Join us for our GDPR Compliance Conference Series

Privacy professionals are facing a number of challenges in determining how best to achieve GDPR compliance and maintain compliance for the long term. The Alliance of Global Privacy Solution Providers (the “Alliance”) has been formed with a mandate to educate privacy professionals on making informed decisions on their approach to planning, implementing and managing GDPR and long-term privacy compliance.

As a founding member, Prifender would like to invite you to our next GDPR Compliance Conference Series events taking place:


San Diego, CA, USA
Hosted by: KPMG LLP
October 16, 2017
8:45 am to 3:00 pm PT
Register Here


Mountain View, CA, USA
Hosted by: Fenwick & West LLP
October 19, 2017
8:45 am to 3:00 pm PT
Register Here


Seattle, WA, USA
Hosted by: Perkins Coie LLP
October 20, 2017
8:45 am to 3:00 pm PT
Register Here

View the full list of conference events here.

Along with our co-founders Evidon, MediaPro, Nymity, Prifender and RADAR, and our hosts, we will offer in-depth sessions on particular elements of compliance with the GDPR including:

  • Data Mapping & Inventory
  • Records of Processing
  • Cookie Compliance
  • PIAs and DPIAs
  • Data Breach Incident Response
  • Educating and Engaging employees

At the end of the day, you will come away with the knowledge to decide:

  • Where and when software or additional tools are needed to satisfy, effectively and efficiently, GDPR requirements
  • Where and when existing processes are achieving GDPR requirements
  • How to take a longer-term approach to privacy management, beyond immediate GDPR requirements

Further information about the Alliance and our events
is at www.globalprivacyalliance.org

Join our sessions at the Privacy. Security. Risk. 2017 conference, Booth #32 and #33

Prifender is pleased to announce that we will be exhibiting at the Privacy. Security. Risk. 2017 conference in San Diego, October 16-18.

We will be showcasing a live demo of our solution, an identity-aware artificial intelligence technology, used to discover and map personal information across networks and systems, both structured and unstructured.

Come Visit us at Booth #32 and #33, and join our sessions with recognized privacy leaders:

Tue, October 17th 11:45 AM – 12:45 PM
Privacy Tech Vendor Showcase 
Harbor D
Marcus Morissette, CIPP/US, CIPM, CIPT, Global Privacy Officer and Privacy Counsel, eBay
Omer Matityahu, COO, Prifender
 

Tue, October 17th 02:00 PM – 03:00 PM 
Effective Privacy Management through Data Governance
Seaport H
Michelle Dennedy, CIPP/US, CIPM, VP, CPO, Cisco
Michael Deer, CIPP/US, Head of Data Privacy, Alcon
Sagi Leizerov, CIPP/US, Chief Data Solutions Officer, Prifender


Wed, October 18th 10:30 AM – 11:30 AM
IT Architecture for the GDPR-Design Components and Privacy Controls
Harbor E
Marcus Morissette, CIPP/US, CIPM, CIPT, Global Privacy Officer and Privacy Counsel, eBay
Don Watters, Senior Data Architect, eBay
Christopher Glover, CTO, Prifender


Wed, October 18th 01:20 PM – 01:40 PM
Monetizing Personal Information: Challenges and Solutions
Seaport D, Exhibit Hall, LITTLE BIG STAGE
Sagi Leizerov, CIPP/US, Chief Data Solutions Officer, Prifender

We look forward to meeting with you at this exciting event.

Investment Bank Includes Prifender in Top-Ten- Companies-to- Watch

Prifender was just recognized as one of ten private companies with great potential in 2017, in Momentum Partners’ Cyber Security Market Review for Q2 2017. Prifender is the only privacy technology company noted in this high-profile watch list.

Momentum Partners is a global cybersecurity-focused investment bank. Each quarter Momentum features 10 companies from the 2,200+ they track and profile them in their Quarterly Market Review in order to raise their network’s awareness to these stand out companies.
In its first review of technologies for addressing the challenge posed by the European Union (EU) General Data Protection Rule (GDPR), Momentum noted that “companies must be able to automatically discover and map all personal information across networks (structured and unstructured) and apply policies to the information.” With consideration of the various solutions that currently exist in the cybersecurity space, Momentum added that “existing technology stacks alone cannot meet the mandates handed down by GDPR.” Artificial intelligence, machine learning, automation and big data expertise, all foundational elements of Prifender’s technology, were identified in the report to be the “key capabilities and requirements of GDPR platforms.”

The GDPR is a privacy regulation that applies to the personal information of EU residents, wherever that data may be processed. The regulation has been receiving a great degree of attention from executives and boards-of-directors due to its high fines (up to 4% of a company’s global revenue) and its comprehensive breach notification requirements. The GDPR comes into force in May 25, 2018.

