Category Ketch

4 Ways to Optimize 3rd Party Libraries

Web performance is an often overlooked metric of a company's website. It’s pushed to the back of the queue in preference of a site's look, layout and theme. While these areas of a site are important aspects of your visitors' experience, a poor loading and performing website will cause them to leave your site before it’s loaded. This means all the time and effort spent on crafting a great and compelling user experience was for naught.

According to a study conducted by Google in 2017as page load time goes from 1 second to 3 seconds the probability of a user navigating away increases 32%. The performance of your site ensures visitors get to go through the finely crafted experience teams have spent many hours creating.

If you’re a 3rd party SaaS provider, performance is more important. Businesses want to use your service, but if it’s the cause of performance issues on their site, they will be looking to replace your service as soon as they can. 

At Ketch, one of our top priorities is to ensure our libraries are as optimized as they can be for performance. 

Here are 4 ways we use, and so can you, to optimize our libraries to ensure they don’t hinder the loading and performance of our customers' websites and applications.


Use async/defer

If at all possible you should design your library to be loaded asynchronously, rather than synchronously. This is to allow page rendering to occur while the library is being downloaded, unlike synchronous scripts which stop page rendering until the script is downloaded, parsed, and executed. 

Synchronous script execution

You can utilize the `async` or `defer` attributes to instruct the browser to continue parsing the HTML while the scripts are downloaded.

While both the `async` and `defer` attributes tell the browser to download while the page is being rendered, the point at which the downloaded script is executed is where they differ.

The `async` attribute tells the browser to execute the script the first chance it gets after it has been downloaded, but before the `load` event is fired.

Asynchronous script execution

The ‘defer’ attribute tells the browser to execute the script after the HTML has finished parsing, but before the `DOMContentLoaded` event is fired.

Defer script execution


Remove unused code


Room with many stacked arm chairs on one side

Photo by v2osk on Unsplash   

To optimize the loading of your library you will probably run it through a bundling process to reduce the number of round trips to the server. Bundling combines your code files and their dependencies into a single file. 

What we tend to forget is that we rarely use all of the functions available within our dependencies, which come along for the ride during the bundling process. This can lead to an unnecessarily large file to download. 

To reduce this file size, implement a tree shaking process to remove all the code not being used.

Tree shaking looks at the bundled file and attempts to determine which code paths are not called and remove them from the final output.

Note: Tree shaking can have unintended side effects if it is too aggressive in removing what it thinks is unused code. This can cause unintended side-effects or broken logic on your page. You need to thoroughly test your page with the tree shaken file.


Break larger JavaScript files into multiple, smaller logical files


Lego Star Wars Stormtrooper being pulled apart by Darth Vader

Photo by Daniel Cheung on Unsplash

Above we talked about the bundling process, which combines your code and its dependencies into a single file to reduce the need for multiples to the server. Sometimes we don’t need all the functionality immediately upon page load. 

For instance, there may be function calls that require a user to press a button before it’s activated. This code can be separated into another file to be downloaded, or deferred, after the page’s HTML has been parsed. 

Use a Content Delivery Network

World globe with several destinations marked

People illustrations by Storyset

With all the previous optimizations implemented, you may think you’ve done all you can to increase your page’s performance, but visitors to your customers site are not created equal, at least in the case of location.

The further the visitor is away from your web server's physical location, and the speed of the network they’re connected to, affect how long it will take for their device to download your library.

While the previous optimizations will help tremendously with how long a library takes to download, this will move the files closer to the visitor. This can be accomplished by utilizing a content delivery network (CDN), like Fastly, Akamai, or Cloudflare.

The CDN does not replace the need for a web server, but allows caching of a site’s content at strategic locations around the world. This caching closes the distance between your library and the visitor viewing your customers page, decreasing the download time.



As a library creator, your responsibility doesn’t stop at getting the code working as expected. How it loads and affects the page on which it's executed is just as important. 

At Ketch we are continually monitoring and improving the performance of our libraries utilizing the tips above, ensuring we are never a hindrance to a customer’s site. 

Optimizing your library will show customers you care just as much about their site’s performance as they do.

Prestige Consumer Healthcare Selects Ketch As Its Programmatic Privacy Vendor of Choice


Prestige Consumer Healthcare will leverage Ketch to deliver on global data privacy compliance

SAN FRANCISCO, CA, August 11, 2021 – Prestige Consumer Healthcare (PCH) chooses Ketch to empower their privacy initiatives. Ketch nimbly implements global privacy requirements in real-time.

