Happy International Data Privacy Day!
To celebrate, I’ve put together a market map of some tech in the privacy space. (*Disclaimer: These Views Are My Own and Do Not Represent Any Organization I Am Affiliated With*)
From a Consumer Perspective (B2C):
Data Tracking/Remediation: These companies track your digital footprint, and in some cases, act on your behalf to delete and reclaim your data from online platforms (Jumbo Privacy, Mine, LifeLock, Dip)
File Encryption: These companies encrypt user files and offer encrypted storage so others can’t access the information (AxCrypt, Keybase)
Privacy-First Companies: While there are likely many more, these companies have attempted to build advanced privacy features directly into their products (Apple, DuckDuckGo, Nebula Genomics)
VPN: This technology allows you to surf the web on your own private tunnel, shielding your browsing details from outsiders (TunnelBear, NordVPN, ExpressVPN, and many more)
Password Managers: With the onslaught of passwords, these companies help you keep them all in one place (Dashlane, Lastpass, 1Password) - though I believe the future is passwordless
From a Business Perspective (B2B):
Data Governance, Mapping, and Visibility: With GDPR, and now CCPA, companies that hold user data are required to maintain an inventory of the data, as well as provide data flows to regulators. These companies allow customers to visualize and report on their users’ data, as well as automate data rights requests (BigID, Osano, Ethyca, WireWheel, Securiti.ai, OneTrust). This category will likely be the fastest growing this year.
Privacy as a Service: These companies help customers build privacy directly into their development process, tech stack, and/or product. To me, this category will define the future of B2B privacy. Rather than offering bolt-on compliance for privacy regulations (treating the symptoms of poor data management), they will help companies think about privacy from the beginning (Oasis Labs, Terratrue).
Encryption and Synthetic Data: This is a huge category, so I’ll just brush on this quickly. Companies in this category encrypt data (files, emails), as well as allow customers to run compute on encrypted data. Traditional encryption is done by companies like IBM, while encryption allowing compute on data in use (homomorphic encryption, secure multi-party compute) is done by companies such as Baffle, Secretarium, Enveil, and others. Synthetic data companies create fake look-alike datasets to allow customers to run computations while maintaining security of the original data - they also help companies who may not have access to real data (Hazy, DataGen).
Identity and Access Management: The traditional stalwart of data privacy, these companies have historically offered access management and user directories (Microsoft, Okta, Ping Identity, OneLogin, RSA, CA), and will continue to be important in a password and identity-first world. Anti-fraud and identity verification companies take on the job of making sure users are who they say they are, and don’t attempt to steal others’ identity. My final, and favorite category in this section, are the passwordless companies - those who enable passwordless login for users (Hypr, NuID, Fast). This is the pinnacle of security and privacy in my opinion, as no passwords are stored on shared databases, but rather on end devices.
Data Marketplaces
While still a relatively novel idea, these companies are attempting to create data marketplaces where users and data-seekers can connect and transact. (Ozone.ai, Datapace)