“We are thrilled to see such a large player in the cybersecurity field recognize the benefits in our technology. Our R&D investments focused on combining AI, forensics and big data with the conviction that this type of solution offers the most efficient path to privacy management. The recognition by Momentum that we are on the right path for helping companies with the GDPR challenge provides us with a great boost of confidence, and matches the positive reactions we are receiving from the market” said Nimrod Luria, Prifender’s CEO. Dr. Sagi Leizerov, Prifender’s Chief Data Solutions Officer underscored these statements and added that “personal information is a data asset that requires a granular level of tracking – the identity level. Any solution that cannot scale to manage many millions of identities across thousands of systems, cannot help companies address privacy requirements. A well-managed data asset allows companies to monetize and extract value from it without the risk of severe fines and alienating customers; this is the ultimate goal of our technology.”

To read the full report click HERE.

Leading data architect to join Prifender as Chief Technology Officer

Christopher Glover, formerly of eBay and PayPal, to join Prifender
Prifender is thrilled to announce the joining of Christopher Glover to its management team as the company’s Chief Technology Officer.
Christopher brings to Prifender experience spanning product development, data management, architecture, operations and compliance.
Christopher’s passion for reducing organizational friction concerning the use of corporate data assets while maintaining very high compliance with internal and external policies and regulations makes him the perfect professional to lead Prifender from a technology perspective.
His experience working closely with compliance functions to understand the limitations on data usage and creating infrastructures that enable teams to maximize the value of data will be a great asset to Prifender’s own customers.
“Chris brings to Prifender a unique mix of capabilities. He has dealt with the volumes of data that only large eCommerce websites such as eBay can generate, while also possessing the necessary data-discipline that comes from working with financial institutions from his work at PayPal” says Nimrod Luria, Prifender’s CEO.
In his role as Prifender’s CTO Christopher will be working directly with Prifender’s deployment team, forging the company’s technology to meet each customer’s unique data needs.

Sagi Leizerov, formerly Global Privacy Leader for EY, Joins Prifender

Prifender is extremely pleased to announce that Sagi Leizerov, Ph.D, CIPP/US, has joined its management team as Chief Data Solutions Officer.
Before joining Prifender, Sagi served as Ernst & Young’s Global Privacy Leader.
During his 16 years with Ernst & Young, Sagi served Fortune 100 and Fortune 500 companies from industries ranging from financial services, pharmaceutical, technology, manufacturing and automotive.
He is a frequent speaker in data-related conferences and his articles appear in business and professional publications.
As Prifender’s Chief Data Solutions Officer, Sagi will work with our customers to maximize the capabilities of Prifender’s technology in their technical environment and operational needs.
When asked about his decision to join Prifender, Sagi offered the following:
“I have been part of the privacy field since its infancy. I started in 1998 and saw this field move from a compliance based approach to risk management, and most recently the “accountability era” of privacy. These different eras in our young professions were all marked with good intention, but very little capability in enforcing rules, demonstrating compliance and backing up any claims of accountability. I wholeheartedly believe that the solution that Prifender is offering is the future of the privacy profession, and I want to be at the forefront of this emerging paradigm shift in the privacy field.”

Thinking about adopting a paper compliance strategy? Think again

As the deadline to comply with the requirements of the EU’s new General Data Protection Regulation (GDPR) fast approaches, there are a growing number of companies who have in-house and/or external privacy counsel that are pushing a strategy of “paper compliance” to meet the voluminous requirements of the new regulation. Some advocates of this approach see paper compliance as a necessary stop-gap measure on the road to full compliance, i.e., paper and operational compliance. Others view paper compliance as the preferred currency of regulators and therefore as an adequate measure to protect the company from enforcement actions regardless of whether or not the company is operationally complaint with GDPR or other privacy and data protection regulations. Setting aside these and other motivations that inform a decision to pursue a strategy of paper compliance, it is important to note that there are significant compliance and accountability challenges companies should be aware of, and consider, prior to moving forward with this approach. In the remainder of this post we will briefly address each of these challenges to paper compliance.

Paper compliance is not operational compliance
Perhaps the most obvious challenge facing paper compliance is that while it can effectively codify principle-based data privacy laws into written policies, procedures, contract provisions, and workforce training materials (this is precisely what is meant by paper compliance), it clearly remains silent when it comes to the issue of operational compliance, which we can define as a company’s people, internal processing, and information systems and tools that operationalize the principles in the company’s various written policies, procedures and contracts.

Consider the following example: Company A has in place an external facing privacy notice that informs data subjects of their rights including the right to access, update, delete and restrict certain processing activities. Additionally, the company has documented internal policies and procedures that inform the workforce about what the company’s obligations are to data subjects and how to respond to and fulfill requests from data subjects. On paper, Company A certainly appears to be meeting its compliance obligations. However, lets also assume that Company A doesn’t possess the appropriate technologies or tools to meet its obligations to restrict certain processing activities or delete a data subject’s personal information, or, for that matter, even identify the systems in which a data subject’s personal information resides. In this case, paper compliance is akin to a house of cards. From afar, everything looks in order. In fact, any incident or complaint that would bring regulatory scrutiny could bring the house of cards tumbling down and along with it incur heavy fines and significant reputational harm.

