Category Ketch

3 Reasons to Give Marketing a Voice in Your Privacy Program

CMOs own the customer experience, but too often they overlook the role privacy plays in building trust and brand loyalty. As a privacy professional, have you ever considered the role marketing stakeholders should play in your privacy program?

Research shows that when marketing gets involved in privacy strategy, there are positive outcomes across the business: from customer values, to brand differentiation, and even revenue growth. Rather than sit on the sidelines, CMOs belong at the table when privacy and compliance are discussed. 

Let’s look at three reasons why the marketing perspective is important to consider as part of a successful privacy program. 

Interested in a deep dive into this topic with marketing and privacy experts? Register for our February 3rd IAPP-hosted webinar: Marketing and Consumer Experience Perspectives to Enhance Your Privacy Program

1. Consumers value privacy; show them you do too

Today’s consumers are more enlightened than ever before. They consider the impact that manufacturing processes, source ingredients, hiring practices, and carbon footprints have on the world, and they favor brands that align with their values.

According to the Ipso Global Trends Report 2021, 70% of consumers in 25 countries say they prefer to purchase from brands that align with their values and priorities.

Research shows us that respect for privacy is one of those values. According to a 2021 KPMG survey of consumers:

  • 86% of the respondents say they’re growing more concerned about data privacy
  • 78% expressed fears about the amount of data being collected
  • 40% of the consumers don't trust companies to use their data ethically

A brand’s commitment to privacy should do more than meet the letter of the law; it should demonstrate to the consumer that the company sees privacy as a fundamental human right, and will treat all data shared accordingly.

2. Marketing data utilization is too big to ignore

Many ethical brands are committed to privacy - in principle. When it comes to real world implementation, complexity is the challenge.

The average brand has 30+ point solutions in their marketing and consumer experience tech stack. When a consumer updates his or her privacy preferences, the data in every one of those point solutions must be updated. If your brand does this manually, it takes a massive amount of effort. And mistakes and delays, which are unavoidable, send a message to the customer that your brand doesn’t value privacy.

As a privacy professional, you know how critical data control is to privacy. Without a thorough understanding of how your marketing department stores, transfers, and uses customer data, you have a gap in your privacy program. Forging a relationship with your marketing counterparts will get you closer to having a full understanding of your data systems. 

Still thinking about the manual data subject request process across all of those point systems? This is where Ketch’s Programmatic Privacy approach shines. When consumers express their privacy preferences, Ketch matches that user to the unique IDs assigned to them within each system. Then, using an API, Ketch updates each system automatically and in real time. 

From that point forward, each system will create a customer experience that fully complies with the individual user’s jurisdiction and preferences. That’s how brands can walk the privacy talk. 

3. Consumers reward brands that respect privacy with more business

Privacy has a real, beneficial effect on a brand’s bottom line. According to Gartner, “Rapidly maturing regulations and consumer desire to deal only with trustworthy businesses mean privacy materially affects financial results.” 

Gartner estimates that by 2023, brands that earn and maintain consumer trust will earn 30% more profits from their digital commerce revenue initiatives that their competitors. A commitment to privacy enables organizations to participate in “50% more ecosystems to expand revenue generation opportunities.”

Given the revenue that’s at stake, every brand should view having a strong, public privacy stance as an opportunity to win consumer respect. Marketers can provide thought leadership input on how to translate your privacy program from an internal compliance necessity to a cornerstone of your brand’s consumer experience. 

Tune in on February 3rd for our webinar with IAPP, Forrester, & UM Worldwide

I’m excited to moderate an IAPP-Hosted Webinar, Marketing and Consumer Experience Perspectives to Enhance Your Privacy Program, where we’ll discuss these topics even further. I will be joined by Arielle Garcia, Chief Privacy Officer at UM Worldwide and Stephanie Liu, Privacy and Marketing Analyst from Forrester. Join us to hear even more about:

  • Understanding consumer privacy behaviors and what it means to “humanize” the privacy experience
  • How privacy decisions can affect the marketing tech stack, and how to collaborate with marketing teams
  • Building solutions that ensure data utilization and privacy compliance are compatible, including future-proofing your privacy program for AI and Automated Decision-Making initiatives

Registration is free, and I hope to see you there.

 Marketing & Consumer Experience Perspectives to Enhance Your Privacy Program

February 3, 2022

1:00pm ET/11:00am PT 

Register Here


Data Governance In Snowflake Gets Better with Ketch

Earning and maintaining customer trust in our data-driven and increasingly regulated world is a major challenge for B2C and B2B companies. Paramount to this challenge is maintaining compliance, governance, and privacy controls while using responsibly gathered data to grow your business. 

Privacy regulations were a governmental response to rising consumer awareness and alarm about how their data was collected and used without their knowledge or permission. At Ketch, we believe this privacy is an essential human right. At the same time, data collection is essential to business growth. The key is to create automated compliance guardrails within your data architecture. 

