Category Ketch

How to Shop for a Data Privacy Solution

Look for simplicity and elegance, not jargon and needless complexity. 

Data privacy doesn’t come cheap. Spending on data-privacy solutions at both small and large enterprises doubled in 2020, according to Cisco’s latest Benchmark Study, with organizations spending an average of $2.4 million to manage data-privacy issues.

The good news is that many organizations get excellent value for money: more than two-thirds of businesses say they get significant benefits from their data-privacy tools, and 35% of the 4,700 industry leaders polled by Cisco said their data-privacy solutions generated ROI equivalent to at least double their investment. 

On the other hand, not everyone’s happy: about a third of businesses didn’t get significant benefits from their tools, and 15% said they didn’t get enough ROI to justify the millions they’d spent building out their data-privacy infrastructure.

Clearly, when you’re spending serious money on data privacy, you need to do everything you can to maximize the return you get on your investment. So how can you optimize your procurement process to ensure you’re getting value for money?

1. Know what you’re using.

It’s always better to shop for software by weighing the product you’re eying against a specific alternative. If you’re already using a data-privacy solution, make sure you understand exactly how it works, and what its strengths and limitations are, so you can see where a new option succeeds or falls short.

Perhaps you’re using a cheap but inflexible cookie-based consent system, or perhaps you’ve adopted a third-party solution with its own strengths and limitations. Make sure you understand the way your current system addresses your specific use-case, and pay close attention to how well it copes with any new pain-points that may have emerged as your business has grown and regulations have evolved.

2. Know what you need.

The key to getting positive ROI from your data privacy solution is to keep its core functionality front-of-mind while you’re shopping. No matter how many bells and whistles a particular platform offers, its core task is to ensure you and your partners only use data in legal ways that align with your user’s expressed preferences. A tool that falls short on that basic metric won’t deliver positive ROI, no matter how many other features it has.

Once you’ve found a shortlist of solutions that meet your basic needs, start thinking about additional features that add value for your specific use-case. If a feature sounds cool but you can’t immediately see how you’d use it, it might not add much value for your team. That said, it’s also important to think about your future needs — a solution that offers flexible, futureproof functionality is likely to deliver ROI as your business grows.

3. Research the alternatives.

When doing due diligence, it’s important to look beyond the marketing materials provided by a software vendor, which are always going to show their product in the best possible light. User reviews on sites such as G2 offer unvarnished insights into how products perform in the real world, but bear in mind that while individual users know how their own solution works, they may not have experience using competing products. To get a broader perspective, it’s also useful to look for expert opinions, such as analysts’ briefings and market reports. 

Personal connections are also valuable as you’re shopping for software. Crack open your Rolodex and phone friends and colleagues who understand your company and your needs, or try quizzing your LinkedIn or Twitter followers to get product recommendations and warts-and-all stories about their company’s data-privacy solutions.

4. Avoid complexity.

When you’re trawling through jargon-filled corporate websites, it’s easy to start to feel overwhelmed. Many vendors serve up long laundry lists of features using highly technical language, and it’s tempting to simply assume that the companies with the longest and most complicated lists of features are offering a better product. That’s a mistake: instead of getting seduced by complexity, make sure you stay focused on the subset of features that add real value for your organization.

After all, while it’s true that ensuring data privacy can be a complex process, the solution you deploy needs to be elegant and effortless to use if it’s going to add lasting value for your organization. As with any other technology, the best data privacy tools are transparent and easy to understand, and don’t require you to dig through endless configuration tools and expensive optional add-ons in order to get the functionality you need. Simplicity, not complexity, is the key to generating real ROI.  

5. Remember who’s in charge.

Buying software can feel a bit like buying a car — the salesperson is going to do everything they can to get you to sign on the line, and it’s easy to forget that you’re the one who’s really in the driving seat. Don’t let your vendor obfuscate or hide behind jargon, and don’t let yourself get locked into an approach that isn’t right for you. Make sure you ask the questions you need to — and get answers to them! — in order to ensure you’re getting the right solution for your organization’s needs. 

