Category Privacy Tech

The Privacy Opportunity Blog Post Series: Part 1

Right about now brands are panicking that digital advertising as they know it will come to a screeching halt. Consumers want the big tech companies to stop monitoring their every move and selling their behavioral data to advertisers, and the regulators seem to be on their side.

But we, at Ketch, don’t see the rise of privacy as an existential threat to digital advertising. Rather, we see privacy as an opportunity to demonstrate responsible stewardship of personal data in every interaction across every jurisdiction. This is big. To understand just how important that is, we need to understand the extent to which the consumer’s data dignity has been violated.

Many in the ad-tech industry participated in this violation without realizing the harm inflicted. In the heady days of data-driven marketing, our collective goal was to present relevant ads to consumers, to the benefit of consumers, advertisers and publishers alike.

In hindsight, the ensuing consumer rebellion was inevitable. This blog post series, based on Ketch’s Privacy Primer, looks at:

  • The conditions that led to the privacy rebellion
  • Government, Activists & Litigants: The Web of Players That Shaped Modern Data Privacy 
  • The Gorillas and Privacy
  • The implications of privacy for business, including the core complexities that must be overcome to make data compliance and growth compatible
  • A plan of action to begin solving for those challenges. 

Part 1: Surveillance Capitalism and the Consumer Rebellion

The Internet has always been based on a grand bargain: Advertisers will foot the bill for low-cost content and apps, but they want something valuable in turn, specifically new leads that turn into profitable customers. To deliver on that promise, an entire industry rose up to monitor consumer behavior on an epic scale, segment them on perceived interests and intent, and offer those insights to marketers for a price.

To Shoshana Zuboff, Harvard Business Professor and author of a groundbreaking book, The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power, this digital ad-tech ecosystem represented a grave threat to privacy and democracy itself. Her book shed light on the extent to which we everyday citizens are serveilled as we engage in activities for strictly social and personal reasons.

How We Got Here

According to Zuboff, surveillance capitalism started with Google and its goal to dominate the search engine market by serving up highly relevant results for every search query. Initially, Google’s intentions were honorable, or at least mutually beneficial. Google wanted its search engine to outperform all others, and to become, well, a verb. For their part, users wanted to see useful search results, meaning sites that offered the exact information they were after. By tracking the links its users clicked at scale, Google was able to predict user behavior (i.e. predict which site a user would visit) and optimize its search results based on those predictions.

But Google quickly realized it was sitting on an asset that could make it a lot of money, namely way more behavioral data than it needed to simply optimize its search results. That excess data, which Zuboff calls “behavioral surplus,” could be used to help advertisers improve their campaign returns for a hefty fee. That’s when the company began mining people data in earnest. It’s also when the egalitarian nature of the relationship ended. Google profited from consumers, but we got very little in return.

Zuboff describes how Google took pains to keep its surveillance empire away from public view, but those of us who worked in digital advertising were well aware of just how pervasive surveillance capitalism had become, even though we didn’t think of it in those terms. We called it data-driven marketing. 

Everybody sold people data. Companies like Experian, eXelate, BlueKai and many others vacuumed up great quantities of it -- financial, behavioral, purchase, demographic, psycho-demographic -- to create an endless array of audience segments for advertisers to purchase. The social media platforms joined in on the game, inviting advertisers to reach users based on hyper-specific criteria, such as interest, educational background, group affiliations and so much more, all while consumers assumed they were simply interacting with friends and family.

The reams of data the tech giants collected on us were mind-bogglingly large. By 2016, Facebook had 98 personal data points on each of its 2.2 billion users. Google collected enough data on an individual in one year that if printed and stacked, it would be taller than the Leaning Tower of Pisa (189 feet). 

For the most part, all of that data was collected without the consumer’s knowledge or consent, but that didn’t matter to the ad-tech industry. It was the age of data and data-driven marketing, and the ad-tech industry had a promise to keep: Enable brands to target the right user, at the right time, with the right message, in the right channel. But there was one “right” we didn’t consider: the consumer’s right to privacy.

Although consumers didn’t quite understand how their data was collected or by whom, the extent of the violation rankled, and they were angry. In 2007, Sean Lane purchased an engagement ring from Overstock, and planned to surprise his girlfriend with it, only Facebook’s Beacon feature jumped the gun, announcing his purchase in his news feed for all his connections to see. He, along with many others, hired attorneys and sued. In 2018, a federal judge approved a $9.5 million settlement against Facebook.