Why Ketch and Snowflake Together?

Privacy Controls and Governance for Data in Snowflake 

The integration between Snowflake and Ketch allows our joint customers to establish -- and proactively enforce -- critical governance policies that protect and secure the privacy of personal data stored within their Snowflake database. 

Wherever your data is stored, it requires visibility, control, and security. By combining Ketch and the Snowflake Data Cloud, you get the governance and security capabilities required to understand your data, comply with regulatory and corporate mandates, and collaborate with confidence inside your organization and beyond.’

Ketch and Snowflake is an ideal pairing of next-gen technologies to ensure companies can build value while honoring values

With Ketch and Snowflake, mutual customers can do more with data, while ensuring they meet growing expectations for data privacy and protection.

Three Steps to Responsible, Compliant Data Growth

So: how do you build the data assets you need for growth, while complying with privacy regulations, corporate ethics, and governance policy? Take these three critical steps to ensure you’re covered: 

  • Understand where and what types of data you have so that you can properly assess and control for corresponding risk.
  • Decide your policies for data governance and privacy compliance, including engaging consumers with transparency and control over how you’ll use their data.
  • Enforce those policies and controls across your data ecosystem, ensuring consumer privacy choices are respected everywhere.  

Let’s dive into each of these steps in detail, including how Ketch and Snowflake can help in the process.

1. Understand Your Data: Discovery, Classification and Access History

For many reasons -- including compliance with privacy regulations, data hygiene and security purposes -- companies need to first understand what types of sensitive and personal data they have, where that data is stored, and who accesses it. 

Data Discovery. The challenges with traditional data discovery is that it takes too long, involves manual effort or surveys, and is expensive. To address these challenges, Ketch provides scalable, safe and efficient data discovery that integrates with Snowflake seamlessly to unlock privacy and governance use cases, such as data subject rights fulfillment and access requests. 

Data Classification. Correctly classifying data as sensitive and personal is another challenge, especially doing so at a granular level. Ketch machine learning models read data and apply labels (e.g. social security number, address) and classification (e.g. personal or sensitive, demographic, behavioral), at a granular level, streamlining the entire process for companies.

Data Access History. An important part of protecting sensitive data is knowing who has access to it, and whether it has been moved from one database to another. Ketch's data-lineage reporting allows you to ask and document: who has accessed this data, and how was it used? We use Snowflake’s Access History capability to inform data lineage reporting in Ketch.



Ketch + Snowflake Features 


Classification / Tagging

Ketch makes it easier to know and control your data by applying business context, such as tags that identify data objects as sensitive and PII data. Ketch leverages Snowflake Object Tagging to persist inferred tags within Snowflake. 

  • Easily track sensitive and PII data at scale for reporting and access control
  • Flexible privilege management, supporting both centralized and decentralized tagging

Access History

Expanded Access History view helps you know your data end-to-end, from both external sources and as it flows within Snowflake, making compliance auditing easier and faster.

  • Quickly understand who accesses data to inform policy settings

2. Decide: Access & Security Controls for Sensitive & Personal Data

Customers, regulators and ethical companies alike are keen to ensure sensitive data is protected by security and access policies, and reflect the latest consent and permitted use from data subjects (a fancy, legalese name for “people”). 

Centralized Policy Setting. To meet this obligation, Ketch provides a user interface and policy center from which data governance and compliance teams define policies such as privacy, data security and access. Policy setting is centralized, but importantly, data stays decentralized. In other words, you make  your policy decisions in one place, Ketch, and control data wherever it lies,giving you flexibility and coordinated, programmatic control. 

Security Controls. For data in Snowflake, Ketch leverages Snowflake dynamic data masking functions for enforcement of security and governance policies, such as how data needs to appear, e.g. tokenized, masked, anonymized. 

Access Control. Of course, there’s no point in collecting and storing data in Snowflake if your analysts can’t efficiently and safely query it for insights. With Ketch you can define purpose based access for data in Snowflake, determining who can see data (and in which format) based on their specific task (e.g. analytics, marketing etc). 



Ketch + Snowflake Features


Dynamic Data Masking

A column-level security feature that uses masking policies to selectively mask plain-text data in tables and view columns at query time.

  • Simplify data management. No need to copy data sources for masked versions. If you don’t use Snowflake but want to migrate over, this feature will streamline the process
  • Easily scalable. Write a policy once and have it apply to thousands of columns across databases and schemas.

Granular Access Policies 

Allows you to control access to data using Snowflake’s fine-grained, content-based row access policies.

Row access policies allow you to consolidate data by controlling access dynamically based on specific user authorization

  • Easily manage access controls with centralized, flexible policies
  • Prevent secure view explosion i.e. creating and maintaining an ever growing number of secure views

3. Enforce: Privacy and Data Governance Controls in Snowflake


In addition to enforcing access and security controls on data in Snowflake, Ketch ensures that the specific rights provided to the consumer based on his or her jurisdiction are reflected and respected. 