The bottom line: you’re paying real money, and you deserve to get good value. If the vendor you’re working with can’t provide the solutions you need, then there are plenty of other options on the market that will deliver better value for your company.

It would be wonderful if you could buy enterprise software as easily and confidently as downloading a smartphone app. The reality, though, is that when it comes to data privacy the stakes are high, the problems are complex, and the solutions are both more expensive and more technologically advanced. That means there’s no alternative to doing careful due diligence, and putting in the time and effort required to ensure you’re picking a solution that will truly work for your organization.

At Ketch, we know just how much of a headache buying enterprise software can be — and we believe software buyers should never feel confused or out of their depth while making important decisions. That’s why we’ve got a team of dedicated specialists on hand who’ll discuss your needs, demo our data-privacy solutions, and make sure you’re able to make this important decision with absolute confidence. So get in touch today, and tell us about the problems you’re trying to solve. 

Data Privacy is Evolving. Are You Getting Left Behind?

Organizations shouldn’t settle for outdated data privacy solutions 

Data privacy is a big deal for modern enterprises, with 44% of CEOs now saying that data privacy policies are among their businesses’ top concerns. In the post-GDPR world, the regulatory landscape is growing increasingly far-reaching and complex: by 2023, it’s expected that 65% of the world’s population will be covered by modern privacy regulations, up from just 10% in 2020. 

Complying with all those rules isn’t cheap. By 2018, Fortune Global 500 companies had spent $7.8 billion preparing for GDPR. Three years later, the average cost of data privacy compliance for multinational corporations is still over $3.5 million per year. But despite these investments, people don’t feel more secure. In fact, almost half of Americans believe their data is less secure than it was five years ago, and 45% say they’ve been personally impacted by data breaches. 

What does this all mean for your business? Well, with regulators and consumers paying close attention, it means you need to put a tough, effective data-privacy solution in place. But the industry is constantly evolving, so the data-privacy tools that suited your business a year or two ago may not be the best solutions for the new regulatory and technological challenges you’re now facing. To keep your business and your customers safe, it’s essential to keep on evolving, and to ensure you’re using up-to-date tools that are optimized for your organization’s current needs. 

Has your tech stack gone stale?

Your data privacy solutions shouldn’t require constant attention and oversight — that’s why they’re called “solutions,” after all. But that doesn’t mean you can have a hands off approach to your data-privacy tech stack. No matter how good your privacy solution was when it was first implemented, time marches on. 

First-generation data privacy solutions took a formulaic, responsive approach: checklists, reflexive efforts to patch privacy gaps or compliance risks, and cookie-based quick fixes and were the order of the day. That was a necessary first step toward ensuring data privacy. But in today’s more complex and interconnected world, such tools can’t deliver the robust, flexible solutions needed to orchestrate rich, ever-changing consent signals seamlessly across organizations’ entire data ecosystems. 

Enterprises now operate across multiple jurisdictions, and need to manage consumers’ privacy across multiple domains, devices, and touchpoints. Customers’ privacy expectations must be honored across your organization, and also in downstream partners’ data systems — even if those systems weren’t built with privacy in mind. The data privacy challenges organizations now face have evolved significantly, and new solutions are needed to meet those challenges. 

Even if you’ve already built out your data privacy infrastructure, in other words, it’s worth taking some time to diagnose the gaps or shortcomings that may have emerged over time, and to ask whether newer technologies would be better suited to your needs. Now more than ever, the way you handle privacy speaks volumes about your brand, so it’s important to ensure you’re leveraging the latest innovations to deliver the best-in-class data privacy experience that consumers expect. 

It’s time for a checkup

How can you ensure you’re using the right privacy platform for your needs? It’s as simple as conducting a brief review process to clarify your current priorities, assess whether they’re still being met by your existing provider, and figure out whether other solutions would do a better job of meeting your needs. 

