Open Password – Donnerstag,
den 28. Mai 2020
Outsell – Data Privacy Solutions – COVID-19 Era – Hugh Logue – Working from Home – Management Tools – Audit Tools – Incident Response – Information & Analytics – Market Drivers and Inhibitors – Cyber-Attacks – Data Breaches – New Privacy Laws – Public Awareness – Cyber-Criminals – UK National Cyber Security Centre – World Health Organization – US Centers for Disease Control and Prevention – GDPR – California Privacy Act – Mapping Solutions – Bloomberg Law – Thomson Reuters – Platform as a Service – Data Controllers – Data Processors – Shadow IT – Internet of Things – Robots – Machine Learning KPMG – Auditing Firms – Compliance – Experian – COVID-19 Outlook and Response Evaluator – California State – USADATA – Go Digital Fast – MSCI – Indexes on Disruptive Technologies – ARK Investment Management – Quartz – Kaplan Performance Academy – Linked In – Business Information – Outsell – BDZV – Corona – Digitalisierung – Thomas Düffert – Madsack – Torsten Laue – Talanx – Anna Careborg – Svenska Dagbladet – Swantje Dake – Steffi Dobmeier – Yannick Dillinger – beBETA – Stuttgarter Zeitung – Schwäbische Zeitung – Augsburger Allgemeine
The Outsell Contribution
Market Size, Share, Forecast and Trends
The Importance of Data Privacy Solutions
in the Covid19-Era
Market Drivers and Inhibitors
By Hugh Logue, Director & Lead Analyst
Why This Segment ___________________________________________________________________________
The COVID-19 pandemic is driving a short and steep increase in demand for data privacy solutions as companies look to protect their data while their non-essential workforce pivots to working from home. Longer-term, growth will remain robust; this analysis examines why.
Market Definition and Methodology
Data privacy solutions are application software and information platforms that support organizations in performing functions connected with the administration and management of personal data in order to comply with data privacy regulations. Data privacy officers use these data privacy solutions to both directly support tasks within their roles and manage compliance across their organizations.
Outsell’s definition broadly splits the market into four solution categories:
- Management Tools: These are tools that help organizations remain compliant when collecting and managing personal data. This includes consent managers, data access monitoring products, and pseudonym tools.
- Audit Tools: These help data privacy professionals to identify personal data that is stored within organizations, see how it flows in and out, and determine whether all the necessary consent procedures and policies are in place. This includes data mapping, data discovery solutions, automated policy document reviews, and tracking tools that enable organizations to demonstrate compliance.
- Incident Response: Incident response solutions enable organizations to quickly respond to data breach incidents. These include tools that identify what data was compromised and workflow solutions that help organizations meet their notification obligations.
- Information & Analytics: Data privacy information and analytics solutions are online applications that enable researching information related to data privacy, including specific legal, current awareness, and technical information. This category also includes benchmarking tools that provide organizations insights into what others in their sectors are doing to ensure that they keep up with industry standards.
Outsell does not include foundational software that may include data privacy elements, nor do we include cybersecurity technology.
This report draws extensively from Outsell’s unique industry metrics and analytics, including our database of over 10,000 companies. For this report, Outsell analyzed over 200 companies that offer data privacy solutions — some are pure-play providers, while others are broader solution providers that offer data privacy solutions as part of their product portfolios. We augmented this effort by conducting personal interviews with the CEOs and division heads of the top players in the market as well as smaller providers. We combined this with Outsell’s daily contact with players in the information industry and the deep industry experience of our analytical staff to help form our conclusions.
Market Drivers and Inhibitors ___________________________________________________________________________
COVID-19 is forcing companies around the world to close their offices, sending tens of millions of people to work from home for the foreseeable future and simultaneously enabling yet another menacing threat to their businesses from a different type of virus. As data and cloud usage surges, it increases the potential for cyber-attacks and data breaches just as new privacy laws come into effect around the world. This is increasing the demand for data privacy information and software providers, which was already growing rapidly ahead of the pandemic.
With massive data growth set to continue for the foreseeable future, data privacy will remain an ongoing challenge as cyber-criminals gain access to increasingly sophisticated and powerful weapons. Data privacy is a new horizontal area for businesses, with every industry sector affected, enabling privacy solution providers to sell to all organizations that collect personal information — and in the modern economy, that means almost all firms.