For example, California consumer privacy law (CCPA) requires businesses to clearly provide data subjects an opportunity to, “limit the use of my sensitive data.” Once it’s much easier for consumers to opt out, we’ll likely see a spike in such requests, all of which must be enforced across internal and vendor data systems. (Wondering if you have to comply with CCPA? Check out our recent blog.)

When a consumer makes a “Do Not Sell” choice under California privacy law, Ketch orchestrates that choice to ensure that data in Snowflake isn’t used or processed for activities that contravene the Do Not Sell provisions. 

And that’s one law, but privacy regulations are cropping up all over the world. 

Governments are moving to expand and strengthen existing laws in order to provide their citizens with even more control over the collection and use of their data. For instance, the California Privacy Rights Act (CPRA) , broadens the definition of “sensitive personal information” to include, among other things, geo-location data, a data set marketers have used to target consumers for ages. 

Today, 16 countries have GDPR-like laws, and that number is growing each year. Within the U.S., three states have enacted such laws -- California, Colorado and Virginia. All but 15 states have consumer privacy bills working their way through their legislatures. 

Ketch provides the scalability and flexibility to quickly respond to new legislation, and ensure the downstream connectivity to systems like Snowflake continues to honor the latest state of compliance and consumer choice. Ensuring that you always deliver the privacy experience your customers expect.

Ensure Your Data In Snowflake Is Privacy Compliant with Ketch

At Ketch, we believe that granular control of data isn’t limiting; instead, it can create a framework for responsible data growth. With the right tools in place, you can: 

  • Build trust with consumers by providing transparency and control over how their data will be collected and used 
  • Instill confidence in your team and business, that they can honor privacy and governance choices across every touchpoint and data system
  • Provide privacy-safe methods to get the best use out of data to grow your business and, ultimately, provide your customers with better experiences.

Ketch can help you realize the full value of your investment in Snowflake. With Ketch, you can augment your Snowflake environment in many ways: 

  • Understand the breadth and depth of personal and sensitive data residing within Snowflake 
  • Protect data by establishing and proactively enforcing data governance policies that protect and secure the privacy of personal data in Snowflake and other data systems
  • Unlock data for analytics and AI purposes, and remain confident that you are in full compliance with all regulations and corporate data governance policy

Let’s meet so you can learn more.

Ketch Named Cool Vendor in Privacy 2021 by Gartner®


Ketch Named a Cool Vendor in Privacy by Gartner



SAN FRANCISCO, CA (November 10, 2021) Ketch, the next generation data control platform for privacy, governance and security, named a Gartner® Cool Vendor in Privacy[1]. Ketch provides granular control over protected consumer data, including data discovery and classification. Ketch also offers end-to-end privacy automation including data subject rights (DSR) fulfillment --ensuring people’s privacy preferences are fully honored across data ecosystems.


In evaluating vendors, Gartner notes that: “Digital transformations and continued adoption of cloud services mean that personal data is processed in more locations than ever. It is imperative that organizations automate data discovery and governance functionalities in order to better protect personal data throughout the data life cycle.”


To help with this challenge, Ketch automates the discovery of personal data across a company’s data systems, and uses machine learning to classify and label data (e.g. personal, sensitive, and social security number, address, etc.). Through a central policy center, Ketch customers can articulate and enforce policies for access, security and privacy on data wherever it lies.


“Companies need an automated, scalable way to discover, classify, and inventory data for their privacy and data governance programs,” explained Tom Chavez, Founder and CEO of Ketch. “We believe that Gartner nailed the challenge succinctly: it’s not feasible for any company to comply with globally expanding regulations with a manual approach. We built Ketch to provide a programmatic approach to privacy, to help companies respect and honor people’s privacy rights, while responsibly using data to grow.”


Gartner Disclaimer


GARTNER and COOL VENDORS are a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. Gartner does not endorse any vendor, product or service depicted in our research

publications, and does not advise technology users to select only those vendors with the

highest ratings or other designation. Gartner research publications consist of the

opinions of Gartner’s research organization and should not be construed as statements

of fact. Gartner disclaims all warranties, expressed or implied, with respect to this

research, including any warranties of merchantability or fitness for a particular purpose.


About Ketch

Ketch is the leading data control company for Programmatic Privacy™ and governance. The company was founded in 2020 by data management veterans and serial entrepreneurs who successfully built and scaled enterprise systems for world-leaders like Salesforce and Microsoft. Ketch’s ‘Deploy Once, Comply and Secure Everywhere’™ architecture delivers comprehensive data privacy, governance, and security to organizations seeking to protect data, build trust with consumers, and successfully compete in data-driven markets. Thanks to Ketch’s ability to dynamically adapt to the ever-changing legal landscape, customers can future-proof their businesses while cutting operational and privacy engineering costs by 80%. More information is available at




Bonnie Moss

Moss Networks



[1]  Gartner, “Cool Vendors in Privacy,” Bernard Woo, Bart Willemsen, Michael Hoeck, 21 October 2021.