Soon a generation of activists and litigants rose up, and their efforts have literally transformed the privacy landscape, as we will discuss in our next blog series. Can’t wait to read about the web of players that shaped the privacy landscape? Download our free white paper, The Privacy Primer now.


Make Sense of Privacy-Language with a Common Privacy Protocol

Today, there is no lingua franca for privacy. Yet, your customers’ privacy preferences must be respected in the systems of partners, service providers and other third parties that speak a different privacy language than your own, or that lack any language for privacy at all. Many businesses are constantly struggling to send and interpret signals related to privacy, calling to mind the Biblical story of the Tower of Babel, with all of its scattered groups speaking languages unrecognizable to the others.

When senders and receivers of privacy instructions (or, in the parlance of GDPR, controllers and processors) speak different privacy languages, miscommunication and failure to enforce privacy rights can result. Clear cross-system communication and coordination requires a common privacy protocol that translates privacy signals to and from third parties, whatever privacy language they speak. This protocol needs to be programmatic and automated, and should not demand IT’s time and labor for bespoke, manual fixes to ever-arising privacy mapping problems.

Tower of Babel

Most companies today demonstrate a level of privacy maturity or fluency placing them in one of three categories:

  • Privacy Infants: They don’t speak privacy. At Ketch, we’ve observed that over 90 percent of service providers cannot support privacy within their own systems. They lack any privacy language, let alone standards for cross-system coordination. It’s imperative that companies establish a way to translate privacy rules to those at this level in a way that ensures they are respected.
  • Colloquial Teens: They have a privacy language but speak a different dialect from the system sending or receiving the privacy instruction: privacy instructions must be translated

  • Eloquent Poets: They speak the same language as the system sending/receiving privacy signals, and as a result privacy communication flows unhindered between them. The processor can easily ‘catch’ what the controller pitched. Real-time privacy desires and prescriptions on data use are tightly coordinated and enforced across the data ecosystem.
Digital identifiers -- one major example of the different languages companies speak -- can vary from one company to another: an email address at one; a visitor ID at another; a proprietary identifier at a third. This is getting all the more confusing as the number of digital identifiers proliferates, and the Gorillas, like Apple and Facebook, build ever higher walled gardens.

A consumer’s privacy preferences have to map back to the same living breathing person, not an isolated digital identifier. With businesses speaking different dialects, it’s necessary to parse fragmented digital identifiers and send the one recognized by the partner or service provider for them to honor the request. However, dispatching engineers to develop bespoke mappings every time a new system or regulation comes online wastes time, misapplies IT manpower and is unsustainably costly.

Rosetta Stone

Businesses must re-tool to meet partners’ and service providers’ systems wherever they are on the maturity curve. A common privacy protocol enables businesses to communicate and coordinate with those speaking a different privacy language without the need for manual, bespoke mappings. This is a “Rosetta Stone” for privacy -- a programmatic rulebook for accurately translating signals, enabling the fulfillment of privacy requests across a company’s whole ecosystem.

There are three main elements of the Rosetta Stone, or common privacy protocol for clear communication and coordination with all types on the privacy-maturity curve.
  • Overlay: Businesses and service providers will agree on a protocol, akin to what HTTP3 is for the web, a foundation for the exchange of data privacy signals, enabling tightly coordinated communication between entities and applications.
  • Translate: For the few service providers that have privacy APIs but use a different protocol (for example, one system calls it “Behavioral Advertising,” another calls it “Personalization”), privacy terms and identities must be translated to bridge that communication barrier.
  • Materialize: To communicate with service providers without privacy specific interfaces, i.e. no privacy language, the software interfaces that already exist (e.g. Targeted Advertising or Analytics interfaces, known as APIs), must be repurposed to send and receive data privacy related signals and identities.

The result is seamless communication of privacy instructions for real-time fulfillment across every touchpoint, every consumer interaction and every jurisdiction. This builds and maintains customer trust and fuels value-driven initiatives by getting complete, up-to-date, responsibly-sourced data to sales and marketing, analytics, data science, HR and finance.

