The International Association of Privacy Professionals (IAPP) has released its 2020 Privacy Tech Vendor report, reviewing key software solution vendors within the space. This year’s report highlighted the recent addition of Data Subject Request (DSR) to the feature categories.
This most recent iteration of the IAPP Tech Vendor Report chose to include the DSR category within its evaluated features as this continues to present significant obstacles for organizations in-scope of the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). Due to the complexity of taking on the DSR process as a manual task, especially for those organizations with large volumes of unstructured data, many key players in the privacy software space have opted to include it as a product feature, represented in 49 of the 304 total vendors assessed within the IAPP’s report. Although this feature provides an element of ease within the DSR steps, there still exist complications and nuances around elements of the DSR process. One key problematic area for organizations is in the identity verification step of the DSR, an area of focus that many key vendors have taken note of and promised to address through on-going feature improvements.
Source: IAPP Privacy Vendor Report
Privacy may no longer be center stage, but it isn’t dead yet. While privacy has taken a back seat during the flurry of activity that has followed in the wake of COVID-19, the IAPP’s annual Privacy Tech Vendor report provides valuable insight around the primary issues that organizations continue to face with respect to privacy regulation adherence. While the initial cost involved in acquiring an automated DSR software solution may seem difficult to justify, IT leaders must consider the implications of the following:
Though the introduction of solutions that support DSR responses is not a cure-all, it may well be the more viable and resource-realistic option for organizations processing large volumes of complex, unstructured data. It is advised that organizations consider the expanded feature sets of privacy software vendors and weigh the financial cost with the support of streamlined processes, specifically those pertaining to the DSRs, prior to making their final purchase decision.
The recent Schrems II invalidation of the EU-US Privacy Shield has added a layer of difficulty for organizations that operate across borders, as they now require additional contractual clauses and measures in place to ensure data can transfer freely. Privacy program management vendor Proteus-Cyber offers a streamlined solution with the release of its Transfer Impact Assessment tool.
By exploiting a five-year-old configuration error, a hacker was able to access Amazon’s S3 cloud storage buckets on which Twilio’s code was loaded. As a result, customers were able to unknowingly download the modified code for twenty-four hours.
Qualys VMDR and Ivanti have announced a new partnership dedicated to improving the detection and patching of vulnerabilities. Announced July 30, the Qualys and Ivanti Partnership have already gone live as an integrated component of the VMDR solution.
IBM is changing the terms of its ubiquitous Passport Advantage agreement to remove entitled discounts on over 5,000 on-premises software products, resulting in an immediate price increase for IBM Software & Support (S&S) across its vast customer landscape.
TrustArc is partnering with BigID to add protection of sensitive data to its roster of data privacy and compliance capabilities. The move closely follows a partnership announced by two other major players in the data privacy and governance space, OneTrust and Integris.
An acquisition borne out of its users’ primary needs, OneTrust’s recent integration with data discovery giant Integris optimally positions the privacy program management software vendor against competitors in the market.
RiskSense announced on July 13 its new version of the cloud-delivered RiskSense risk management platform. The main draw of the program is its holistic risk calculation across CVEs and CWEs.
Cyberthreats are omnipresent for any enterprise. Monitoring ingress and egress points while still conducting business is a balance security professionals attempt to strike. Couple this with the continued security issues around remote work during the pandemic, and security teams have their hands full.
Navigating the vendor risk management space, particularly in the current environment that consists of a mix of cloud, managed services, and critical supply chain, is key to ensuring that you don’t inadvertently introduce new risks through this dynamic channel.