Think of it as the equivalent of going for a physical: set aside a bit of time each year for a tech review, and you can ensure your privacy infrastructure remains healthy, up to date, and able to withstand whatever challenges emerge over the following 12 months. 

What should you cover during this checkup? Well, the aim isn’t to run complicated pilot studies or to reinvent the wheel by rebuilding your data infrastructure from the ground up. Instead, you should simply aside some time to take the pulse of your existing solution, explore what else is out there, and make sure you’re using the best available tools for your specific use-case.

It’s worth asking, for instance, whether your existing solution can handle the full range of rules and regulations that affect your business — and those that could affect your business as it grows or enters new market sectors or jurisdictions. It’s also worth asking whether the tools you’re using are doing enough to ensure seamless, fully automated, and verifiable orchestration of data subject requests or consent signals across your entire ecosystem, including outside partners. And it’s always worth paying attention to the user experience: are you able to customize privacy messaging, styling, and timing to ensure your end-users have a pleasant and on-brand experience when using your site or service? 

These are just some starting points — check out the Ketch buyer’s guide for a full breakdown of the issues you should aim to address while reviewing your data privacy infrastructure. Bear in mind, too, that the best time to embark on this process is before you renew your vendor contract for another year. You wouldn’t sign a new contract without doing due diligence, and neither should you renew with an existing vendor without making sure it’s truly the right move for your business. 

Give Ketch a call

At Ketch, we know that in today’s increasingly complex and demanding world, enterprises can’t afford to compromise when it comes to managing data privacy. We’re also confident that our data privacy technologies are the best solution for virtually any use-case, and that our best-of-breed technology can measure up to anything else on the market. 

We think you’ll feel the same. That’s why we encourage you to consider your evolving needs, take a long, hard look at our competitors—and then reach out to Ketch. When you’re ready, our team will be standing by to help you analyze your needs, identify the data-privacy approach that’s right for you, and implement a resilient, best-in-class solution optimized for the unique needs of your organization.

What Kind of Data Privacy Solution is Right for You?

Finding the right privacy tech starts with asking the right questions.

To keep your organization’s data privacy solutions up to date in a rapidly changing world, it’s important to set aside time for regular reevaluations of your existing tech stack. No matter what industry you serve, regulations and technologies are always changing, so best practice is to schedule an annual checkup to ensure your current set-up is still delivering the optimal solution for your needs.

As part of that process, you’ll need to evaluate your existing data-privacy tools, and look at other offerings to make sure you’re using the solution that’s best for your business. First, though, you’ll need to take a look in the mirror — because you can’t figure out what’s right for your organization unless you know exactly how your organization currently handles data.

Effectively, this boils down to making sure you understand exactly what kinds of problems your data-privacy solution needs to be able to solve. That means looking at three key areas: your current data usage, the current and forthcoming regulations that affect your business, and the different stakeholders within your organization who will need to use your data privacy solutions.  

Understanding your data use

To get to grips with the way your organization currently uses data, you’ll need to understand the purposes for which your organization collects and processes data. Is your end-goal to create better analytics, to provide personalization, or something else entirely — and how is that intent reflected in the data-privacy infrastructure you’ve built?

Once you understand the end-goal of your organization’s data usage, you can start to explore the way that data flows through your organization, and the way that consent signals and data subject requests ripple through your ecosystem. Start by asking the simplest questions: how many people visit your website, what devices are they using, and where are they located? From there, you can move on to examine the way that your organization collects and processes consent signals and data subject requests, and inventory the systems you’re using to honor users’ preferences, permissions, and requests. 

You’ll need to look carefully at the internal systems your organization uses to manage data — but since data often flows beyond outward, beyond the borders of your organization, you’ll also need to look at your partners’ data processes. How are the consent and data requests you receive being propagated out to the partners who handle your data, and how are you verifying their compliance?