We’ve seen how new privacy legislation, like GDPR and CCPA, can raise tricky compliance challenges, and there will surely be additional new laws to come. One of the best ways for a company to respond is to cut complexity and simplify privacy orchestration and coordination so that its system is not overwhelmed by every new policy change. This can be achieved with the help of a common privacy protocol based on next-generation technology that enables granular data control and allows businesses to build programmatic and scalable privacy programs that compliance costs, respect data dignity, and responsibly leverage consumer data for growth.

To learn more about Ketch's innovative approach to privacy and how we can help your business navigate the ever evolving privacy landscape, check out our Privacy Orchestration white-paper here.

5 Key Features Every Privacy Solution Needs

Don’t accept privacy tech that fails to deliver in these key areas.

Whether you’re reviewing your existing data-privacy toolkit or actively shopping for a new solution, it’s important to have a clear idea of the core features that you’ll need to meet current and future challenges. Many data privacy solutions only encompass a subset of these features, so it’s important to have a clear must-have feature list as you seek out a solution to keep your organization’s data safe and compliant. 

Let’s take a look at five key capabilities that should come fitted as standard when you adopt a new consent management and data rights solution.

1. Managing data flows. 

The ability to manage the way data flows through your organization, and ensure compliance with users’ wishes and regulatory requirements, is the most basic and most important role of any data privacy solution. Without this core functionality, there’s simply no way to ensure compliance or implement your team’s internal data policies. 

The key here is to seek out solutions that integrate seamlessly into your organization’s workflows and dataflows. A solution that ensures regulatory compliance but cripples your team’s ability to leverage data to deliver functionality is worse than no solution at all. You need a solution that allows you to extract value from data, in whatever way is most important to your organization, while still rigorously adhering to your customers’ expectations and your regulatory obligations.

2. Handling regulatory complexity. 

The regulatory landscape isn’t getting any simpler, and organizations need tools that can make sense of the patchwork of rules and statutes that affect their business. This requires the ability to navigate multiple regulatory regimes simultaneously, without conflict or redundancy, and to enforce data privacy effectively even as data flows between jurisdictions. If you’re doing business in the European Union, you’ll face very different challenges and requirements than if you’re operating in California — and you need a system that can seamlessly handle both situations.

You may also find your regulatory obligations change as your business model evolves, the rules get rewritten, or you move into new markets. You need a data privacy toolkit that’s flexible enough to adapt to your changing needs, granular enough to be localized depending on the markets you’re selling into, and comprehensive enough to apply the right regulations in the right way and at the right time, with zero margin for error.

3. Delivering on-brand experiences. 

When you’re poring over privacy statutes, it’s easy to forget that privacy isn’t just about keeping regulators happy — it’s also something your customers experience every time they use your product. That means you’ll need a solution that can deliver on-brand experiences for your customers as frictionlessly as possible. If a given solution can only spit out boilerplate privacy notifications delivered in a generic format, your customers will resent the intrusion into their experience of your website or product.

The solution? Demand software that empowers you to customize the user experience, and make more mindful decisions about the specific language that’s used, the way notifications are styled, and how they integrate into the end-user’s experience of your website or service. Your marketers will relish the ability to create messages in your  brand’s unique voice, and you’ll find it far easier to create a trusting and hassle-free experience for your customers or audiences.

4.Ensuring privacy everywhere. 

It isn’t enough to provide effective data privacy when users visit your main webpage. You also need to make sure their data is handled appropriately when they use mobile apps or other access-points — and also potentially when using internal data systems to manage employees’ information. You need a solution that can orchestrate consent and data subject requests across all those touchpoints, as seamlessly and automatically as possible. 

This is especially important when orchestrating data requests and consent signals beyond the confines of your own organization. External partners who access your data need to honor those signals, but many data-privacy tools require coordination to be handled manually, or fire off form emails to notify partners of their obligations. That creates room for human error, so seek out a solution that can rapidly propagate consent changes and data requests across your whole ecosystem, with built-in verification processes and little or no human involvement.

5. Keeping everyone happy. 

Data privacy is a perennial source of tension between legal and IT teams. It’s easy to see why: your legal experts need to be able to set policies for your whole organization, without fretting about technical implementation, and your IT teams need to be able to update code or make changes to data infrastructure without worrying about legal issues.