PCH is a US company that markets and distributes over-the-counter health and personal care products, including Dramamine® and Clear Eyes®. For generations, PCH’s trusted brands have helped consumers care for themselves and their loved ones. It is the company’s mission to preserve consumer trust by continuing to provide products stewarded with consumers’ needs in mind. To this point, trust is one of PCH’s core business values.

PCH wanted to strike the balance of leveraging data for growth while protecting and preserving the ‘data dignity’ of its consumers. To best serve this purpose, PCH chose to leverage Ketch to help deliver the right privacy experience at the right time, while ensuring a stringent standard of consumer trust and data protection. With Ketch’s first-to-market purpose-driven approach, Ketch will deliver on continued global data privacy compliance, allowing PCH to scale its brands for growth that is not sacrificed at the expense of robust global data privacy compliance.

PCH also selected Ketch for its groundbreaking orchestration capabilities. With Ketch, PCH can honor consumer consent and data requests no matter what channel or device its consumers use to interact with PCH brands. Ketch can also tether the firing of tags of services like LinkedIn or Facebook to PCH’s consumers’ consent options, for a seamless and continual consumer opt-out compliance. PCH’s leverage of Ketch’s consent and rights orchestration allows for real-time privacy legal and regulatory compliance while ensuring seamless enforcement of consumer privacy choices across the company’s global internal and external third-party systems, fostering the PCH core business value of trust.

"We're excited to partner with leading, innovative companies like PCH, who embrace people's data privacy, while maintaining the opportunity for data-driven growth – building value while honoring values,” commented Jonathan Joseph, Head of Solutions, Ketch.

About Prestige Consumer Healthcare Inc.

Prestige Consumer Healthcare is a leading consumer healthcare products company with sales throughout the U.S. and Canada, Australia, and in certain other international markets. The Company’s diverse portfolio of brands include Monistat® and Summer’s Eve® women's health products, BC® and Goody's® pain relievers, Clear Eyes® and TheraTears® eye care products, DenTek® specialty oral care products, Dramamine® motion sickness treatments, Fleet® enemas and glycerin suppositories, Chloraseptic® and Luden's® sore throat treatments and drops, Compound W® wart treatments, Little Remedies® pediatric over-the-counter products, Boudreaux’s Butt Paste® diaper rash ointments, Nix® lice treatment, Debrox® earwax remover, Gaviscon® antacid in Canada, and Hydralyte® rehydration products and the Fess® line of nasal and sinus care products in Australia. Visit the Company's website at


About Ketch

Ketch is the leading data control company for programmatic privacy and governance. The company was founded in 2020 by data management veterans and serial entrepreneurs who successfully built and scaled enterprise systems for world-leaders like Salesforce and Microsoft. Ketch’s ‘Deploy Once, Comply and Secure Everywhere’™ architecture delivers comprehensive data privacy, governance, and security to organizations seeking to protect data, build trust with consumers, and successfully compete in data-driven markets. Thanks to Ketch’s ability to dynamically adapt to the ever-changing legal landscape, customers can future-proof their businesses while cutting operational and privacy engineering costs by 80%. More information is available at

Interact with Ketch

Ketch Expands Go-To-Market Leadership Team; Appoints Three New Executives to Drive Growth

SAN FRANCISCO, CA — (August 5, 2021) Ketch, the next generation data privacy and governance platform announced the appointment of Alysa Hutnik as Chief Privacy and Data Security Advisor, Jim Wangler as the company’s Head of Revenue, and Michele Davolos as the company’s Head of Product Marketing. 

“With these skilled privacy, sales, and marketing leaders on board, we are ready to help every business build trust with consumers and put their data to work responsibly,” said Tom Chavez, CEO and Co-Founder at Ketch. “We are building the future of Ethical Tech, and I’m thrilled to welcome these new additions to the team as we head into our next phase of growth.” 

Chief Privacy and Data Security Advisor working with Ketch to ensure its solutions are designed to address the complexity of privacy and compliance regulations

Hutnik, a data privacy law luminary and partner at Kelley Drye, brings over 20 years of experience advising companies on practical privacy compliance and defending companies before the FTC and state attorneys general. At Ketch, she brings that real-world perspective to help ensure that Ketch’s platform is responsive to the privacy pain points faced by mid-size and enterprise customers and is designed to meaningfully automate compliance tasks, including as new laws are added to the books. A top priority for Hutnik will be helping Ketch enable companies’ ability to future-proof their privacy program with Ketch’s Deploy Once, Secure and Comply Everywhere Platform. 