As you examine these factors, think about whether your existing infrastructure is aligned to your current needs. If your answers to the questions you’re asking have changed since you first built out your data-privacy infrastructure, you’ll need to carefully consider whether your existing tools are still meeting your needs as well as they should.

Understanding the rulebook

Once you’ve taken the pulse of your privacy operations, it’s time to look at the regulations to which you’re subject. The specific toolkit you need will vary depending on whether you’re trying to ensure compliance with the GDPR, the CCPA, or something else entirely. 

Make sure you pay attention to pending regulatory action, too, and also to your own strategic plans — if you’re preparing to move into a new market, you might find yourself subject to new rules. Your legal team should be able to tell you whether the rules have changed since your data privacy tools were first implemented, and whether any further changes are in the pipeline. Since many regulations are still evolving, your team’s interpretations of the rules may also have changed over time as new rulings are issued or new best practices are established. 

Given the rapid pace of regulatory change, most organizations find they’re better served by a dynamic and adaptable data-privacy solution, rather than a series of static point solutions for a specific body of regulations. Make sure you ask how flexible and futureproof your current system is, and whether it will be able to evolve and grow along with your business needs.

Understanding your internal teams

While the process of buying data-privacy systems is often driven by a single business unit, it’s important to bring all your organization’s different stakeholders into the review process. After all, if you ask an IT manager or your head of engineering what they want from a data privacy system, you’ll likely get a very different answer than if you ask your CISO, your legal team, or your sales and marketing division. 

Privacy is a team sport, and your goal should be to find a data-privacy solution that can address all the different interests and needs of teams across your organization. That’s especially important when it comes to balancing the priorities of teams that might seem to have conflicting needs or goals. Your solution shouldn’t empower your IT team at the expense of your legal team, for instance — it should give both teams the tools they need to work, both collaboratively and independently, toward their goals. 

The key is to understand each team’s needs and challenges, and to seek out a data privacy solution that gives every member of every team exactly what they need to do their job. Your solution should help to elegantly defuse tensions between business units, not exacerbate them or create new points of conflict.

Putting it all together

After going through this three-part diagnostic process, you’ll be left with a clear understanding of how your organization handles data, what rules it’s subject to, and which business units have a stake in the way data privacy is handled. Collectively, these represent your data privacy needs — and armed with these insights, you’re ready to go out into the data security marketplace and see which solutions can deliver the performance you require. 

We’ll cover that in our next blog post, but if you want to get the ball rolling right away, feel free to reach out. At Ketch, we believe that our job is to satisfy as many all three of these needs simultaneously — and we’re confident we can outperform any other data privacy tool currently on the market. Get in touch today to find out why, and to learn how our solution can deliver the performance your organization needs.

Treat People as People with Privacy-centric Identity Resolution

Privacy regulations address ‘Natural Persons’ but online, we’re a collection of fragmented digital identifiers

Businesses must be empowered to overcome the identity problem, that is, to see people for who they are, recognize them when their privacy wishes need to be honored, and do so across every touchpoint and system.

The challenge is that for most people, their online activity is fragmented across a number of digital identifiers, such as email addresses, mobile advertising IDs and browser IDs. 

Privacy regulations address personal data across digital and ‘pseudonymous’ identifiers, but the legal rights belong to citizens, individuals and ‘natural persons’. 

For example, GDPR applies to data on a ‘natural person’, but online, that data is associated with digital IDs – a natural person has the legal rights, but it could be a cookie or other digital ID with the personal data. It greatly benefits businesses to understand the connection between real people, and digital IDs, to know when they are dealing with Jane, and when they are not.  

Harmonizing all the online activity to a ‘natural person’ requires a privacy-positive approach to identity resolution. 

It’s about treating people as people

When Jane expresses a preference in an email form, a mobile app, a website, or a phone, those expressions must be reflected against the person, not an isolated digital identifier. To solve for this, consent provided by Jane on your mobile website or app, could be associated with the responsibly gathered IDs and devices connected to her, ensuring an efficient and optimized privacy experience.