Book A Meeting

Is Privacy Shield Required For GDPR?

In a ruling made by the European Court of Justice last year, the Privacy Shield policy between the United States and the European Union was nullified. The decision had farther-reaching consequences than most people expected, especially regarding data protection in Europe.

Understanding The EU-US Privacy Shield

Based on the regulations brought forth by the GDPR, only data transferred within the EEA (Norway, Iceland, and Lichtenstein) and the European Union was to be considered unproblematic. 

However, supposing personal data happened to be transferred to a third country, the GDPR requirements state that there should be a comparable level of data protection in the recipient country. 

This was known as the Privacy Shield statute. In more standard terms, it was an agreement between the EU and the US designed to ensure the enforcement of this new level of data protection and replace the Safe Harbor regulation that was in place earlier but had been invalidated. 

This meant that even without the Privacy Shield, one would be allowed to receive personal data from the EU without additional legal measures.

Transfer Of Data To Third Countries

When it comes to GDPR and marketing, the transfer of data to third countries can only occur under the following conditions:

  • The transfer has to take into consideration the EU adoptions made to serve as adequacy decision parameters for countries such as Canada, Israel, Switzerland, Japan, Uruguay, Argentina, Faroe Islands, Isle of Man, Andorra, and New Zealand.
  • There has to be the presence of a legally binding agreement between authorities similar to the now invalid EU-US Privacy Shield.
  • There has to be a set of binding data protection rules and regulations within one or more companies.
  • One has to apply the standard data protection clause adopted by the commission, which aligns with the examination procedures referred to in Article 93 (2).
  • Adopt the code of conduct recommended by the supervisory authority.

One of the main advantages of the Privacy Shield was that it worked like an adequacy decision parameter. This meant that businesses could process the data without any more legal hurdles.

What Invalidating The EU-US Privacy Shield Meant

The decisions made by the European Court of Justice impacted various sectors of the marketing world, in particular, the internet. A wide range of online platforms such as Facebook, Twitter, Youtube, Google Maps, Social Plugin, and Google Analytics were all under US companies that had adopted the Privacy Shield.

If e-commerce website users implemented these new parameters, then data transfer to the USA could be possible. By nullifying the Privacy Shield, using e-services is no longer regulated by the privacy treaty that existed between the EU and the US.

Some Of The Alternatives To The Privacy Shield

If a destination country doesn’t have the right level of data protection, then any transfer of information has to be legitimized using other relevant safeguards. If the data subject gives their consent, then the transfer is possible. 

However, it is essential to state that the permission needs to be understandable, voluntary, and revocable. This means that it is not enough to inform the subject about data transfer in your privacy policy. 

They have to be provided with all the relevant information, and consent must be given before any transfer takes place. Data privacy software might be helpful in this regard.


Operating a website without any external content is next to impossible in today’s highly competitive market. However, to comply with the GDPR, it is a must that websites legitimize all their data transfer. 

Ever since the nullification of the Privacy Shield policy, it has become a necessity for businesses and marketing departments to align with the requirements.

How To Add Cookie Messages To Your Website

Data privacy laws such as Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have made it obligatory for websites—at least those that do business in Europe and the United States and collect information from customers in these areas—to have a cookie message on their homepage. 

But what is it, and how do you add it to a website?

Adding cookie messages to a website is much simpler nowadays, thanks to website plug-ins and data privacy services that allow you to customize your cookie message’s text, appearance, and options, on top of ensuring that it’s compliant with relevant laws. 

You can also add cookie messages by building your own script that lets it pop up as soon as a user visits your site.

What Is A Cookie Message?

A cookie message is a pop-up or banner that appears on your website during a user’s first visit. It communicates your website’s use of cookies and gives people the option to opt-in or opt-out of the use of cookies. 

Cookie messages also usually link to a businesses’ privacy policy, where the consumer rights established by data privacy laws are listed. Follow the link to an article that addresses the question: How often should a privacy policy be updated?

What Should A Cookie Message Include?

To ensure that people’s data privacy rights are upheld, a cookie message should contain:

  • an explanation of the purpose of website cookies
  • the option to opt-in or opt-out from the use of cookies
  • a link to a cookie policy, privacy policy, or website cookie details 

A cookie message can also expand to include customization options, where users can choose which category of cookies they want to allow, e.g. just necessary cookies and marketing cookies, only preference cookies, etc.

Why Does A Website Need A Cookie Message?

Cookies are packets of data that computers receive and send to track users’ information. They’re generally harmless; website developers use them to create a more personalized and intuitive online experience, while business owners use them to get to know their customers better.

However, since cookies contain personal information, they are a potential risk to individuals’ privacy. So data privacy laws require businesses to either obtain consent before using cookies or at least inform consumers about how cookies collect and use their information. 