Head of Revenue to scale company into next phase of growth

Wangler joins Ketch with a proven track record of driving exponential growth at early stage startups. Jim will be responsible for all revenue growth strategy and will be rapidly expanding Ketch’s global sales team to meet increasing customer demand. 

In his prior role as VP of Sales at Onfido, he grew North American Sales 15x over a two year period.  A serial entrepreneur and sales leader, he has spent the last decade building teams that create sustainable and scalable revenue growth. 

Head of Product Marketing to build a world class marketing program

Davolos, a product and marketing veteran from Salesforce, joins Ketch to lead product marketing and help businesses unlock the value of their data responsibly. Michele will play an integral role in defining the company’s marketing and business strategies. She is joining at a critical time to help define and amplify Ketch’s platform message for data privacy, governance, and technology as a force for good. 

Prior to Ketch, Davolos held various leadership positions in sales, product development, and marketing at Demandware and Salesforce Commerce Cloud, the market leading enterprise commerce platform. Salesforce acquired Demandware in 2016 for $2.8 billion.

Interact With Ketch


About Ketch

Founded in 2020 by data management veterans and serial entrepreneurs who’ve successfully built and scaled enterprise systems for the world’s largest companies like Salesforce and Microsoft, Ketch helps businesses build trust with consumers while controlling and harnessing data to fuel core operations and top-line growth. By maintaining dynamic data compliance with fast-shifting national and state regulations, Ketch’s customers cut their operational and privacy engineering costs by 80% and enjoy compliance with all data regulations, now and in the future. Ketch’s deploy-once, comply-everywhere architecture delivers comprehensive data privacy, governance, and security for large and medium-sized businesses seeking to protect data, build trust with consumers, and compete successfully in data-driven markets. More information at

The Privacy Opportunity Blog Post Series: Part 1

Right about now brands are panicking that digital advertising as they know it will come to a screeching halt. Consumers want the big tech companies to stop monitoring their every move and selling their behavioral data to advertisers, and the regulators seem to be on their side.

But we, at Ketch, don’t see the rise of privacy as an existential threat to digital advertising. Rather, we see privacy as an opportunity to demonstrate responsible stewardship of personal data in every interaction across every jurisdiction. This is big. To understand just how important that is, we need to understand the extent to which the consumer’s data dignity has been violated.

Many in the ad-tech industry participated in this violation without realizing the harm inflicted. In the heady days of data-driven marketing, our collective goal was to present relevant ads to consumers, to the benefit of consumers, advertisers and publishers alike.

In hindsight, the ensuing consumer rebellion was inevitable. This blog post series, based on Ketch’s Privacy Primer, looks at:

  • The conditions that led to the privacy rebellion
  • Government, Activists & Litigants: The Web of Players That Shaped Modern Data Privacy 
  • The Gorillas and Privacy
  • The implications of privacy for business, including the core complexities that must be overcome to make data compliance and growth compatible
  • A plan of action to begin solving for those challenges. 

Part 1: Surveillance Capitalism and the Consumer Rebellion

The Internet has always been based on a grand bargain: Advertisers will foot the bill for low-cost content and apps, but they want something valuable in turn, specifically new leads that turn into profitable customers. To deliver on that promise, an entire industry rose up to monitor consumer behavior on an epic scale, segment them on perceived interests and intent, and offer those insights to marketers for a price.

To Shoshana Zuboff, Harvard Business Professor and author of a groundbreaking book, The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power, this digital ad-tech ecosystem represented a grave threat to privacy and democracy itself. Her book shed light on the extent to which we everyday citizens are serveilled as we engage in activities for strictly social and personal reasons.

How We Got Here

According to Zuboff, surveillance capitalism started with Google and its goal to dominate the search engine market by serving up highly relevant results for every search query. Initially, Google’s intentions were honorable, or at least mutually beneficial. Google wanted its search engine to outperform all others, and to become, well, a verb. For their part, users wanted to see useful search results, meaning sites that offered the exact information they were after. By tracking the links its users clicked at scale, Google was able to predict user behavior (i.e. predict which site a user would visit) and optimize its search results based on those predictions.

But Google quickly realized it was sitting on an asset that could make it a lot of money, namely way more behavioral data than it needed to simply optimize its search results. That excess data, which Zuboff calls “behavioral surplus,” could be used to help advertisers improve their campaign returns for a hefty fee. That’s when the company began mining people data in earnest. It’s also when the egalitarian nature of the relationship ended. Google profited from consumers, but we got very little in return.