Privacy-first identity resolution is an alternative to the God’s-eye view that utilizes third-party identity assets to reconcile every user -- which, of course, would be terrifying for privacy -- the objective must be to make it as easy as possible for people to express their privacy priorities and then leverage all the identity assets a company has responsibly gathered, without unduly burdening people with too many requests and extra hops and go-do’s.

Responsive Infrastructure for a Flickering Policy Regime

By 2023, 75% of the world will be subject to modern privacy regulations, according to Gartner. 

The United States is in the eye of the storm, where jurisdictional complexity in data privacy is rapidly reaching Category 5 intensity. In California there’s the CCPA and now the more draconian CPRA. Virginia has enacted a new data privacy law, which, of course, is not the same as California’s. To underscore the mounting complexity, New York is contemplating a law that has elements of affirmative/opt-”in” consent -- something present in neither Virginia nor California law

In addition to new sets of regulations, existing regulations are in flux. California’s move from CCPA to CPRA is instructive: CCPA was on the books for less than two years before its successor, CPRA, was enacted, and there: 

“the prospect of further rulemaking will make it hard for companies to take significant steps toward compliance, as the CCPA rulemaking experience has demonstrated the potential for rulemaking to create significant changes”.

Just as we have failed to develop coherent, unified regulations regarding climate change, migration, trade, and many other dynamic, cross-border phenomena, it is unlikely privacy regulations will congeal into a unified, global standard. 

As regulations and their interpretation evolve, keeping up with a flickering regulatory climate shouldn’t require expensive feats of engineering in support of ad-hoc compliance programs.

Playing whac-a-mole is not a viable or durable strategy for data privacy.

Compliance tools must provide the flexibility to respond to new and changing regulations, with the granularity to build tailored privacy programs across multiple regions, and the connectivity to data systems that ensures policy stances are realized and enacted, rather than lying inert in a document or privacy policy somewhere. 

At Ketch, a mastery of data control solves for jurisdictional complexity, and future proofs your business against the impending storm. Our Deploy-Once, Comply-Everywhere Policy Center leverages the building blocks of modern privacy, applied to granular data sets to provide the flexibility and adaptability to respond to new and shifting global regulations:

  • Individuals about whom you hold data -- who is it about
  • Categories or attributes of the data -- what is it
  • Uses, or purposes of data processing -- how can you use it
  • Legal basis for processing, by jurisdiction -- why you can use it based on where the individual is located

The leaders in the data privacy revolution are recognizing the rising urgency of data privacy and are re-tooling to meet it. They are adopting responsive and responsible infrastructure that future-proofs businesses against the constant flickering in privacy codes, regulations, and norms. 

Meet Ketch: Deploy-Once, Comply-Everywhere Data Privacy For the Enterprise Has Finally Arrived

If you’re past a certain age, you can remember back to the dawn of digital advertising. It was chaotic and inefficient: each banner ad was crafted like a piece of artisanal chocolate and hard-wired onto each web page manually by an HTML coder. It took years to evolve into the fully automated ad-serving platforms we all take for granted today, where anyone with a website who wants to participate in the ad-driven economy can “set it and forget it.”

Data privacy today is in the same primitive, manual stage that digital ads were all those years ago.  Companies think privacy is complicated to implement because there’s no technology yet to make it programmatic. 

This is the problem we set out to tackle when we launched Ketch. Today we’re thrilled to emerge from stealth and to introduce our tech- and values-driven tools to the world. 

Ketch automates data privacy and governance through a coordinated set of applications, infrastructure, and enabling API’s.

What makes us different from other data privacy and security companies is that we do the heavy lifting of enacting privacy “behind the screen.” We integrate consumer privacy preferences programmatically into internal systems and external platforms -- customer relationship management, e-commerce, martech, analytics, and more.

For the past several years, we’ve watched with frustration as the debate over data privacy too frequently devolved into a zero-sum tradeoff: capture and use data to grow, or respect privacy but suffer the competitive consequences. 