To smooth things out, it’s important to find a solution that lets you issue regulatory interpretations without rebuilding data tools, and also lets you rebuild data systems and overwrite blocks of code without impacting the flow of consent signals through your business. Many solutions are designed to serve either IT or legal teams, but to avoid expensive headaches down the road it’s worth seeking out a solution that can keep everyone happy. 

Different solutions will aim to address many of these capabilities in different ways and to different degrees, but the reality is that all five of these core capabilities for any data privacy solution. If you find yourself questioning whether a given technology can tick all these boxes, it’s a sign that you should move on and look for other options.

Once you’ve put together a shortlist of data privacy solutions that can succeed in these five key areas, you’ll need to give further thought to your own specific use-cases and needs, and start to assign weight to other factors. If you’re on a tight budget, then cost might be a critical differentiator for you. In other cases, you might feel that cost is less of an issue, but that best-in-breed data security and compliance are key priorities. By figuring out which features are must-haves, and ranking your remaining requirements by order of priority, you’ll begin to see which solutions are real contenders. 

At Ketch, we’re committed to delivering the must-have functionality our customers need to effectively manage data privacy. We’re confident that our solutions can hold their own against anything else that’s on the market. But don’t take our word for it. Think about your priorities, take a careful look at our rivals’ offerings — then give us a chance to show you why we’re the right solution for your organization.

Systemic Embrace: The Coexistence of Data Dignity, Compliance and Growth

In the often dizzying and confusing arena of data privacy, a new normal is rapidly unfolding, a paradigm that elevates data rights and data dignity. Characterized by a wave of new regulations and competing imperatives, the complexity of this new paradigm can overwhelm and paralyze business leaders searching for the ideal and responsible path forward. 

Many believe they face an impossible Sophie’s Choice: Dismiss privacy requirements and use personal data to grow -- or comply and stagnate. 

They are wrong.

There are leaders who understand the opportunity inherent in respecting data privacy and data dignity and they grasp that it’s possible to build value while honoring values.

Steve Jobs was leading the way in 2010:

“I believe people are smart and some people want to share more data than other people do. Ask them. Ask them every time. Make them tell you to stop asking them if they get tired of your asking them. Let them know precisely what you're going to do with their data.”

Effective solutions that respect and protect data privacy build trust with consumers. It veins with responsible stewardship of data and abides by Steve Jobs’ admonition to ask customers about data uses and to keep asking about their needs, wants, and priorities.

Most of all, it puts customer prescriptions and desires around the allowable use of data into action. Doing so builds trust, and building trust fuels privacy-compliant data stores -- the precondition for successful operations and AI.

Leaders like Microsoft CEO, Satya Nadella, are doubling down on the idea of data dignity as an extension to data privacy.

At the 2020 World Economic Forum, Nadella declared that data privacy at an individual level needs to be thought of as a human right and called for further work on the concept of “data dignity”:

“It’s not just ‘privacy’ and ‘oh, I give away my data’. I should be able to control in a much more fine-grained way how my data is being used to create utility for me and the world and the causes I care about”

When it comes to managing the interplay between the promise of data and the imperative for privacy, companies fall into four basic states: resigned surrender, wishful denial, ruinous inertia, or systemic embrace. 

Ruinous inertia: These companies don’t pursue data-driven initiatives or invest in their enabling tools and processes, yet also fail to comply with basic privacy regulations governing their interactions with employees, partners, and consumers.

Resigned surrender: These companies have resolved that the risks of non-compliance are existential and therefore too perilous to ignore, and on that basis have opted to suppress their collection and usage of data across multiple channels and platforms (particularly digital marketing initiatives that depend on consumer data). 

Wishful denial: These are companies who take liberties with data and blast full steam ahead with the quiet recognition that they’re non-compliant with regulations they know pertain to them. They are either in denial about the risks, or in denial that their non-compliance could ever be discovered or significantly damage their business. 

Systemic embrace: These companies recognize the risks of non-compliance, the opportunities that come from cultivating privacy and greater trust with stakeholders, and the strategic imperative to participate fully in the data AI revolution. They reject Sophie’s Choice and are committed to the systemic pursuit of compliance and growth.   

Systemic Embrace is the path to peaceful -- and profitable -- coexistence of data dignity, compliance and growth. It recognizes the rising urgency of data privacy and the enduring premise of data-driven growth.

To learn more about how businesses are responding to the complexity of privacy- check out the Ketch Privacy Primer Part 2 here.