Paper compliance is not a panacea for accountability
A related challenge to paper compliance revolves around the issue of accountability and its increasing importance in privacy regulations, including GDPR. Although accountability is one of those buzzwords that means different things in different contexts, for the purposes of this discussion we will define accountability as the organization’s compliance with their privacy obligations and the ability to verify that compliance. For advocates of paper compliance, the written policies, procedures, contract provisions and training materials can demonstrate and verify the company’s compliance with their privacy requirements. This is generally true of paper compliance proponents –regardless of whether they view it as a stop gap measure on the road to full compliance or whether they view it as sufficient to protect the company from a variety of risks including onerous enforcement actions. However, this view of paper compliance as tantamount to a company’s accountability obligations misses one very important aspect of accountability: Namely, while it is true that paper compliance can demonstrate to regulators (and customers) that the company has codified privacy principles and practices, this is not the same as adducing evidence that the company’s technical controls are operating in compliance with the companies privacy policies and procedures.
Real accountability must go beyond paper compliance/accountability to include a technical component that makes it possible for regulators to verify – via demonstrable evidence – that the company’s information systems and associated technical controls are processing personal information in accordance with the company’s documented privacy commitments. Many commentators have referred to our current era as the age of accountability. There is clearly a greater emphasis on accountability now than in recent times and companies that are unable to verify that they are in full compliance with their privacy commitments, there is significant risk of severe enforcement actions and reputational harm if they were to come under regulatory scrutiny.

Paper compliance? Proceed with caution!
Taken together, these compliance and accountability challenges call into question the efficacy of the paper compliance approach to protect companies from significant and potentially crippling risk. Paper compliance without operational compliance and real accountability is not just inherently partial compliance, it is, in a very real and consequential way, non-compliance.

Highlights from Prifender’s roundtable in IAPP DC Summit

On April 18th, 2017, Prifender held a roundtable discussion on privacy  engineering. The event featured three prominent speakers:

• Kevin Murphy, CISO & DPO at Corning Incorporate
• Peggy Eisenhauer, Founder of Privacy and Information Management Services
• Sagi Leizerov, Global Privacy Leader of EY

 Prifender’s Privacy Management Strategist, John Gevertz, formerly ADP’s Global Privacy Officer, moderated a lively discussion following opening remarks from the speakers.
Many of the participants, representing leading fortune 500 companies, agreed that technology will be the key enabler in light of emerging regulations such as the GDPR.

Two related themes emerged from the discussion.
First, that a “risk based” approach to addressing GDPR and other emerging regulations will fail.

The second theme was that at the heart of today’s privacy challenge is a data governance problem that spans over many terabytes and petabytes of data for most companies. Addressing the data governance challenge while enabling the business is not a task that can be met with policies, contracts and training, but rather more effective means are in order. The role of privacy engineering in addressing the current challenge was repeated throughout discussion, with Ms. Eisenhauer stating that technological innovation is the future of privacy management.

Prifender to hold a roundtable discussion at the IAPP DC Summit

As the cost of privacy violations increases, organizations are looking for ways to effectively implement their policies across business units, as well as be demonstrably compliant with them.  Both of these challenges require automation in day to day privacy management.  This need for automation will make the adoption of technological solutions a central theme for privacy professionals in 2017.

Over several years privacy professionals have been emphasizing accountability over personal information but had limited means for validating it.

2017 represents a shift for privacy professionals as technology offers them new opportunities to track and control the use of personal information across the enterprise.  The timing of this development is not incidental, but it does represent a perfect storm of conditions: the General Data Protection Regulation in the EU with its global span and steep fines coupled with an overall cyber security fatigue lead many organizations to look for data related challenges beyond mere protection.

The progress towards technical solutions moves compliance from “paper-based” solutions, such as policies and contracts, to more verifiable and demonstrable tools that ground risk management activities in the facts of how data is actually used across the enterprise.

Prifender will hold a roundtable discussion on the topic of privacy technology around the IAPP Summit in Washington DC on Tuesday April 18, 2017 from 4-6PM at the WeWork White House, 1440 G St., NW Washington DC.

This roundtable discussion will focus on the tangible opportunities to overcome the challenge of translating regulatory requirements to solutions that can be digitally managed.

The session, Translating Privacy Requirements to Zeros and Ones, includes three well regarded privacy proressionals as speakers: Peggy Eisenhauer, Founder of Privacy and Information Management Services, Kevin Murphy, CISO & DPO of Corning Inc., and Sagi Leizerov, Global Privacy Leader of EY.