amassed information about their own people, he says.
“There’s still a cultural stigma to it,” Hayes says.
While IDA finds that big companies such as Facebook are well-prepared for GDPR, Hayes says most of its guidance discussions on the new regulations are with “newer, less mature” companies.
A cruise around the privacy-related business landscape in the United States illustrates the variety of companies vying to help clients cope with the intensifying regulatory environment.
The Bay Area hosts a sizeable cluster of companies either focused primarily on data privacy work, or including it among its offerings in cybersecurity and other core functions. They include the San Francisco startup Privacera, founded in 2016, which maps and monitors the flow of sensitive information through a customer’s network; and TrustArc, which adds to those mapping functions an array of other services including website scanning, risk assessment for compliance with GDPR and other government regulations, the management of cross-border data transfers, ad-compliance features, and mechanisms for user consent to allow cookies on their devices.
Sunnyvale, CA-based cybersecurity company Proofpoint has long had a presence in the privacy field, starting with its e-mail privacy protections, says Ryan Kalember, a cybersecurity strategy leader at Proofpoint. The company’s scope on the privacy front now extends to tracking sensitive data in client data centers as well as data captured by Web-based software, and helping clients conform to standards set by GDPR, HIPAA, COPPA, and other regulations.
“While we don’t disclose our revenue for privacy specifically, it is a meaningful contributor to our archiving/privacy/governance segment, which represented 23 percent of our Q4 2017 revenue ($145.4 million),” Kalember says. “We see the movement of data from on-premises into the cloud as being a significant driver of future opportunities.”
Among the specialized Bay Area privacy companies are Wickr, which operates a secure messaging system for companies, and CipherCloud, which concentrates on the movement of sensitive information from client networks into the Web-based storage and software environment.
A U.S. privacy tech mini-tour
Other companies in Xconomy’s coverage areas that are part of the privacy tech and services sector are:
—Cambridge, MA-based Resilient Systems, which was acquired by IBM Security in 2016, specializes in helping companies respond to data breaches and other incidents. The unit, now named IBM Resilient, has incorporated GDPR’s guidelines into its incident response platform to prepare clients to quickly make the required breach notifications.
—Seattle-based Integris Software is a startup founded in 2016 to focus on privacy compliance by mapping the data held by clients, and automating record-keeping to conform to GDPR standards. Its early investors include Madrona Venture Group, Amplify Partners, Ignition Partners, Keeler Investments, Antecedent VC, and Sian Ventures.
—New York risk assessment firm Security Scorecard, founded in 2013, rates companies and their vendors for their strength in cybersecurity protections, and also for their compliance with GDPR and other privacy regulations.
—Cary, NC-based SAS had its origins in a North Carolina State University project to analyze agricultural research. Founded in 1976, it grew into a global business analytics software company with more than 14,000 employees and 2017 revenue of $3.24 billion. SAS now offers wide-ranging privacy services that map personal data across client networks and produce audit reports.
—Boulder, CO-based 3PHealth manages secure communications between patients and healthcare providers. It gives patients control over the personal information they submit, and how it is shared within the healthcare system.
—San Antonio, TX-based Vysk takes a hardware approach to securing the privacy of smartphone conversations. It sells a smartphone case that jams the phone’s internal microphone, routing speech instead through the microphone in the case. The audio is encrypted and transmitted through Vysk’s private network to the receiver of the call.