Zuboff describes how Google took pains to keep its surveillance empire away from public view, but those of us who worked in digital advertising were well aware of just how pervasive surveillance capitalism had become, even though we didn’t think of it in those terms. We called it data-driven marketing. 

Everybody sold people data. Companies like Experian, eXelate, BlueKai and many others vacuumed up great quantities of it -- financial, behavioral, purchase, demographic, psycho-demographic -- to create an endless array of audience segments for advertisers to purchase. The social media platforms joined in on the game, inviting advertisers to reach users based on hyper-specific criteria, such as interest, educational background, group affiliations and so much more, all while consumers assumed they were simply interacting with friends and family.

The reams of data the tech giants collected on us were mind-bogglingly large. By 2016, Facebook had 98 personal data points on each of its 2.2 billion users. Google collected enough data on an individual in one year that if printed and stacked, it would be taller than the Leaning Tower of Pisa (189 feet). 

For the most part, all of that data was collected without the consumer’s knowledge or consent, but that didn’t matter to the ad-tech industry. It was the age of data and data-driven marketing, and the ad-tech industry had a promise to keep: Enable brands to target the right user, at the right time, with the right message, in the right channel. But there was one “right” we didn’t consider: the consumer’s right to privacy.

Although consumers didn’t quite understand how their data was collected or by whom, the extent of the violation rankled, and they were angry. In 2007, Sean Lane purchased an engagement ring from Overstock, and planned to surprise his girlfriend with it, only Facebook’s Beacon feature jumped the gun, announcing his purchase in his news feed for all his connections to see. He, along with many others, hired attorneys and sued. In 2018, a federal judge approved a $9.5 million settlement against Facebook.

Soon a generation of activists and litigants rose up, and their efforts have literally transformed the privacy landscape, as we will discuss in our next blog series. Can’t wait to read about the web of players that shaped the privacy landscape? Download our free white paper, The Privacy Primer now.


Ketch Helps Businesses Accelerate Data Privacy Compliance With Complimentary Solution, Ketch OTC Free

Ketch OTC Free delivers comprehensive tools to help businesses respect consumers’ rights to privacy and data dignity

Ketch, the next generation data control platform for privacy, governance and security, is offering free solutions to help businesses struggling to comply with privacy regulations. 

With the launch of Ketch OTC Free, businesses receive a comprehensive and free-to-use privacy solution that streamlines all aspects of privacy and enables them to build trust, conquer complexity, and ensure the success of their compliance programs.

Ketch OTC Free offers integrated policy management, consent management across web and mobile, notice management, data-subject requests, identity management, and all of this across jurisdictions--at no cost to the business. 

Companies that use Ketch OTC Free will benefit from:

  • Future-proof data privacy compliance including GDPR, CCPA/CPRA, LGPD and others;
  • Pixel-perfect privacy banners to record consent, deliver notices and disclosures across web and mobile;
  • Flexible preference center for consumers to control their data and exercise their rights;
  • Quick deployments with configurable policy templates and privacy language.

“The days of businesses taking liberties with consumer data are over,” said Tom Chavez, Co-Founder and CEO of Ketch. “Over the past five years, we’ve seen too many privacy violations, too many businesses failing to safeguard and honor consumer privacy. It’s no surprise that people everywhere are rebelling against unauthorized tracking and selling of their data.” 

Many companies continue to struggle to meet privacy requirements, especially as more complex and restrictive policies are set into place. 

“We realized that we could advance the interests of consumers and businesses alike by removing all the obstacles,” explained Chavez. “That’s why we decided to offer Ketch OTC at no charge. Privacy shouldn’t be seen as a burden, but as an essential human right. We need to start viewing compliance as an opportunity to show consumers the respect they deserve.” 

Ketch OTC Free can be live in a lunch hour using quick-start policy and privacy templates, explicitly designed to help users who aren’t experts in privacy law configure and activate a comprehensive privacy framework for their business. Companies can sign up for Ketch OTC Free here.

