The privacy regulatory landscape is constantly evolving. Laws and regulations are being implemented and updated at an unprecedented pace. Privacy laws have been around for decades but in recent years they have developed with increasing specificity particularly as it relates to data subject rights.

Vendors recognize the increased specificity in the privacy environment and have boosted the development of Privacy Enhancing Technologies (PETs). In the Spring of 2020, the IAPP released its fourth annual Privacy Tech Vendor Report. This report contained 343 tech vendors while the original 2017 report only contained 44. We at Advyz, tend to categorize PETs into 4 broad categories.

Image 1: Categories of Privacy Enhancing Technologies (PETs)

To date, most PETs are focused on companies. However, there is a recent rise in technologies aimed at protecting consumers and helping them exercise their rights. Data subject rights include the right of access, rectification, deletion, restriction, portability, opt out against automated decision making, and privacy right of action.

Image 2: Consumer Oriented PETs Help Individuals Control the Use of their Data

The combination of regulatory requirements for data subject rights, increasing consumer awareness, and increasing availability of consumer-oriented privacy technologies is resulting in an increased burden on companies. Being prepared to act on these requests is the new norm, requiring formality of diligence, process, and oversight, in order to decrease organizations’ risks and demonstrate defensibility should a regulator come knocking on your door. If you don’t have a team specifically trained to respond and execute the requirements of data subject rights your company is at risk for a regulatory miss, which can result in financial and/or reputational harm.

To learn more or speak to an Advyz Cyber Risk Services data privacy expert, email us at advyz@entisys360.com or call (877) ENTISYS.

Definitions:

PETs –  Privacy-Enhancing Technologies, Privacy Engineering Technologies, or Privacy Enabling Technologies

These are technologies (hardware or software solutions) designed to extract data value to unleash its full commercial, scientific, and social potential without risking the privacy and security of this information. PETs have been defined as a coherent system of information and communication technologies (ICT) measures. These measures protect privacy by eliminating or reducing personal data or by preventing unnecessary and/or undesired processing of personal data. This is accomplished without losing the functionality of the data system.

IAPP – International Association of Privacy Professionals.