Businesses can do this using a cookie message that immediately appears as soon as a person arrives at their website, ensuring that consent is obtained before that consumer uses the site.

How To Add A Cookie Message To A Website

To add a cookie message to your website, you can ask a website developer to create a script for your website, use built-in plug-ins (for websites that use development platforms or hosts like WordPress or Squarespace), or add tools from data privacy services. In case you want to know how to block cookies before consent, follow the link to that information.

Built-in Script

If you have an in-house website developer, you can create a built-in script for a cookie message that fits your website. This is a good option if you’d like to have a pop-up or banner that’s cohesive with the general style of your platform. Just make sure that it includes all the necessary details and the opt-in/opt-out choices that comply with data privacy regulations.

Website Plug-ins

Most website development sites and hosting services have created plug-ins that you can add to your website straight from the platform. Wix, for example, has a cookie banner that you can enable and customize on your website—without any complicated codes or scripts from your end. 

Data Privacy Services

Data privacy services can usually hook your website up with a cookie message through ready-made scripts or widgets that you can just add to your website. The advantage of these is that you’re 100% sure that your cookie message is compliant with any international and local data privacy laws.


Adding a cooking message to your website ensures that you are doing your part to follow data privacy laws, essentially upholding people’s data privacy rights. Not all websites need to comply with regulations like the GDPR and the CCPA. But seeing as many international markets are putting value on data privacy, it’s good practice for all businesses to conform to these laws as soon as they can.

How To Block Cookies Before Consent

For data privacy laws to be effective, businesses must comply with regulations that ensure the safety of people’s personal information. This starts with obtaining consent from visitors to your website or app to collect, store, or manage their data. 

Website cookies can complicate this, though, since some of them are set into motion even before getting permission from a consumer. 

That said, there are ways to block cookies before consent is requested, either by turning cookies off completely, hard-coding your website to control cookies, or using data privacy services that help you manage how cookies behave on your website.

Another step you need to take at the same time is to add a cookie message to a website or app, but that topic is addressed in another article.

What Are Cookies?

Cookies are files of data that computers receive and send to track users’ information and activity. It’s an essential component of web browsing; developers use it to create a better online experience and advertisers use it to infer consumer preferences for more effective marketing

Generally, cookies are harmless. But depending on the type and amount of data harvested from a consumer, they can pose a risk to privacy. 

Cookies can be used to track a person without their consent—or worse, to steal sensitive information such as ID and financial details. The California Consumer Privacy Act (CCPA) is very clear on the types of personal data that should be protected. 

It might be a good idea to check the CCPA’s personal information guidelines since additional states are expected to pass similar laws in the future. Businesses must pay attention to how cookies behave on their websites, and it seems wise to not only comply with current privacy laws but to also be prepared for future legislation ahead of time.

What Is Prior Consent?

Prior consent refers to the act of obtaining consent from a person before allowing any cookies into their device except those needed for the website to function. This means that you have to prevent cookies (or any other online tracking devices) from collecting personal data until a user agrees to that collection.

Why Do I Need To Get Prior Consent?

Some data privacy laws such as the General Data Protection Regulation (GDPR) deem it illegal for businesses to process personal information before getting consent from a consumer to do so. So websites aren’t allowed to set any data collecting processes (such as cookies) in motion without prior consent.

How To Block Cookies Before Consent

A website that blocks cookies before consent contains scripts in their source code that prevent any cookies from being placed in a user’s device to collect their personal information until after the user explicitly agrees to it. 

There are three basic ways to ensure that your website is compliant with this part of the data privacy laws:

Turn Off All Cookies

One way to make sure users’ personal information isn't collected without their permission is to stop all tracking tools completely—basically, turning off all cookies.

But while this method is easy, it robs your website of any cool features and widgets. It also prevents you from getting insights into who your customers are.

Hard-Code Your Website

Website developers can hard-code sites to have full control over how cookies are placed in users’ devices. They can identify the cookies and create scripts to block them before obtaining consent from users. 

That said, this can be a difficult task, especially since it involves pinpointing multiple trackers and possibly making individual scripts for each one.

Use Ketch 

With the Ketch experience server, you can consolidate and customize consent requirements into customized privacy experiences-  all with a few clicks. No hard coding or data collection blocking workarounds required. 

All you have to do is add the Ketch tag to your website; then you can begin to customize cookie preferences and how you obtain consent from users. Learn more here.

What Is Personal Information Under The CCPA?

The California Consumer Privacy Act (CCPA) was enacted to provide California consumers more control over the personal information that businesses collect about them. But what exactly is included in the scope of “personal information?” Under the CCPA, personal information includes basic details like names, addresses, and government information such as driver’s licenses and social security numbers. It also extends to data that consumers aren’t even aware of that businesses collect such as browsing history, biometrics, and even data on a consumer’s interaction with websites and platforms that they’ve visited. 

What Is The CCPA?