However, in the longer term, the main driver for the adoption of data privacy solutions is the increasing number and complexity of privacy laws. Other key drivers and inhibitors are also creating opportunities and threats for providers in this market. Increased public awareness of privacy rights is driving a backlash against companies that have major data breaches, damaging company reputations and often costing CEOs their jobs.
The attention that new laws and high-profile breaches brings is also making customers in this market take closer looks at their own processes, only to discover that all is not in order. Within the context of the eight drivers and inhibitors listed below, leaders in privacy solution providers can assess where their strengths are and which trends they are best positioned to capitalize on.
COVID-19 Forcing Employees to Work from Home. As a result of the ongoing threats associated with COVID-19, companies are being forced to implement work-from-home policies, many for the first time and others on a scale larger than ever before. This presents an increased risk to data privacy, not only for a company’s customers but also to employees who may reveal personal data about
themselves while working from home. If staff are using their own home computers for work, there is a risk that those computers are already infected with malware or running unsafe programs that are easy to hack. Despite the state of emergency, COVID-19 does not exempt businesses from data protection laws, and companies need to ensure the security of their networks by properly protecting devices that remote employees use.
Unsurprisingly, cyber-criminals are pouncing on the opportunity to take advantage of all this commotion. The US Federal Trade Commission and the UK National Cyber Security Centre recently revealed a growing number of hack attempts in several countries by cyber-criminals seeking to exploit COVID-19. These include impersonating the World Health Organization and the US Centers for Disease Control and Prevention, phishing clickbait via email and social media, and creating fraudulent websites to sell fake antiviral equipment.
It is falling on the growing number of privacy tech providers to support businesses with their data privacy compliance during the crisis. Market leader Proofpoint reports that the volume of email attacks related to COVID-19 now represents the “greatest collection of cyberattack types united by a single theme that the Proofpoint team has seen in years, if not ever”.
Overwhelming New Privacy Laws and Regulations. In addition to the EU’s General Data Protection Regulation (GDPR), which came into effect on May 25, 2018, countries across the world are also introducing new privacy laws. In the US, the California Consumer Privacy Act (CCPA) came into effect on January 1, 2020, providing California consumers more access to and control over their personal data.
A dozen other US states are at varying stages of implementing their own privacy laws, including Maine, Nevada, and Illinois. New federal laws are likely to come in the next few years as well, although the flavour of these laws may depend on the results of the 2020 US elections.
Canada and countries in the Asia-Pacific region, Africa, the Middle East, and South America have all introduced new privacy legislation or are developing it. This is driving demand for privacy solutions, especially cross-border solutions that offer a global overview.
High-Profile Breaches Driving Demand for Data Audits. Concern within company boards has increased in recent years after witnessing repeated high-profile data breaches at major corporations, resulting in huge fines, negative publicity, and the firing of senior executives. Many companies had simply lost track of all the personal data that they had stored within their company systems, and they cannot be compliant if they don’t even know what personal data they have. This creates opportunities for solution providers to launch data mapping solutions, data discovery technology, and assessment management tools. There is an opportunity for solution providers in the data information space, such as Bloomberg Law and Thomson Reuters, to create APIs that can plug into these solutions.
Cloud-Based Enterprise Software Driving Third-Party Data Sharing. The advent of SaaS cloud computing has created an explosion in the use of enterprise software over the last two decades as organizations big and small leverage it to increase efficiencies by automating tasks, digitizing records, and gaining more control over their business processes. This has been furthered by the introduction of the “platform as a service” model, which allows customers to build applications on other companies’ architectures.
By definition, cloud computing requires the transfer and sharing of data between companies, often including personal data. The GDPR and other privacy laws draw a distinction between “data controllers” and “data processors”. SaaS companies are typically considered processors, while their customers are controllers since they are the ones that determine the purpose and means of personal data processing.
However, in practice, companies’ reliance on business-critical SaaS creates a power imbalance, enabling SaaS providers to transfer liability and risks to their customers without providing adequate details about how they process personal data. Privacy solution providers enable customers to monitor and audit their data regardless of where it resides, so they have better data protection compliance evidence.