About Ketch

Founded in 2020 by data management veterans and serial entrepreneurs who’ve successfully built and scaled enterprise systems for the world’s largest companies like Salesforce and Microsoft, Ketch helps businesses build trust with consumers while controlling and harnessing data to fuel core operations and top-line growth. By maintaining dynamic data compliance with fast-shifting national and state regulations, Ketch’s customers cut their operational and privacy engineering costs by 80% and enjoy compliance with all data regulations, now and in the future. Ketch’s deploy-once, comply-everywhere architecture delivers comprehensive data privacy, governance, and security for large and medium-sized businesses seeking to protect data, build trust with consumers, and compete successfully in data-driven markets. More information at

Mastering Data Control with Ketch

By now a lot of businesses are coming to a rather daunting realization: complying with GDPR, CCPA, the new Virginia law and the host of emerging privacy regulations is more complex than they bargained for. Let’s look at some of those complexities, along with the requirements for meeting them.

More Than Simple Consent

Both GDPR and CCPA grant citizens with their jurisdictions certain digital rights. GDPR lays out eight distinct rights to “data subjects,” including the right to be informed how their data is used, how you, the data processor is actually processing their data, the right to be forgotten, as well as the right to opt out of automated decisioning.

CCPA, meanwhile, grants California citizens five distinct rights, including the right to know what data is collected about them, the right to access that data, the right to say no to selling that data, as well as the right to be forgotten.

If you collect consumer data in any manner, you must ensure that your company and its ecosystem of vendors is capable of honoring every one of the rights to which that user is entitled. And you must be able to prove that you have honored their wishes.

The Many Faces of Me

Let’s say I decide to exercise my right to opt out of data collection or processing -- a decision I inform you of via your website, which I access from my office computer. The challenge is that my computer may not be the only way I interact with your brand. I may engage with your brand via email, my mobile device, smart TV and home computer, and I have the expectation that you will honor all of my rights across all of these channels and devices. 

To do that, you’ll need an identity resolution mechanism for matching my email address, IP address, and device IDs to me, and to ensure that my wishes are honored across every touchpoint

Your Vendor’s Keeper

In a very real sense, both GDPR and CCPA hold you accountable for the actions of your vendors. 

Under GDPR, you are responsible for your vendors when you’re the one who determines the “purposes and means” of processing the consumer data. In other words, if you opt to collect consumer data on website visitors so that you can retarget them at a later date, then you are responsible for ensuring that all of your vendors who aid in that retargeting initiative are fully compliant with GDPR.

CCPA leverages “agency law,” which essentially says that any agent who acts on your behalf is your responsibility. Like the GDPR, CCPA requires you to ensure that all third parties and service providers you engage must comply with a consumer’s privacy preferences.

Orchestrating Consent is No Simple Matter

By now you’re beginning to realize that consent in all its forms is no simple matter. Pierre Garnier in Paris may be okay with you collecting his data for advertising purposes, but object to you applying an algorithm for profiling purposes. Meanwhile Bob Barton in Palo Alto was once okay with you collecting his data, but now he wants you to stop, and to delete the data you have on him.

To meet these expectations, you’ll need to update both your own internal systems, as well as tell all of your vendors to do the same. Let’s say you receive an email from Bob regarding his desire to be forgotten. Now you need to send his erasure instructions to your CRM vendor, say Hubspot. But in order to execute that request, Hubspot needs Bob’s visitor ID -- the proprietary ID Hubspot had assigned to him, which isn’t included in his email form.

Now consider that you’ll face this dilemma with every vendor that may touch Bob’s (or Pierre’s) data in some way! And, you may implement Pierre’s wishes ASAP, but it may take your vendor a few days to figure out who he is in their system. The delay may anger Pierre to the point that he reports it as a violation to the regulator. 

To learn more about consent orchestration, click here.

Mastering Data Control

To thrive in this new era of privacy, you pretty much need a mastery of data control. The broad reach of personal data across business and partner systems demands data control that is:

  • Policy Driven: You need a privacy policy that is centrally controlled and that applies to all data systems that collect, store, access and use consumer data across your organization.
  • Transmissible: You need a way to communicate privacy instructions to all of your vendors.
  • Enforceable: It doesn’t just broadcast the privacy instruction, it enforces it in connected systems;  
  • Programmatic: It is automated in software, ideally via API’s; and,
  • Auditable: To comply with third-party verification or regulatory requests, past and present privacy instructions (including compliance or non-compliance by user, time, and system) are computable at any moment with instant lookback and total recall.

Fortunately, solutions like Ketch’s can help you achieve data mastery, and ensure that all of your customers’ privacy preferences are met. We’re happy to discuss your approach to data control, and ensure it is applied across every system that touches your customers’ data. To schedule some time with one of our data privacy experts, click here.