The CCPA is a data privacy law that secures the right for California consumers to protect their personal information, including:

  • The right to know what personal information a business collects, uses, and shares or sells
  • The right to delete personal information collected by businesses (with some exceptions)
  • The right to opt-out of the sale of personal information
  • The right to non-discrimination for exercising the rights established by the CCPA

For-profit businesses that conduct operations in California or fit the criteria set by the CCPA are required to comply with the law by being transparent about their data practices and providing consumers channels to opt out of data collection or request access to the data collected from them. If you’re wondering: how to block cookies before consent, follow the link for an answer.

What Is Considered Personal Information Under The CCPA?

According to the CCPA, personal information refers to “information that identifies, relates to, or could reasonably be linked with” a consumer or their household. 

The term is broad in order to encompass all the data that is currently being collected through different tracking practices and other information that businesses may begin to collect in the future, given the ever-evolving digital landscape.

Personal information, then, includes:

  • names - full names, aliases
  • addresses - postal address, email address
    • financial information - credit card numbers, bank details
    • government information - social security numbers, passport information
  • commercial information - personal property, purchase or service history
  • professional data - job history, employment details
  • education-related information - educational history, student data
  • geo-location - I.P. address, device location
    • biometric data - fingerprints, medical data
    • browsing activity - search history, website interactions
  • inferred profile - inferences that could point to consumer behavior and preferences

What Is Not Considered Personal Information Under The CCPA?

The CCPA doesn’t include publicly available information such as that from federal, state, or local government records (e.g. professional licenses, real estate, etc.) in the category of personal information.

One option to manage the information your business collects from site or app visitors to ensure compliance with all applicable laws and regulations is to use a data privacy tool—essentially a piece of software that helps your company avoid all the repercussions of breaking the law, however unintentionally.

How Does The CCPA Protect Personal Information?

The CCPA protects the personal information of California consumers by requiring businesses to incorporate transparency measures so people can control how their data is collected, stored, used, and shared or sold.

Some requirements set by the CCPA include adding a “Do Not Sell My Personal Information” link on their website’s homepage that lets consumers opt-out of the sale of their personal data, obtaining consent from minors or their parents, and providing channels for consumers to request access to their data. Businesses must also update their privacy policies to include details of the CCPA, specifically the rights consumers are afforded by the law.

Most of the changes brought about by the CCPA affect how businesses operate, especially concerning data collection and the use of it, e.g. for marketing, ad targeting, etc. The best way for companies to play it safe—and prevent having to pay steep fines—is to be transparent about their data practices, pinpointing exactly how consumers’ personal information is used for profit. By the way, if you are required to get permission from site visitors to use cookies, it will be necessary to learn how to block cookies before consent is given.


Since the CCPA was enacted to help consumers protect their personal information, it’s important to know what kind of information is covered by this legislation. 

The following data is covered by the CCPA: names, addresses, finances, government issued ID (social security number/passport information), purchase history (goods and services), profession, education and so on. Publicly available information such as real estate owned or professional licenses are not protected by the law.

The law requires enterprises doing business with California residents to be very transparent about what information they collect and how they use it. Individuals in this state have the right to prevent any business from selling their personal information collected online to another business.

Qonsent Officially Launches as The First Data Privacy Consent Solution for Both Consumers and Brands

Seasoned C-level Media & Tech executives form next-generation privacy & consent engagement platform, partner with Ketch and other industry leaders to reshape data privacy landscape

NEW YORK—September 30, 2021—Qonsent, the first data privacy enablement and engagement platform built for consumers, enables brands to build a trusted and ethical relationship with consumers by creating a new set of data permissioning tools. As part of this suite of solutions, the team is also announcing two significant partnerships—with Ketch, the leading platform for programmatic privacy, governance, and security, and a pending partnership with TransUnion, a global consumer information and insights company.  

“TransUnion has enabled businesses and consumers to transact with trust for over fifty years. We look forward to be able to support Qonsent’s push to provide transparency and control for consumers in where and how their data is used,” said Frans Vermeulen VP Market Development Media & Entertainment Vertical at TransUnion.

A recent eMarketer report illustrates growing concerns with data privacy “...concurrent forces have now reached an inflection point, making privacy a competitive differentiator. Shifts in the market demand from privacy, consumer norms, regulations, and product design suggest that the time has come for technology companies to actually make progress in building consumer trust and differentiating on privacy practices.” The report goes on to highlight that nearly nine out of 10 consumers care about their data privacy and that three out of 10 consumers worldwide have switched providers due to concerns with those companies' data policies or data-sharing practices. More recently, there have been various state governments such as California and Colorado, (with all states starting to follow suit) working to push through legislation that addresses the issue of brands gaining first-person direct consent to use consumer data. All of these things illustrate a chaotic fragmented approach.