An Explosion of Devices Creating a Personal Data Labyrinth. There is an ongoing tension between data protection managers who want to secure their companies’ technical infrastructure and control data flows and employees seeking greater convenience using non-traditional devices. Data collection has traditionally been controlled via single desktop computers running single programs. Employees now have a multitude of devices, including work tablets, smartphones, and laptops that can all access — and potentially download — personal data stored in the cloud.
There is also a problem with “shadow IT”, where employees use their own personal devices and apps for work activities, potentially gathering and storing more internal and customer data in the process. The number of potential places for data breaches to occur can very quickly get out of control. Greater awareness of this issue is creating opportunities for solution providers that can bridge the two camps with tools to monitor for any potential data privacy problems.
The Internet of Things Accidently Capturing Personal Data. The growth in the number of Internet of Things (IoT) devices increases the risk of personal data being inadvertently captured and potentially leaked without a company’s knowledge. For example, cameras on new roving robots in warehouses and retail malls or IoT tech in company vehicles can inadvertently capture personal data and leak it to third parties without the data subject’s consent.
The growing number of voice assistants used in workplaces and retail spaces is also potentially increasing the capture of personal audio recordings without the data subject’s consent, and this data may be stored in places where companies have no direct access. As firms incorporate more IoT technology into the workplace, this creates more opportunities for training solutions for staff as well as more advanced tools that can help track and control data flow and storage in the workplace.
Dependency on Personal Data That Is Hard to Untangle. Businesses and organizations have become increasingly dependent on personal data. This data is now so ingrained into the functioning of enterprise systems that it is very difficult to extricate it without causing major difficulties with customers’ user experiences, employees’ workflows, and companies’ reporting systems. In addition, the rise of machine learning is driving an almost unquenchable thirst for personal data, including in sensitive markets such as health, education, and security. This creates opportunities for privacy solution providers to create training programs, information guidance, and tools to wean organizations off their dependency on personal data.
Instead of enabling organizations to continue with current business models by obtaining consent in ways that disrupt their customers’ user experiences and erode trust, privacy solution providers can support these organizations to operate with as little of this personal data as possible.
Audit Firms Developing In-House Solutions. Professional service firms, especially the Big Four auditing firms, are increasingly creating privacy solutions in-house that they sell as automated services to their clients. For example, KPMG provides privacy solutions that automate privacy processes, including privacy impact assessments, data breach management, and data rights requests.
On the one hand, this threatens data solution providers that seek to sell to the same organizations. On the other, it also creates opportunities for specialist data privacy providers to develop better tools than those of the service firms and then license these to the service firms to sell to their clients. This is particularly an opportunity for mid-sized auditing firms that compete with the Big Four but don’t have the resources or capability to develop their own in-house solutions. By essentially using professional service firms as a reseller network, data privacy solution providers can significantly increase their scale and expand to new geographical markets.
Conflicting Regulations Driving Confusion. Conflicting data privacy laws in different countries mean that companies are sometimes forced to decide which laws to comply with and which to breach, as compliance with both might not be possible unless they pull out of a market altogether. For example, one country’s data residency and data storage laws may stipulate that financial service providers must store global financial transaction data centrally in one country to prevent money laundering, while another country prohibits providers from transferring this same transaction data to other countries.
This is creating an opportunity for solution providers to provide users with analytics tools to clearly compare all the relevant global data protection laws and enforcement systems and identify where there might be conflicts.
Please read in Part II: Market Size and Shares – Competitive Analyses.
Corona gibt Zeitungen
in der Digitalisierung „ungeheuren Push“
Die Folgen der Corona-Pandemie und ihre ganz erheblichen Auswirkungen auf das Geschäft der Zeitungen spielen eine zentrale Rolle beim Digital-Kongress beBETA – journalism in progress, den der Bundesverband Digitalpublisher und Zeitungsverleger (BDZV) in Berlin Virus-bedingt virtuell via Livestream veranstaltete. Die Experten aus Deutschland und Europa durchweg zeigten sich zuversichtlich. Fast gleichlautend formulierten sie: Corona hat uns bei der Digitalisierung unserer Arbeitsprozesse und Produkte einen ungeheuren Push gegeben.