Make Sense of Privacy-Language with a Common Privacy Protocol

Today, there is no lingua franca for privacy. Yet, your customers’ privacy preferences must be respected in the systems of partners, service providers and other third parties that speak a different privacy language than your own, or that lack any language for privacy at all. Many businesses are constantly struggling to send and interpret signals related to privacy, calling to mind the Biblical story of the Tower of Babel, with all of its scattered groups speaking languages unrecognizable to the others.

When senders and receivers of privacy instructions (or, in the parlance of GDPR, controllers and processors) speak different privacy languages, miscommunication and failure to enforce privacy rights can result. Clear cross-system communication and coordination requires a common privacy protocol that translates privacy signals to and from third parties, whatever privacy language they speak. This protocol needs to be programmatic and automated, and should not demand IT’s time and labor for bespoke, manual fixes to ever-arising privacy mapping problems.

Tower of Babel

Most companies today demonstrate a level of privacy maturity or fluency placing them in one of three categories:

  • Privacy Infants: They don’t speak privacy. At Ketch, we’ve observed that over 90 percent of service providers cannot support privacy within their own systems. They lack any privacy language, let alone standards for cross-system coordination. It’s imperative that companies establish a way to translate privacy rules to those at this level in a way that ensures they are respected.
  • Colloquial Teens: They have a privacy language but speak a different dialect from the system sending or receiving the privacy instruction: privacy instructions must be translated

  • Eloquent Poets: They speak the same language as the system sending/receiving privacy signals, and as a result privacy communication flows unhindered between them. The processor can easily ‘catch’ what the controller pitched. Real-time privacy desires and prescriptions on data use are tightly coordinated and enforced across the data ecosystem.
Digital identifiers -- one major example of the different languages companies speak -- can vary from one company to another: an email address at one; a visitor ID at another; a proprietary identifier at a third. This is getting all the more confusing as the number of digital identifiers proliferates, and the Gorillas, like Apple and Facebook, build ever higher walled gardens.

A consumer’s privacy preferences have to map back to the same living breathing person, not an isolated digital identifier. With businesses speaking different dialects, it’s necessary to parse fragmented digital identifiers and send the one recognized by the partner or service provider for them to honor the request. However, dispatching engineers to develop bespoke mappings every time a new system or regulation comes online wastes time, misapplies IT manpower and is unsustainably costly.

Rosetta Stone

Businesses must re-tool to meet partners’ and service providers’ systems wherever they are on the maturity curve. A common privacy protocol enables businesses to communicate and coordinate with those speaking a different privacy language without the need for manual, bespoke mappings. This is a “Rosetta Stone” for privacy -- a programmatic rulebook for accurately translating signals, enabling the fulfillment of privacy requests across a company’s whole ecosystem.

There are three main elements of the Rosetta Stone, or common privacy protocol for clear communication and coordination with all types on the privacy-maturity curve.
  • Overlay: Businesses and service providers will agree on a protocol, akin to what HTTP3 is for the web, a foundation for the exchange of data privacy signals, enabling tightly coordinated communication between entities and applications.
  • Translate: For the few service providers that have privacy APIs but use a different protocol (for example, one system calls it “Behavioral Advertising,” another calls it “Personalization”), privacy terms and identities must be translated to bridge that communication barrier.
  • Materialize: To communicate with service providers without privacy specific interfaces, i.e. no privacy language, the software interfaces that already exist (e.g. Targeted Advertising or Analytics interfaces, known as APIs), must be repurposed to send and receive data privacy related signals and identities.

The result is seamless communication of privacy instructions for real-time fulfillment across every touchpoint, every consumer interaction and every jurisdiction. This builds and maintains customer trust and fuels value-driven initiatives by getting complete, up-to-date, responsibly-sourced data to sales and marketing, analytics, data science, HR and finance.

We’ve seen how new privacy legislation, like GDPR and CCPA, can raise tricky compliance challenges, and there will surely be additional new laws to come. One of the best ways for a company to respond is to cut complexity and simplify privacy orchestration and coordination so that its system is not overwhelmed by every new policy change. This can be achieved with the help of a common privacy protocol based on next-generation technology that enables granular data control and allows businesses to build programmatic and scalable privacy programs that compliance costs, respect data dignity, and responsibly leverage consumer data for growth.

To learn more about Ketch's innovative approach to privacy and how we can help your business navigate the ever evolving privacy landscape, check out our Privacy Orchestration white-paper here.