“There’s no doubt that new laws were put in place to allow consumers to understand how their personal information is being used, but despite laws moving the control back to the consumers, there are no tools for consumers to take advantage of these laws,” said Jesse Redniss, CEO & Co-Founder, Qonsent. “While others may have tried to address these concerns over the years, it became abundantly clear to us that there is still a large divide and lack of understanding of what’s doable. With new laws becoming effective imminently, our technology agnostic solution will provide brands with the least disruptive approach to rebuilding their first party data relationship with consumers through their existing marketing practices and technology.”

In addition to the solution’s availability starting in November, the company is announcing two crucial partnerships that allow for the two-way connection (platform) between brands and consumers to understand exactly how brands collect, store, and utilize consumer data. The SmartQontract from Qonsent, powered by the dynamic ledger created with Ketch, gives consumers a new level of control over their personal identifiable information (PII) data shared with brands while benefiting from clearly stated terms of data use. Additionally, brands will leverage the Qonsent real-time ID validation enabled by TransUnion. By developing integrations with Ketch and TransUnion the Qonsent team is underpinning its offering with crucial real-time automated capabilities to not only ensure all brands are staying compliant with the latest data privacy laws but ensuring an explicit first-person, frictionless, real-time match. 

Consumers are expecting brands to be open and transparent about their data practices and honor their privacy choices. At Ketch our platform offers a rich set of APIs and enabling infrastructure to unlock transparent privacy experiences.” said Tom Chavez, CEO and Co-Founder of Ketch. “By partnering with Qonsent our combined approach ensures the power is squarely back in the consumers hands, while providing better privacy tools for brands.”

The Qonsent product encompasses a back-end data privacy platform, B2B services, and a consumer app that will be familiar to consumers as it looks and feels like a traditional wallet app. Additional ways for brands and publishers to use the solution, include:

  • Qonsent-in API embed creator—enabling developers to implement dynamic data privacy solutions directly into their offerings at the moment of value exchange. 
  • SmartQontract composer—allows consumers to understand what they are agreeing to in plain language terms and creates a 2-way agreement and record of each Consent election. With our partners at Ketch, these terms sit on a Ledger to govern usage and access.
  • Real-time ID Validation and match linking—with TransUnion’s Identity Graph integration, Qonsent ensures explicit first-person, real-time ID verification.
  • Resolution manager—highlighting disparities and suggesting actions.

The solution is also easy to integrate and deploy with current popular SaaS platforms like Salesforce, Snowflake, Oracle, Adobe, and Amazon Web Services to provide a turn-key solution for marketers. 

About Qonsent

Qonsent was founded in 2021 by leading visionaries from media, marketing, technology, legal, and security industries to build tools that enable consumers to manage and control their personal information as they interact with companies that want to use that data. The services offered by the company encompass both B2B services and consumer-facing solutions, including Qonsent-in API embed creator, SmartQontract, real-time ID validation and match linking, a resolution manager and a Qonsent consumer wallet. Qonsent’s platform can bridge the gaps in the current industry offerings for brands, advertisers, publishers, enterprises, and consumers to solve the data privacy issue in a holistic manner.

About TransUnion (NYSE: TRU)

TransUnion is a global information and insights company that makes trust possible in the modern economy. We do this by providing a comprehensive picture of each person so they can be reliably and safely represented in the marketplace. As a result, businesses and consumers can transact with confidence and achieve great things. We call this Information for Good.®

A leading presence in more than 30 countries across five continents, TransUnion provides solutions that help create economic opportunity, great experiences, and personal empowerment for hundreds of millions of people.

About Ketch

Ketch is the leading data control company for Programmatic Privacy™ and governance. The company was founded in 2020 by data management veterans and serial entrepreneurs who successfully built and scaled enterprise systems for world-leaders like Salesforce and Microsoft. Ketch’s ‘Deploy Once, Comply and Secure Everywhere’™ architecture delivers comprehensive data privacy, governance, and security to organizations seeking to protect data, build trust with consumers, and successfully compete in data-driven markets. Thanks to Ketch’s ability to dynamically adapt to the ever-changing legal landscape, customers can future-proof their businesses while cutting operational and privacy engineering costs by 80%. More information is available at

Ketch Secures $20 Million in Series A1 Funding, Accelerating its Rapid Growth

Data privacy and compliance startup to focus on growth of the industry-leading data control platform for Programmatic Privacy, governance and security 

SAN FRANCISCO, CA (September 20, 2021) Ketch, the next generation data control platform for privacy, governance and security, today announced it has closed on a Series A1 funding round, raising $20 million. This is a follow-up to a series A funding round that closed in March of this year, bringing the total of its series A investment to a significant $43 million.

The round was led by Acrew Capital with participation from CRV, super{set}, Ridge Ventures, and Silicon Valley Bank, and will be used to continue Ketch’s rapid growth by expanding its sales and go-to-market teams to address unprecedented market demand.

“We want to help all companies, regardless of size or location, understand that they can still use data to grow their business and respect the data privacy of their prospects and customers,” explained Tom Chavez, CEO and Co-Founder of Ketch.