Thomas Düffert, Vorsitzender Konzerngeschäftsführung Madsack Mediengruppe und als BDZV-Vizepräsident Schirmherr der beBETA, betonte in seiner Keynote-Ansprache, die Medien hätten geschafft, „die Fragen der Bevölkerung permanent ins wahre Leben zu übersetzen“. Das gelte auch und gerade für die lokalen und regionalen Tageszeitungen. „Föderalismus ist in Deutschland ohne regionale Tageszeitungen nur schwer vorstellbar“, so Düffert, der versicherte: „Aus den Zeitungsredaktionen kommt der Journalismus, dem die Leute am meisten vertrauen.“ Studien zeigten, dass dies auch für die Digital Natives im Alter zwischen 18 und 34 Jahren gelte. Allein im März und April hätten die Zeitungen Milliarden Visits verzeichnen können. Die digitalen Erfolge würden sich in wenigen Jahren auch in den Umsätzen der Medienhäuser widerspiegelten. „Allerdings werde die digitale Transformation nur dann funktionieren, „wenn es uns gelingt, in der Zeit bis dahin auch den Transport der gedruckten Zeitungen wirtschaftlich sinnvoll zu organisieren“.
„Die Corona-Pandemie ist der Lackmustest für erfolgreiche Transformation: Wir müssen in kürzester Zeit und mit höchster Kraft unsere Prozesse entlang der gesamten Wertschöpfungskette digitalisieren sowie unser Führungsverhalten auf das New Normal ausrichten“, sagt Torsten Leue,
Vorstandsvorsitzender Talanx AG, Hannover. Ähnlich wie bei den Zeitungen gehe es auch bei den Versicherern darum, die Produkte digital zu den Kunden zu bringen. Dabei beschleunige die Pandemie die Verankerung von Instrumenten wie Homeoffice oder Themen wie Videoberatung im Vertrieb. „Wir haben derzeit wöchentlich fast 30.000 Videokonferenzen intern und auch mit externen Partnern“, beschreibt Leue. Der digitale Transfer bleibe „ein Marathon und kein Sprint.“
Anna Careborg, Chefredakteurin und CEO des „Svenska Dagbladet“, wurde live via Skype aus der Stockholmer Redaktion zugeschaltet. Derzeit arbeiten 80 Prozent nicht im Newsroom, sondern vom heimischen Schreibtisch aus. 2020 sollen knapp 100 Millionen Euro nur aus digitalen journalistischen Produkten erwirtschaftet werden. Unter dem Motto „The smart news experience“ werden alle Mitarbeiter in Verlag und Redaktion involviert, um den digitalen Dialog mit dem Publikum aktiv zu stärken. Sinnbildlich dafür steht eine Landkarte mit zehn zu erreichenden Zielen. Haltepunkt vier zum Beispiel lautet: „Wir respektieren die Fähigkeit unserer Leser, für sich selbst zu denken“.