Privacy is a Team Sport: Successful Privacy Initiatives Require Meaningful Cross-Functional Collaboration

Privacy is a team sport requiring all hands -- marketing, legal, IT and HR -- on deck. It is not hard to see why. Adapting to the new privacy landscape -- with its complex new (and ever-changing) laws and consumers’ conflicting desires for both increased privacy and personalization -- requires a company-wide push. But successful collaboration to support a comprehensive privacy compliance program requires stakeholders to coordinate as a team. 

It is not productive when stakeholders do not share a common understanding of purpose and the tools to achieve that purpose. This misalignment can result in endless meetings, with compliance achieved slowly, at great cost, and easily undone by legal or policy changes. Ensuring that stakeholders clearly understand the privacy objectives, and the business and technical support necessary to achieve those objectives, removes friction and fosters high-level collaboration resulting not only in legal compliance but a competitive advantage through greater insights derived from responsibly-leveraged data. In this article, we’ll explain how to form a collaborative, value-driven privacy program and best practices to avoid the frustrating technical challenges too many companies struggle with today. 

First, realize that while diligent and highly aware legal policy owners are vital, successful engagements involve multiple stakeholders across the organization. Each department brings particular knowledge power to support a proactive privacy posture. 

Responsibilities and contributions of each department include:


  • Defining regulatory positioning and legal bases; balancing compliance and growth objectives while mitigating risks
  • Tracking and responding to ever changing privacy regimes (which can feel like a game of whack-a-mole) 
  • Drafting disclosures and notices (while maintaining brand integrity/on-brand voice) 


  • Influencing user experience 
  • Utilizing data from and for the consumer 
  • Expressing brand values; building trust and conveying transparency 

The marketing department is a translator between legal and the consumer. Privacy notices, disclosures and preference centers impact user experience and typically occur early in the buyer journey -- upon first visit to a website, for example. Their language, style and timing affect brand perception -- this is especially true where trust and transparency are core brand values. Marketing tunes these messages and builds them into a company’s branding to convey to consumers, with minimal interruption, that it respects their right to privacy. 


Privacy programs and policies aren’t documents that just sit on a shelf. Their purpose is to ensure consumer consent and rights are respected, and this requires orchestration across internal and external third-party data systems. Some of IT’s responsibilities include implementing technology that honors the promises made in privacy notices and consumer consent disclosures, as well as adapting website and mobile infrastructure to collect and process data in a compliant manner. Data monetization and data privacy are increasingly necessitating IT input as part of the overall collaborative effort with legal, marketing and business departments. The result: alignment between compliance and growth.

IT contributions typically include:

  • Handling systems complexity & managing consent across all systems 
  • Implementing changes based on new policies without breaking privacy architecture
  • Ensuring consumer privacy choices are respected across third-party systems
  • Managing cost; IT plays a significant role in reducing the cost of compliance by, for example, implementing programmatic versus manual approaches to rights fulfillment/consent orchestration, conserving time and labor resources

Human Resources

With the passage of the California Privacy Rights Act (CPRA), starting January 1, 2023, the CCPA employer exemption expires, granting employees in California the same rights that consumers have enjoyed since CCPA passed. This means businesses will need to have systems in place to:

  • Notify employees of their expanded rights
  • Fulfill employees’ access or deletion requests
  • Harmonize privacy rights with employment requirements

In addition, CPRA provides new rights to both consumers and employees, namely rights to correct personal information and to data minimization and retention limitations. California has been at the forefront of data privacy legislation in the US; others (Virginia, Colorado) have followed suit, and more will undoubtedly follow. 


True operationalization of privacy, not just the Hollywood facade, requires buy-in from all departments. Stakeholder collaboration, however, can become stymied without a clear understanding of the necessary legal, compliance, and technical requirements to fulfill the desired objectives. 

Using first-generation technologies for privacy compliance, which rely largely on manual and process-driven efforts, and which lack interoperability, triggers a repetitive cycle of small tech fixes to broad enterprise needs with every small business or legal change. Sophisticated, productive collaboration depends on unified technology that adapts easily to change, and is easy to understand, use and deploy by all relevant stakeholders. Programmatic privacy compliance that accounts for these needs is vital to competing in today’s market.

What is Privacy Orchestration?

or·ches·tra·tion | \ ˌȯr-kə-ˈstrā-shən noun 1. the planning or coordination of the elements of a situation to produce a desired effect 2. the arrangement or scoring of music for orchestral performance

It's no secret - every company that has adopted first-generation privacy tools knows how much work remains to operationalize their privacy initiatives in a cost-effective, policy-driven manner. While these first-generation solutions were great temporary fixes for pending regulations, the key to conquering complexity in privacy is to embrace new technology for data control. 

