As concerns about data privacy rights grow and new laws are implemented, it’s evident that enterprises require assistance in managing both compliance and consumer satisfaction effectively and safely.
In recent years, many companies found themselves struggling to successfully share data while remaining compliant with the increasingly complicated network of global data privacy rules. But keeping up with the laws in one's own country is not enough – businesses need to comply with the ever-changing requirements across various geographies if they want to operate worldwide.
For this reason, Cybernews invited Dan Clarke, the President of Truyo, an automated tool and platform for privacy compliance, to talk about the data privacy trends, the challenges faced in the industry, and explore how AI can further support automation functionalities for privacy services.
Tell us how it all began. What was the idea behind Truyo?
I’m a former Intel executive and one day, when GDPR was on the horizon, I received a call from an Intel executive who runs the retail group. He was just learning about GDPR and asked if we’d be interested in doing a project related to this. At our company IntraEdge, we had primarily focused on security and compliance for big companies up to that point, so we weren’t sure about venturing into this sector. But then, not long after that call, I had a privacy issue with some of my personal data in which another company refused to remove my information because it was in their terms and conditions. That ignited my passion for privacy law and the consumer's right to their own data. Needless to say, we decided to explore this joint project with Intel.
As we began to investigate this with Intel, we found that many US companies were very unprepared for the privacy laws that were pending. Initially, we were just going to develop a compliance platform for them because there wasn’t anything available in the US at that time, and certainly nothing with a high degree of automation. But as we got deeper into the project, we realized the entire marketplace needed technology like this. That’s how Truyo came into the light, which is a joint development between our company IntraEdge and Intel.
Can you tell us a little bit about what you do? What are the main challenges you help navigate?
Truyo is an automated tool and platform for privacy compliance. We’re a full end-to-end solution. It’s a true touchless automated approach to the fulfillment of access requests: requests for information, which typically requires manually going to various systems like your CRM, and point of sale to collect all of the data. It’s a very time-intensive process. With Truyo, we assemble that in an automated way. We’ve since carried this automation over to impact assessments, data mapping, vendor management, and risk assessment and management. It’s a very comprehensive platform, but we started with a foundation of integrations and a high degree of automation. We’re helping organizations keep up with the privacy landscape and fulfill requests in an automated way.
The most important thing a company can do is practice true transparency with their customers. Be transparent about the information you store about them and what you do with it. Before GDPR, you didn’t have to disclose that. But transparency gives the customer choices. They get to decide if the service they are receiving is worth the exchange of their personal data – and that goes a long way in establishing trust.
At the root of all this, and what’s behind the scenes, are data maps. These are critical for businesses that collect data – and almost every business does. Data maps are the most important elements of a governance and privacy program. If you’re trying to do the right thing, it’s very hard to do that if you don’t know what data you’re collecting, how it’s being used, and where it’s being stored. The company needs to know that. That data map will be at the heart of so much of your work, and it becomes particularly important in incident response. In the event of a breach, you have to know what data was compromised and where it went. This is also becoming very important for cyber insurance underwriters.
How did the recent global events affect your field of work?
With much of the world moving more to digital over the last couple of years, not only has it created a massive amount of content, but consumers also have started to become more aware of, and discretionary about, who they share their information with and how it’s being used.
At the same time, more states have introduced their privacy legislation and this has lit a fire under businesses to start developing their governance and privacy programs. As a result, Truyo has become an important part of the organizational technology stack.
What risks can customers be exposed to if a company they trust struggles to ensure compliance?
While no organization is 100% immune to a cyber attack or a breach when they struggle to maintain compliance, they not only expand their risk exposure but also make it harder to recover from an incident. Before technology like Truyo existed, this was arguably a very challenging thing to keep up with especially for companies that didn’t have a privacy team. But now, there are cost-effective tools that can do all of the heavy-lifting and automatically run risk assessments to help keep the organization compliant.
One big issue we’ve seen is that many companies don’t realize how much of hidden data they have in the company. This is because data that exists in structured environments, like CRMs and other databases, is relatively easy to locate and account for. But the data footprint extends well beyond those structured databases. It also lives in places like customer service chat logs, internal emails, reports and presentations, internal messaging forums, and the list goes on. This is known as unstructured data and it is commonly overlooked by organizations.
This is one reason we partnered with Egnyte, a cloud content governance solution. With the combination of Truyo and Egnyte, companies can identify and account for all of their data, even content in “hidden” data stores.
What data privacy issues would you like to see solved in the next few years?
Many states are introducing their privacy legislation, however, it would be great to see something at the federal level. It’s going to become a big challenge for organizations with interstate operations to keep up with the various nuances of each state’s privacy law. In addition, we would love to see the new trans-Atlantic dataflow framework agreement to replace Privacy Shield that was reached in principle last week become finalized.
What security tools or practices do you think everyone should adopt to protect their privacy online?
From the organizational standpoint, a data map, as I mentioned, is foundational and should be at the heart of any privacy and governance program. Without this, it’s hard to build a sound program. Additionally, with so many organizations struggling to secure cybersecurity insurance or even have their policies renewed, they have to be as prepared as possible. Insurance underwriters want to see a comprehensive data map. It’s becoming table stakes.
For consumers – understand your rights. Companies have to disclose what information they have on you and how it’s being used. And you have every right to request that information and request that it be deleted.
Would you like to share what the future holds for Truyo?
Over the years, we’ve developed Truyo into a full end-to-end privacy compliance solution. We’re going to continue making upgrades to the platform and exploring how AI can further support the automation functionality. We’re also expanding our partnership with Egnyte so organizations can really get a full picture of their data across the structured and unstructured landscape.