Optimizing Privacy Management through Data Governance – Part IV: Supporting with Technology
Read "Optimizing Privacy Management through Data Governance – Part III: Maintaining Awareness".
Privacy management is a complex task requiring in-depth knowledge of data collection, processing, sharing, and regulatory requirements. As a result, the role of privacy professionals is becoming more common. A 2020 report by the International Association of Privacy Professionals (IAPP) shows that although the number of privacy professionals increases, most are working in larger organizations with significant budgets. The report findings include:
The majority of privacy professionals are engaged in companies with annual revenues over 1 Billion, and 80% are employed by companies with yearly revenues => 100 Million.
58% of privacy pros work in organizations with 5000 employees.
The average 2020 privacy spend for companies surveyed was $676K, with most spending on salaries and travel.
More than half of Privacy Leaders think their budget is not sufficient.
roughly half of the respondents were satisfied with program results.
The IAPP report did not include details on privacy program success or effectiveness; however, we have heard a consistent story from organizations that they are overwhelmed and don’t have the staff to keep up with privacy demand. There is technology available to resolve the challenges; however, according to TrustArc’s privacy report published in April of 2020, only 17% of those surveyed have implemented software to support their privacy programs.
This blog, the fourth in a series on optimizing privacy management through data governance, focuses on using technology to eliminate the level of effort required to perform privacy management activities.
Many activities required to manage personal data are tedious and time-consuming, but can be streamlined through automation. Over the past few years, several technology vendors have created software to reduce the effort required for these activities through innovative platforms to support data governance and privacy management. Figure 1 shows the four areas where technology can reduce manual effort and improve program effectiveness.
Figure 1: Technology categories
Organizations that leverage technology will focus valuable privacy professional effort on more complex tasks such as risk and impact assessments. They can use technology to improve program stability, ensure consistency and mitigate knowledge attrition. In the event of an investigation related to a breach or complaint, the investment in platforms to improve privacy management capabilities will reduce the severity of fines in a judgment against an organization.
Training and awareness technology: Organizations that leverage platforms to provide staff with dynamic privacy training modules will improve program effectiveness by arming their staff with important information related to their roles. Modern platforms include interactive modules and testing to measure understanding. Privacy leaders can access metrics on training completion, feedback, and testing status. Some vendors provide regional, language-specific, and role-based modules to capture differences across functions and geography.
Data discovery and cataloging technology: Privacy leaders depend on sustainable catalogs to track the existence, processing, and usage of personal data. Many organizations have too many information systems and processes for privacy professionals to inventory and classify, even with data stewards' assistance. To stay ahead of the data tidal wave, organizations need to embrace technology that can scan information systems for data, including personal data, and organize it using artificial intelligence (AI). AI-enabled catalog platforms will significantly reduce the level of effort required for privacy professionals to identify, tag, assess, and classify personal data. It is much easier to protect data that is organized strategically and consistently.
Data discovery and cataloging platforms are valuable in overall data governance. They should be managed by the governance team for use by privacy professionals and others.
Process automation technology: Organizations need to achieve agility in privacy management, or they will struggle. Lagging companies that depend on manual processes will find they are not able to scale to meet demand. As a result, they will not be able to avoid breaches or maintain compliance. Process automation can reduce the level of effort for privacy professionals in the three critical areas of risk management, consent management and data subject request management.
Organizations that embrace technology to automate workflows and prescribe actions using artificial intelligence will significantly reduce the demand for data governance and privacy professionals through agile and sustainable processes. Privacy professionals can allocate their time to more complex activities.
Data protection technology: Privacy professionals are heavily engaged in defining and auditing policies for data processing and access. Many organizations have decentralized their access administration and rights management environments due to the number and diversity of applications in use. Tracking the relationship between roles and data access has become highly complex, and almost impossible without investing in a rights management platform. Organizations that use technology in this area reduce operational overhead and reduce the level of effort for audit activities.
Summary. The complexity and demands of privacy management are steadily increasing. Companies can stay ahead of the curve by leveraging tools already used for data governance and leveraging technology. Companies that don't embrace technology to automate tasks when possible will struggle to meet their objectives.
References:
IAPP-FTI 2020 Privacy Report: https://iapp.org/resources/article/iapp-fti-consulting-privacy-governance-report-2020/
TrustArc Privacy Report: https://info.trustarc.com/Web-Resource-2020-06-16-Global-Privacy-Survey_LP.html