At Ketch, we refer to this technology as Privacy Orchestration. Check out the 10 points below to understand the what, why and how of this innovative new approach to privacy management.

  1. Privacy Orchestration is the ability to operationalize a company’s privacy posture across every touchpoint, every consumer interaction, every jurisdiction. As you can imagine, doing so requires deep capability in data management and control to navigate the complexities of today’s privacy landscape. 
  2. Jurisdictional complexity results from the growing and ever-changing set of rules and regulations, each with its own take on data privacy, emanating from new laws in a growing number of economically significant jurisdictions. Responding to it with incremental, legacy approaches is unscalable and costly. 
  3. Businesses can run, but can’t hide, from the challenge of fragmented digital identities when it comes to privacy. When a consumer expresses a preference in an email form, a mobile app, a website, or a phone, those expressions must be reconciled and mapped to a living, breathing person, not an isolated digital identifier. 
  4. Conquering the complexity of privacy orchestration across a multiplicity of systems requires mastery of the coordination, transmission, and enforcement of privacy instructions. 
  5. Building data control capability is critical for businesses for privacy compliance and to meet consumer expectations because businesses are responsible for protecting the data they collect even if—or perhaps especially when—they choose to share it with service providers. 
  6. Operationalizing privacy requires solving for the absence of a common privacy language i.e. the Tower of Babel problem—one compounded by a multiplicity of systems across which privacy must be respected. 
  7. Businesses must re-tool to meet their service providers systems wherever they are on the maturity curve today:
  8. Seamless communication of privacy instructions builds and maintains customer trust while ensuring scale, flexibility, and productivity for data-driven initiatives
  9. The key to conquering complexity in privacy is to embrace new technology for data control. 
  10. With granular data control, businesses can build programmatic and scalable privacy programs that collapse the costs of compliance, respect data dignity, and responsibly leverage data for growth.

To learn more about Privacy Orchestration, check out our most recent white-paper which explores our solution in depth. 

Privacy & Compliance News Roundup - June 2021

Welcome to the first installment of the Ketch news roundup, where we gather the latest and greatest data privacy and compliance information to share with you! This week, we have our eyes on the newly appointed head of the FTC Lina Kahn, and what her role means for the privacy space, Colorado’s comprehensive privacy legislation is awaiting the Governor’s signature, Florida has sent a new TCPA-style law to the governor for signature, and Senator Kristin Gillibrand's strengthened DPA proposal. 

Look out Big Tech: Lina Khan’s arrived
While FTC regulations are certainly a possibility, if history is any indication - the path towards any type of FTC owned regulation is long (FACTA rules on ID Theft and TSR come to mind) How many years have we been waiting for fed privacy legislation though? FTC regulations may take year(s), but at the end of the day that could be the shorter path. Our question is - will they still be relevant by the time they pass? Read the article

Colorado, Colorado, Colorado!
In case you hadn’t heard, the Colorado Senate recently voted to pass House amendments to their privacy bill. They’re currently waiting on an Exec. signature. Once that’s been signed, we can add Colorado privacy law to the roadmap list. If you haven’t already begun adjusting your privacy program to accommodate these types of rapid changes - give us a call.  Read the article

Florida’s new TCPA Law: consent required or risk a lawsuit
The Florida legislature recently passed legislation that significantly expands the state’s existing telemarketing laws. Most notably, the legislation adds a private cause of action for any violations of the Florida Do Not Call Act and requires prior express written consent for automated or prerecorded calls or texts (without defining what automated means). The law was recently sent to the Governor for signature, and if signed will go into effect on July 1, 2021. Read the article.

New Consumer Watchdog Agency?

Sen. Kristen Gillibrand, D-NY, recently released a new and improved draft of her Data Protection Act. The act motions to establish a new regulatory agency solely focused on enforcing federal privacy laws and addressing the growing data privacy crisis in America. Give the article a glance to understand the proposed improvements and the three core goals of the proposed agency. Read the article

New Adequacy Decisions for the UK
The UK has adopted two new adequacy decisions, one under GDPR and the other under the Law Enforcement Direction. What does this mean? “Personal data can now flow freely from the European Union to the United Kingdom where it benefits from an essentially equivalent level of protection to that guaranteed under EU law” says the European Commission in their press release. Read the article


Additional “News You Should Know” 

Interested in Privacy & Compliance? Schedule some time with our privacy experts to find out how Ketch is revolutionizing the space.