That choice seems crazy to us. Data compliance shouldn’t be a moral or operational dilemma. Sure it’s a challenge, but one that technology guided by clear principles and great architecture can solve.  

As we got to work solving this challenge, we built Ketch on two core beliefs.

First, privacy is an essential human right. On the heels of corporate data breaches and growing understanding of Big Tech’s disrespect of consumers’ data, citizens and governments demand that our right to privacy be honored, monitored, and enforced. 

Second, data is fuel for GDP and growth. As long as they follow the rules, businesses should be able to acquire and use data in above-board, ethical ways. 

We reject the Sophie’s Choice that suggests a company can capture and use data to grow, or sacrifice advantage from data to comply. We see too many businesses overwhelmed by the proliferation of data regulations and the armies of well-meaning privacy lawyers explaining them all, without any means for enacting them into their own data systems. 

As data management geeks, my team and I appreciate and understand the rules, but we decided it was time to build tools that respect the data rights of consumers and companies alike. We’re incredibly excited about how it turned out. 

My co-founder, Vivek Vaidya, and I have spent more than two decades building leading data platforms, including Krux, acquired by Salesforce, and Rapt, acquired by Microsoft. And we’re thrilled to have secured $23 million in Series A funding from super{set}, CRV, Acrew Capital, Ridge Ventures, and Silicon Valley Bank to help us and our team of DreamKetchers execute the sprawling vision and multi-year plan we’ve laid out for ourselves. 

Ketch is live with dozens of happy customers today, and we stand ready to help your business embed trust and privacy into your core operations while harnessing data to fuel top-line growth. If you’re a doer who wants to help the world move from rules to tools that respect our data dignity and you’re looking for a new company-building opportunity, give us a call.

Switchbit is now Ketch

The Switchbit team is driven by a belief in two key principles. First, privacy is an essential human right that all businesses should have the ability to respect and enforce. Second, data is property. Like land and other physical property, data must be protected and controlled according to the time, terms, and conditions of its owner’s choosing. 

We don't see a zero-sum world where consumer privacy is protected and businesses lose. We believe that both consumers and businesses can prosper together. We're determined to help businesses honor the data dignity of their customers, while also giving them the privacy and security tools that let them preserve and unlock the power of data for core operations and AI-enabled business processes.

Since our inception, we’ve been working hard to achieve the radical simplification of data privacy, which we believe is among the most critical imperatives facing our economy and our society. Undeniably, we are in the midst of the Data Rights Revolution.

As tends to be the case with revolutions, optimism and commitment are all mixed up with complexity and confusion. In our experience, most businesses want to embrace and implement a consumer-first privacy paradigm--the question is How to get there? 

We are committed to building powerful-but-simple infrastructure that guides our customers through the maze of laws and regulations, while at the same time recognizing and capitalizing on the opportunities along the way--opportunities hiding in plain sight.

Of course you need to achieve compliance and get the details right. But the companies that win this revolution will be those that go beyond, by creating privacy experiences that inspire customer satisfaction and trust. We help you imagine, design, and offer those experiences.

One of the many hurdles here is that the maze isn’t static. It changes as laws are born and evolve. All the energy you spent getting prepared for CCPA and GDPR? Congratulations! Your prize is…. CPRA and LGPD!. Data privacy is a dynamic challenge. That’s why we’re always focused on giving our customers a dynamic, deploy-once-comply-everywhere solution.

In this relentless pursuit of simplicity in the face of change, we’ll be with you every step of the way. And today, we’re practicing what we preach: We’ve decided our name adds more where less will do, and do better. Today, we’re saying goodbye to “Switchbit” and introducing you to “Ketch.” Strong and simple, just like our product and our mission. 

Ketch is blazing a path in the Data Rights Revolution. Join us in fighting for privacy as an essential human right, and data as property to be preserved and protected.

And if you don’t know, now you know.