by Victoria Hudgins, writer, Law.com, July 18, 2019
The rapid growth and complexity of data privacy laws makes the idea of one dominant privacy compliance company unlikely, ensuring lawyers’ seat at the table.
In the midst of growing data regulation laws and compliance needs, some privacy compliance technology companies are attracting a slew of investments. Take for example, data privacy compliance company OneTrust raising $200 million and TrustArc announcing it secured $70 million last week.
But while it may be tempting to say a select few companies have cornered the data privacy market, competitors and observers say the variety and complexity of data privacy regulations makes no platform the single go-to company in the market. Likewise, lawyers’ legal expertise still makes them a valuable asset for understanding regulations.
Dave Deasy, vice president of marketing at TrustArc, said the combination of stiff fines grabbing companies’ attention and many regulations’ reporting requirements is driving venture capital investment into data privacy compliance tech.
As European regulators begin to levy penalties for high-profile data breaches under the General Data Protection Regulation (GDPR), companies are also concerned about other growing data regulations and the patchwork of U.S. data privacy laws. In turn, companies need a host of services to meet their data privacy requirements.
“There are a lot of moving pieces. I suspect [data privacy compliance] companies will concentrate on a particular area,” said Paul Hill, senior consultant for SystemExperts Corp., a cybersecurity consulting services company. “There’s legal advice, inventory of data and tracking where data goes and then there’s the wide variety of technical controls.”
TrustArc’s Deasy noted he’s seen more small startups sprouting up with specialized functions geared toward single aspects of a data privacy regulation, from solely offering to manage data request services to only providing data discovery. Meanwhile, law firms are now leveraging compliance technology to counsel their clients, he added.
While firms are using platforms from tech companies, they are also creating data privacy compliance tools of their own for clients, said Tsutomu Johnson, Parsons Behle & Latimer of counsel and CEO of the firm’s legal tech lab.
Indeed, various law firms have created privacy compliance tools to provide clients with access to their legal expertise, at perhaps the determinant of the billable hour, to fit clients’ 24-7 needs. That foray into legal tech is law firms’ stepping stone into automating more legal services, Johnson said.
“What I think law firms will do is pivot and leverage the technology they’ve made in privacy to meet a demand … to figure out a way to contain legal costs and the only way you can do that is by automating,” he said.
Likewise, lawyers still maintain the traditional role of drafting contracts in compliance with varying regulations.
“The gap law firms can still fill is creating language that is in compliance with the text of the law,” Johnson said.