Ketch has revolutionized the market by introducing a data control platform for Programmatic Privacy™, governance and security. The platform automates and orchestrates data control and consent management, ensuring that each consumer’s privacy preferences are honored and implemented automatically across every touchpoint. 

Earlier this summer, Ketch introduced Ketch OTC, an easy and free-to-use privacy solution that streamlines all aspects of privacy and enables enterprises to build trust, conquer complexity, and ensure the success of their compliance programs. 

Ketch’s customer base has grown by more than 300% since its March Series A announcement, a key indication of the intense need for solutions to streamline privacy compliance. Ketch helps companies overcome a myriad of privacy and data governance challenges: for example, Sixth Street chose Ketch’s data control platform to accelerate adoption of new technologies like Snowflake by unifying data governance and access control; Smartsheet and Prestige Consumer Healthcare rely on Ketch to automate their consent management and data subject request fulfillment processes. 

“Different enterprises have different needs, but what all of our customers understand is that there is an essential imperative to respect data privacy and data dignity. They grasp that it’s possible to build value while honoring values, and are committed to the systemic pursuit of compliance and growth,” said Mr. Chavez. 

About Ketch 

Ketch is the leading data control company for Programmatic Privacy™  and governance. The company was founded in 2020 by data management veterans and serial entrepreneurs who successfully built and scaled enterprise systems for world-leaders like Salesforce and Microsoft. Ketch’s ‘Deploy Once, Comply and Secure Everywhere’™ architecture delivers comprehensive data privacy, governance, and security to organizations seeking to protect data, build trust with consumers, and successfully compete in data-driven markets. Thanks to Ketch’s ability to dynamically adapt to the ever-changing legal landscape, customers can future-proof their businesses while cutting operational and privacy engineering costs by 80%. More information is available at

Interact With Ketch

* Visit our website
* Follow us on twitter
* Connect with us on LinkedIn
*Try Ketch Free: Ketch OTC







What Size Of Companies Are Affected By GDPR?

The General Data Protection Regulation, abbreviated to GDPR, came into effect in 2018 and has since changed the way businesses handle customer data. 

Although an EU directive, GDPR affects any company, large or small, that sells its products and services to the European market. 

Regardless of the size, your business must be GDPR compliant if you want to avoid hefty fines, stretching well over $24 million! To find out exactly what happens if you break GDPR laws, follow the link. Google was fined roughly $57 million by the French data protection authority back in 2020 for failing to meet GDPR requirements.

The Extent Of GDPR  

GDPR is a strict data privacy policy designed to protect European Union citizens’ personal data.  

It also limits how much customer information is accessible by business organizations. The aim is to give people more control over their personal information and force companies to handle information in ways that allow individuals to easily exercise that control. 

This regulation extends far beyond the European borders and affects businesses worldwide. Just after its introduction, most companies made efforts to reform their privacy policies to be GDPR compliant. 

You would be wrong to think your company is not subject to the GDPR if it wasn't established in the EU. Furthermore, it doesn't matter whether the data processing takes place inside or outside the EU. 

If your company collects information from anyone in the EU by any means, you're bound by the GDPR rules, no matter where you are located. 

Any company that targets EU citizens with its marketing campaigns, accepts payments in Euros, and/or has European employees also falls under GDPR guidelines. 

What Size Companies Are Affected By GDPR?

It's essential to know if your company is affected by GDPR. Running your business without giving a second thought to its regulations is like an open invitation to fines, and they will come knocking pretty soon! 

As a rule, any company with over 250 employees must be GDPR compliant. They must also hire a data protection officer to keep records of the data processing activities engaged in by the business. 

So, if your company has fewer employees, you may not have to be GDPR compliant. However, that only applies if your company doesn't process data from EU citizens regularly. 

Large-scale companies regularly venture into the international market and, of course, the European market. They sell their products and services to EU citizens and, in doing so, collect data from them for various purposes such as target marketing.

In addition to that, these companies often employ European citizens. So, it's a given that GDPR applies to them, and they must comply with GDPR regulations. 

On the other hand, small companies may also engage in international trading, which binds them to GDPR. Even if you've got a local US-based company and most of your customers are US citizens, chances are you've got a website that is accessible to European citizens. 

This makes your company subject to the GDPR. So, always be careful how you collect data! Now, it's considered good practice to make your company GDPR compliant even if you've got a small business. 

If you haven't done it yet, this is as good a time as any to change your privacy policies to make sure your business is run according to the law and the fines are kept at bay. A good place to begin is with the seven data protection principles of GDPR. Another good move might be to look into a data privacy compliance tool.

Final Words  

GDPR indeed makes the business world a bit more challenging, but we can't deny the opportunities it brings.  

Adhering to the strict rules and regulations of GDPR shows that a company values individual privacy. It helps to build deeper trust with visitors and a better reputation generally. 

So, if you've got a company, make sure it is GDPR compliant—not just to avoid fines but also to respect  people’s privacy.