The company's Founder, President, and CEO Kabir Barday discusses the company's revolutionary approach to data privacy.
Using Athena as an example, how are AI and RPA transforming the concept of workplace and ways of doing business Can you tell us a bit about Athena?
The privacy landscape is constantly changing, as are the ways technology can help solve these complex problems. The OneTrust Athena AI built-in to our platform assists our customers to tackle both of these challenges. First, Athena is intelligent because she is made intelligent by the OneTrust DataGuidance regulatory research platform that is updated daily with the latest on global privacy laws and security frameworks. We have an in-house team of 40 privacy professionals, plus a network of 500 lawyers across 300 jurisdictions updating OneTrust DataGuidance on a daily basis, and that information is machine readable. With this dataset, Athena knows the latest laws and can make intelligent inferences on this information.
Second, Athena helps our customers better manage their privacy, security and trust programs. OneTrust Athena leverages AI, machine learning, predictive intelligence, and robotic process automation to help companies understand the sensitive data they hold, automate complex processes, and gain insights into their compliance operations. An example of OneTrust Athena in action to help our customer's workflows is with a consumer privacy request. Many privacy laws, including India's Personal Data Protection Bill of 2019 (PDPB), give people new rights over their data, such as the right to access or delete personal information. Operationally fulfilling these requests quickly becomes a major compliance challenge. Athena helps solve these challenges by automating the intake of the request, validating the requestor's identity, and fulfilling the request by connecting to all the places personal data may exist within the company. She can also set timelines and deadlines based on the specific laws applicable to the requestor. This is just one example of how AI and RPA from OneTrust help companies better operate their privacy, security and trust programs.
What sets OneTrust apart in this sector?
OneTrust the largest and most widely used privacy, security and trust platform. We have more than 5,000 customers using our software to build integrated programs that comply with the CCPA, GDPR, LGPD and hundreds of the world's privacy and security laws. Our platform addresses several key uses cases, and includes a number of key offerings:
OneTrust Privacy Management Software
OneTrust PreferenceChoice™ Consent and Preference Management Software
OneTrust Vendorpedia™ Third-Party Risk Management Software and Cyber Risk Exchange
OneTrust GRC Integrated Risk Management Software
OneTrust Ethics Compliance and Ethics Software
Our products are powered by OneTrust DataDiscovery data discovery and classification, and are made intelligent by the OneTrust Athena AI and robotic automation engine and OneTrust DataGuidance regulatory research software. OneTrust products are backed by 75 patents and can be used standalone - or seamlessly integrate together - to give the right-sized technology for your privacy, security and trust programs. We are also set apart by driving business value for customers outside of just a technology solution. Our PrivacyConnect chapters in 100 cities across the globe create a community for privacy and security professionals focused on tools and best practices to implement global privacy laws in practice. Through free, local events, ongoing webinars, and an online community, PrivacyConnect enables practitioners across all industries to connect, share experiences, and learn the latest regulatory requirements and implementation of best practices.
What are some tips for companies and individuals to manage data risks as conferencing portals and third-party apps become indispensable during the current crisis?
Third-party risk management isn't a new concept, however, recent events have brought the discipline into the forefront like never before. Organisations in all industries rely on third parties, whether they be cloud service providers, suppliers, contractors, or other vendors. A few key tips for companies managing third-party risk management challenges include defining your company's risk appetite, understanding the risks associated with your vendors, and identifying which standards and frameworks should be used to classify these vendors. Following this, companies should create a centralised inventory of their vendor information where they can assess, track, and monitor the vendors and their associated risks throughout the engagement lifecycle.
What cyber and privacy challenges are predominant in the Indian data and tech industry; and how can those be countered?
In 2017, the Supreme Court of India declared privacy a fundamental right under India's Constitution. To guarantee individuals' fundamental right to privacy, India introduced the Personal Data Protection Bill (PDPB) of 2018, which aimed to establish a robust data protection regime in India. Then revised in 2019, the PDPB broadly applies to the processing of personal data and grants individuals GDPR-like rights, including the right to confirmation and access, to correction and erasure, to be forgotten, and data portability. In addition to complying with comprehensive privacy principles, organisations subject to the PDPB must maintain transparent processing, implement security safeguards to protect personal data, and incorporate privacy by design into their operations. The PDPB also creates new categories of organisations - “significant data fiduciaries” and “social media intermediaries” - which face heightened requirements, including the obligation to appoint a data protection officer and conduct a data protection impact assessments. Given the PDPB's extraterritorial reach and restrictions on international transfers of personal data, it will pose increased challenges to India-based organisations, as well as multi-national companies that handle the personal data of individuals in India or process personal data in India. By leveraging OneTrust, organisations can measure their current standing and build an infrastructure to adhere to PDPB compliance standards. Businesses can support and uphold data subject rights from the collection of valid consent to the fulfilment of data subject requests. OneTrust tools allow organisations to implement privacy by design solutions to automate compliance efforts and build privacy into products, into products and processes.
How does the Indian market feature in your company′s global agenda?
OneTrust is very excited about the Indian market - both as a technology provider and as an employer. Our solutions will be tailored to address the specific nuances of the PDPB and help companies around the globe demonstrate compliance with this law and make privacy a competitive advantage and business differentiator. We also will continue to grow our presence in India at our Bangalore office, which is one of the largest of our 10 global offices.