Privya worth, shift left on cloud data privacy controls
As companies, applications and AI models handle more and more personal information, governments have responded with new data protection laws.
The EU General Data Protection Regulation is mirrored by California’s Consumer Privacy Act and others around the world.
Breaking these laws can be expensive; but data privacy vendors, of course, claim they have the answer.
Privacy players are keen to tell us that organisations struggle to implement complex legal privacy requirements and reporting systems at the engineering level, spending millions and doing much of the work by hand.
As we almost every technology today, the clarion call from the data privacy vendor community is – hey, don’t do all that work by hand, we have a platform-level solution that can keep private and personal information is kept safe before code is deployed to production
One such company in this space is Privya.
Pronounced priv-yah (think George Dubya, but with a data scanning vibe), the company identifies data protection issues and violations early in the software application development process.
Shifting privacy left, Privya says its scanner analyses how sensitive data is handled in code, understanding which types of data are being collected and how they are being used, stored and sent to third-party services.
“Existing privacy solutions focus on private information once it’s already deployed in production, but this can leave organizations exposed and lead to expensive attempts to correct the issue,” said Uzy Hadad, co-founder and CEO of Privya. “Cybersecurity has shown us there are better ways; shifting left and stopping bad practices during development, so they never make it to production at all.”
Privya integrates into a company’s CI/CD pipeline, ensuring that bad data handling practices ‘never’ make it into a build.
It also offers developers actionable measures to fix issues.
The platform constructs a full mapping of each service to give visibility into how an application handles personal or sensitive data.
Privacy management wizard
Privya also provides a powerful and convenient privacy management wizard, making it simple to add to an ongoing project, as well as visual features like privacy management dashboards.
It flags sensitive data protection vulnerabilities (for example, when personal information is written to logs) and can confirm that data is only being used and processed for the purposes agreed in a company’s privacy policies.
“Privacy and data protection are among the biggest challenges of our time, and with big data and machine learning using larger and larger quantities of personal data, keeping sensitive and personal information protected is getting both harder and more urgent”, said Hadad.
Hadad argues that effective regulations are a great start, but they aren’t enough. He insists that his firms solution bridges the gaps between a company’s Data Protection Officer (DPO), Risk and Compliance Officer (RCO) and CISO on the one side and their engineering teams on the other, protecting users’ privacy in cloud applications before code is deployed in production.
Privya was founded in 2021 by Uzy Hadad, Arthur Garmider and David Segev.
Hadad was originally inspired to found a data privacy startup after the data platform that he has invented and developed has been acquired by a data broker and he saw the amount of personal information that was being collected, stored and monetised.
Privya has offices in Israel and the USA.