TrustArc Blog

IAPP & TrustArc Research: Part III – Three Fastest Growing Solutions

July 26, 2018

Part I of this blog post series discussed background, goals, and research methodology of the research report: How Privacy Tech is Bought and Deployed.

Part II illustrated how Privacy Tech Adoption has reached the tipping point: based on purchase plans, it is projected that companies will adopt privacy technology in eight of the ten privacy technology categories.

Part III will highlight some interesting data from the report that shows what the three fastest growing solutions are: data mapping, assessment management, and data discovery.

By showing what percentage of organizations are actually already buying and implementing these various technologies, we are providing a way to roughly assess the market penetration. While we don’t have a way to assess whether these organizations truly need each of the 10 categories of identified privacy technology, we can see what organizations are buying and implementing.

Data mapping, assessment management, and data discovery among fastest growing solutions

This chart shows that:

  • 24% have already purchased Data Mapping and Flow technologies and 21% have purchased Personal Data Discovery tools. These two technologies also top the chart for what organizations are planning to implement at 33%.
  • Privacy Program Assessment and Management software has made significant headway, with 33% of organizations surveyed having purchased it or implemented it and another 32% either planning to purchase this technology in the future or have already purchased it but have yet to implement.

Not illustrated above is an interesting difference based upon geography. EU companies also are slightly more engaged with Data Mapping and Flows tools (43 percent have purchased) than U.S. companies (35 percent) and Canadian companies (15 percent).

Also of note are Network activity monitoring and Security enterprise communications, two technologies represented in the graph above that most companies have already purchased. As shown, core security technologies that might also serve a privacy function are more frequently implemented, as is the case for many of what we call Enterprise Privacy Management solutions.

Network Activity Monitoring is something many security operations are likely to have on board, so they can understand traffic loads, watch out for DDoS attacks, and watch out for unauthorized access to certain organizational data.

Similarly, it is now relatively standard practice for security teams to use some kind of Secure Enterprise Communications — such as enterprise solutions that are increasingly being developed to allow for encrypted business conversations, or even simple personal messaging apps — to correspond after a security incident that may have compromised the network, so as not to alert intruders that the team is aware of their presence.

You can read the full report for more analysis of the results, including why some technologies seem to have less investment. In our next blog post we will discuss privacy’s strong influence on purchase decisions.