Live zugeschaltet aus Stuttgart, Ravensburg und Augsburg werden auch drei junge Digitalverantwortliche, die den „Turbo in den vergangenen Wochen eingeschaltet haben, um das Publikum über Corona zu informieren“. Die Umstellung auf Home-Office und Digital habe gezeigt, so Swantje Dake, Chefredakteurin Digital bei „Stuttgarter Zeitung/Stuttgarter Nachrichten“, „dass wir sehr viel schneller reagieren können, als wir uns im Januar noch zugetraut hätten.“ Das bestätigt Steffi Dobmeier, stellvertretende Chefredakteurin „Schwäbische Zeitung“ (Regensburg), als „wichtige Erkenntnis in der Verlagsbranche“. Die Redaktionen könnten sich vom Terminjournalismus ein Stück weit verabschieden und eigene Gedanken für neue Themen machen. „Für all das, was kommt, finde ich das sehr ermutigend.“ Yannick Dillinger, stellvertretender Chefredakteur „Augsburger Allgemeine“, beschreibt den „absoluten Boost“ bei digitalen Abonnements im März, wobei seine Zeitung dank ihrer konsequenten digitalen Ausrichtung schon „stark ins Jahr 2020 gestartet“ sei. Jetzt verminderten sich die Zahlen wieder, „jetzt beginnt die eigentliche Arbeit“. Die erreichte Zielgruppe unter den Nutzern werde, berichten die drei übereinstimmend, vom Alter her zunehmend breiter, von Mitte 20 bis Ende 50. Und manches in der ersten Corona-Phase liebgewordene Zusatz-Angebot für die Leser und Nutzer zuhause wird wohl bleiben. „Die Rätselseite“, sagt Swantje Dake, „die werden wir nie wieder los.“
Zum virtuellen BDZV-Kongress haben sich rund 1100 Teilnehmer angemeldet. „beBETA virtuell zu veranstalten, war auch für uns ein Experiment. Wir leben beBETA und das bedeutet flexibel zu reagieren und agil Lösungen zu erarbeiten“, sagt BDZV-Geschäftsführerin Katrin Tischer. „Wir freuen uns über das riesige Interesse. Das zeigt, dass der BDZV mit seiner entschiedenen Öffnung ins Digitale auf dem richtigen Weg ist.“
Experian mit Corona-Karte
In an effort to aid in the country’s re-opening efforts, Experian is making available a free interactive heat map of geographic populations at-risk of being most susceptible to developing severe cases of COVID-19. The Experian COVID-19 Outlook and Response Evaluator (CORE) tool is intended to guide healthcare organizations and government agencies as they plan for the “new normal” and coronavirus recovery in the months ahead.
Auch California State lehrt online.
California State University, the nation’s largest four-year college system, plans to cancel most in-person classes in the fall and instead offer instruction primarily online. The vast majority of classes across the 23-campus Cal State system will be taught online with some limited exceptions that allow for in-person activity. The decision to continue remotely reflects how schools throughout the country are grappling with reopening challenges inflicted by the coronavirus crisis.
Tools für Anpassung an Corona-Umwelt.
USADATA, a provider of digital marketing and data services, announced the offering of their Go Digital Fast process to help businesses adapt to the COVID-19 environment. Go Digital Fast is a consultative process offering free data and digital marketing recommendations designed to help businesses still closed, or re-opening, with tactics to generate revenue in a quick, efficient, and measurable way.
Indexes on Disruptive Technologies.
MSCI Inc. announced the expansion of its megatrend index suite with the launch of five indexes focused on disruptive innovation. The indexes track the performance of companies in dynamic fields, including autonomous technologies, genomics, fintech, and next generation internet. The new thematic indexes will leverage insights based on collaboration with ARK Investment Management LLC.
Noch eine Online-Publikation mit Entlassungen.
Quartz, an English-language digital media outlet that primarily reports international business news, is the latest online publication to undergo layoffs due to the economic slowdown caused by the coronavirus pandemic. Despite the cuts, Quartz claims its subscription business, a trend other publishers are seeing, is growing amid Covid-19.
Start der Kaplan Performance Academy.
The Kaplan Performance Academy meets organizational needs by combining learning, coaching and assessments in a single digital platform. For the user, the Kaplan Performance Academy offers a suite of self-assessment tools, learning tailored to individual needs, and one-on-one access to a coach. Kaplan’s established global footprint and learning expertise means the platform can be localized where appropriate and globalized when required.
LinkedIn erweitert Nachrichtenservice.
LinkedIn has announced a re-brand of its editorial team, which has now grown to more than 75 individual staff, working across 15 regions. Aside from posting relevant business updates as they happen, the LinkedIn News team will manage the platform’s Trending News listings (which was rolled out to more users last year), LinkedIn Lists, the Daily Rundown compilations of key news stories, and more.
Forum und Nachrichten
für die Informationsbranche
im deutschsprachigen Raum
Neue Ausgaben von Open Password erscheinen viermal in der Woche.
Wer den E-Mai-Service kostenfrei abonnieren möchte – bitte unter www.password-online.de eintragen.
Die aktuelle Ausgabe von Open Password ist unmittelbar nach ihrem Erscheinen im Web abzurufen. www.password-online.de/archiv. Das gilt auch für alle früher erschienenen Ausgaben.
International Co-operation Partner:
Business Industry Information Association/BIIA (Hongkong)