advance designs of a cargo spacecraft that could establish the continent’s first sovereign access to space.  The two awardees, major…

ESA prepares for the post-ISS era, selects The Exploration Company, Thales Alenia to develop cargo spacecraft

Expressable is a platform that offers one-on-one virtual sessions with speech language pathologists.

Expressable brings speech therapy into the home

The French Secretary of State for the Digital Economy as of this year, Marina Ferrari, revealed this year’s laureates during VivaTech week in Paris. According to its promoters, this fifth…

The biggest French startups in 2024 according to the French government

Spotify is notifying customers who purchased its Car Thing product that the devices will stop working after December 9, 2024. The company discontinued the device back in July 2022, but…

Spotify to shut off Car Thing for good, leading users to demand refunds

Elon Musk’s X is preparing to make “likes” private on the social network, in a change that could potentially confuse users over the difference between something they’ve favorited and something…

X should bring back stars, not hide ‘likes’

The FCC has proposed a $6 million fine for the scammer who used voice-cloning tech to impersonate President Biden in a series of illegal robocalls during a New Hampshire primary…

$6M fine for robocaller who used AI to clone Biden’s voice

Welcome back to TechCrunch Mobility — your central hub for news and insights on the future of transportation. Sign up here for free — just click TechCrunch Mobility! Is it…

Tesla lobbies for Elon and Kia taps into the GenAI hype

Crowdaa is an app that allows non-developers to easily create and release apps on the mobile store. 

App developer Crowdaa raises €1.2M and plans a US expansion

Back in 2019, Canva, the wildly successful design tool, introduced what the company was calling an enterprise product, but in reality it was more geared toward teams than fulfilling true…

Canva launches a proper enterprise product — and they mean it this time

TechCrunch Disrupt 2024 isn’t just an event for innovation; it’s a platform where your voice matters. With the Disrupt 2024 Audience Choice Program, you have the power to shape the…

2 days left to vote for Disrupt Audience Choice

The United States Department of Justice and 30 state attorneys general filed a lawsuit against Live Nation Entertainment, the parent company of Ticketmaster, for alleged monopolistic practices. Live Nation and…

Ticketmaster antitrust lawsuit could give new hope to ticketing startups

The U.K. will shortly get its own rulebook for Big Tech, after peers in the House of Lords agreed Thursday afternoon to pass the Digital Markets, Competition and Consumer bill…

‘Pro-competition’ rules for Big Tech make it through UK’s pre-election wash-up

Spotify’s addition of its AI DJ feature, which introduces personalized song selections to users, was the company’s first step into an AI future. Now, Spotify is developing an alternative version…

Spotify experiments with an AI DJ that speaks Spanish

Call Arc can help answer immediate and small questions, according to the company. 

Arc Search’s new Call Arc feature lets you ask questions by ‘making a phone call’

After multiple delays, Apple and the Paris area transportation authority rolled out support for Paris transit passes in Apple Wallet. It means that people can now use their iPhone or…

Paris transit passes now available in iPhone’s Wallet app

Redwood Materials, the battery recycling startup founded by former Tesla co-founder JB Straubel, will be recycling production scrap for batteries going into General Motors electric vehicles.  The company announced Thursday…

Redwood Materials is partnering with Ultium Cells to recycle GM’s EV battery scrap

A new startup called Auggie is aiming to give parents a single platform where they can shop for products and connect with each other. The company’s new app, which launched…

Auggie’s new app helps parents find community and shop

Andrej Safundzic, Alan Flores Lopez and Leo Mehr met in a class at Stanford focusing on ethics, public policy and technological change. Safundzic — speaking to TechCrunch — says that…

Lumos helps companies manage their employees’ identities — and access

Remark trains AI models on human product experts to create personas that can answer questions with the same style of their human counterparts.

Remark puts thousands of human product experts into AI form

ZeroPoint claims to have solved compression problems with hyper-fast, low-level memory compression that requires no real changes to the rest of the computing system.

ZeroPoint’s nanosecond-scale memory compression could tame power-hungry AI infrastructure

In 2021, Roi Ravhon, Asaf Liveanu and Yizhar Gilboa came together to found Finout, an enterprise-focused toolset to help manage and optimize cloud costs. (We covered the company’s launch out…

Finout lands cash to grow its cloud spend management platform

On the heels of raising $102 million earlier this year, Bugcrowd is making good on its promise to use some of that funding to make acquisitions to strengthen its security…

Bugcrowd, the crowdsourced white-hat hacker platform, acquires Informer to ramp up its security chops

Google is preparing to build what will be the first subsea fiber-optic cable connecting the continents of Africa and Australia. The news comes as the major cloud hyperscalers battle it…

Google to build first subsea fiber-optic cable connecting Africa with Australia

The Kia EV3 — the new all-electric compact SUV revealed Thursday — illustrates a growing appetite among global automakers to bring generative AI into their vehicles.  The automaker said the…

The new Kia EV3 will have an AI assistant with ChatGPT DNA

Bing, Microsoft’s search engine, was working improperly for several hours on Thursday in Europe. At first, we noticed it wasn’t possible to perform a web search at all. Now it…

Bing’s API was down, taking Microsoft Copilot, DuckDuckGo and ChatGPT’s web search feature down too

If you thought autonomous driving was just for cars, think again. The “autonomous navigation” market — where ships steer themselves guided by AI, resulting in fuel and time savings —…

Autonomous shipping startup Orca AI tops up with $23M led by OCV Partners and MizMaa Ventures

The best known mycoprotein is probably Quorn, a meat substitute that’s fast approaching its 40th birthday. But Finnish biotech startup Enifer is cooking up something even older: Its proprietary single-cell…

Meet the Finnish biotech startup bringing a long-lost mycoprotein to your plate