Can Orchestrating Privacy Data Subject Requests be Automated?

The complex, time consuming, and downright annoying process of exporting, erasing, or rectifying personal data to respond to valid data subject requests sanctioned under privacy data regulations like GDPR and CCPA likely has you wondering if there’s a better way. You’re not alone if you’re considering a ticketing-based solution touting the ability to automate this process. But can orchestrating data requests from customers be automated?

Personal data exists in multiple formats across multiple in-house, cloud-based, and third-party systems. It can be an email in one system, a rewards number in another, or a cookie in yet another. Before a data subject request can even be fulfilled, much less automated, you need to find the data. Easier said than done. Consider a request based on email address. If that’s not the system identifier, you need to either gather more information from the now-frustrated customer or delve into the system to try and determine the data format. That’s not always possible with systems that hold only obscure device identifiers or cookies. And by law, you can’t claim you don’t have the data just because you don’t have the identifier. Without this information, compliance is at risk and automation is not possible.

Even when the data is located, fulfilling the request requires knowing all the steps within the workflow of each system. For external systems, this could be sending an email or going through the user interface to generate the request. For internal systems, it means identifying the responsible system owner and operator. This is all compounded by the fact that you still need to determine if the request was even received and fulfilled—for every system.

Since the definition of personal data is broad, and it can reside in several linked systems and subsystems, the question also often remains whether the scope of all the data was even dealt with. You might think a data subject request only requires you to delete the customer table containing names, email addresses and account information. But if that customer’s data exists in other locations and formats like purchasing or browser history, you’re only in compliance if ALL the appropriate data is deleted. That also means you need to know what data is exempt and must be maintained for contractual, legal, or auditing purposes.

Considering the complexity of it all, don’t be fooled by ticketing-based system that have you thinking the actual work of fulfilling data subject requests will be automated. Sure, these systems may automate the creation of a ticket, an email response to the customer acknowledging the request, or the due date required by a specific regulation. They may even help you manage HOW to fulfill requests—that is once you’ve determined and set up all systems, identifiers and workflow requirements. But ticketing-based systems are simply not capable of automating orchestration.

So the question remains—can orchestrating data subject requests even be automated or is that just pie in the sky? That’s where Ketch come in.

Using technology rather than process, Ketch is working to solve the barriers of automation by invoking tools like open-source APIs, syntax command templates, and system integration in conjunction with a central control system that lets you automatically record, track, and respond to data subject requests. When it comes to privacy data compliance, our goal is to make data systems work so you don’t have to.

Stop Worrying About Regulations

For global businesses, the data-privacy rulebook isn’t getting any shorter. The GDPR and the CCPA are just the tip of the iceberg; over 80 countries have passed or strengthened data privacy laws. Industry-specific regulations such as HIPAA and FERPA further complicate matters, while COVID-19 contact tracing will open a whole new Pandora’s box of regulatory complexities. With China and India also joining the party, the regulatory landscape will only grow more tangled in coming months.

There’s no way to avoid all those rules and regulations. Data, not oil, is the fuel powering our economy, and we’re using more of it than ever. New innovations such as AI and IoT constantly add to the torrents of data inundating businesses: a single smart-car produces 300 terabytes of data a year; by 2025 the world will generate a colossal 175 zettabytes of data a year. Companies can no more opt out of using data than a fish can opt out of the ocean.

But managing all that data while simultaneously complying with a constantly changing and growing body of regulations is a major challenge, one most companies aren’t equipped to handle. Firms typically respond to new regulations by patching their data management tools to ensure data is handled correctly, but taking an iterative, point-solution approach while navigating the expanding global regulatory morass is like playing Whac-A-Mole — except that the field is growing, the moles are proliferating, and you have only a single mallet. No matter how fast you hammer, you’ll never be able to keep up.

That’s the bad news. But there’s good news, too. While the challenges are real, there’s also a real and practical solution that can help businesses to stay compliant amidst a sprawling and ever-changing regulatory landscape. And paradoxically, the best way to stop the bleeding and stabilize the patient is to stop worrying so much about regulations.

Put Data First

Obviously, you can’t ensure compliance without paying attention to regulations. But that doesn’t mean everyone in your organization should be constantly fretting about how regulations affect them.

Under the current paradigm, when new regulation is enacted, businesses have to gather together everyone — business leaders, legal experts, developers, and so forth — to hammer out a fix. That’s fine when you’re dealing with modest amounts of data and a circumscribed body of regulations. But when you’re dealing with rapidly changing data and regulations on a global scale, it simply isn’t sustainable. All too soon, you’re left with a patchwork of point solutions — complex, brittle, failure-prone, and impossibly expensive to maintain.

This Rube Goldberg approach to regulatory compliance also takes up huge amounts of time and energy, driving up costs and distracting your legal, business, and technical teams from more important matters. It also stifles innovation and slows product development as engineers shelve other projects to bolt yet another set of unscalable compliance solutions onto an already struggling tech stack. And it forces legal and business stakeholders to second-guess what’s technologically possible, and engineers to parse the nuances of statutes and regulations as they struggle to ensure their code is compliant.

What’s really needed is a more efficient approach: not an all-hands effort to rebuild your data management system each time a new regulation comes along, but rather a mediating layer between legal and business experts, on the one hand, and developers and engineers on the other.

Instead of treating compliance as a regulatory problem, treat it as a data-processing problem — and build a data-tech stack that’s capable of natively support any new regulations, and applying changes seamlessly across your entire data-set without requiring legal folks to understand code, or developers to understand the fine points of privacy statutes.

A Scalable Solution

That’s where Ketch comes in. Our platform decouples your data handling and compliance processes by establishing a central control system that lets you update data governance protocols without ever touching the code driving your data-handling tools.

By separating these functions, we free legal and business teams to focus on articulating a data governance worldview that’s aligned to the latest regulatory requirements, and to consumer needs and rights, without worrying about execution. On the tech side, developers can integrate data-handling systems with the data governance module once and once only, and never worry about compliance again.

Sound too good to be true? Here’s how it works:

First, using our simple but feature-rich Regulatory Harmonization tools, legal and business folks develop policies setting out what’s allowed and what’s not. Imagine TurboTax, but for privacy regulations instead of the tax code: a simple, slick dashboard that requires no technical expertise, but lets you draw on Ketch’s experience and templates, plus your own industry knowledge, to create a customized rulebook that determines precisely how your company can handle data.

At this point, the legal and business team’s work is done, but Ketch is just getting started. Based on the policies you’ve defined, we automatically generate permits — a kind of smart contract that sets out the precise rights and obligations of every user or piece of data in your system. Enforced through high-end encryption, the permits make it literally impossible for data to be used incorrectly, much as DRM makes it impossible for IP assets to be improperly shared.

Finally, we assign each piece of data a unique identifier, a bit like the barcode that identifies every can on a supermarket shelf. That’s important because it’s the only piece of our system that developers need to worry about: using a simple API, developers can use that identifier to check whether a specific action is permissible for a given piece of data. They never have to interpret the rules themselves — they just ask the question, and get a straightforward answer.

The power of that approach should be obvious. If a new law is passed, or an old one changes, the only people who have to worry about it are your legal and business team. They can implement the new policies, and know that their changes will propagate instantly across the company’s entire data infrastructure. And because compliance is handled centrally, your codebase never changes or needs revising — while the permitted actions for any given user or bit of data might change, the infrastructure itself remains the same.

The result: a top-to-bottom governance system that ensures future-proof compliance without forcing you to rewire your data infrastructure. Policy changes propagate through your system automatically, even extending downstream into middleware, or to partners and consumers who access or use your data. And because you’re no longer working with a patchwork of point solutions and custom fixes, the entire network is more secure, more efficient, and easier to maintain.

Deploy Once, Secure & Comply Everywhere™

For too long, digital enterprises have been running to stand still when it comes to data compliance. It’s time to get off the treadmill, and find a new, genuinely scalable approach that treats data compliance first and foremost as a data-processing problem.

Ketch is that solution. Just as Stripe revolutionized online payments with an API approach, so we’re turning data compliance into a solvable problem. No matter how quickly regulations change or how fast your business grows, you’ll never have to waste time rewiring your data management tools — you’ll just update your data policies, and get back to serving your customers.

Global regulators aren’t about to stop passing privacy laws, but you don’t have to let your company get swept away by the deluge. If you’re ready to stop playing catch-up, get in touch today, and let Ketch change the way you think about compliance.