Join Transform 2021 this July 12-16. Register for the AI event of the year.
As companies across industries grapple with a growing array of data privacy regulations such as GDPR in Europe and CCPA in California, not to mention rising data security expectations from their customers, this has opened the door to a swathe of startups that are setting out to make it easier for businesses to manage and automate their privacy programs.
And that is why Los Angeles-based startup TerraTrue went to market last year with a “privacy-by-design” ethos that helps companies proactively manage their privacy programs before a new product or features ships.
To do so, TerraTrue essentially unifies product development with privacy standards.
“TerraTrue can power a fast, scalable privacy program because it’s purposefully designed to bring privacy into the product-development lifecycle,” TerraTrue COO and cofounder Chris Handman told VentureBeat. “That’s a radically different approach to how legacy solutions have built their products. They design tools for compliance teams, not product teams or developers.”
In its short tenure so far (TerraTrue exited beta in the third quarter of 2020), TerraTrue has amassed a reasonable roster of customers that includes freshly-IPO’d ecommerce giant Wish and VC-backed photo app maker VSCO. To help push the platform into more businesses around the world, the company today announced that it has raised $15 million in a series A round of funding led by 3L, with participation from Chris Sacca and Anthos Capital.
Private major
Founded in 2019, TerraTrue is the brainchild of CEO Jad Boutros, who previously worked on security at Google before joining Snap (then Snapchat) in 2014 as Director of Information Security, and later as Chief Security Officer; and Handman, who joined Snap in 2014 as General Counsel. The duo were brought in shortly after a major hack had compromised the data of millions of Snapchat users, which was followed by a settlement with the Federal Trade Commission (FTC) which had alleged that Snapchat had deceived its users about the amount of personal data it collected and the security measures it had in place.
Now, having developed a rigorous privacy program that allowed Snap to scale quickly while adhering to all applicable laws and submit to regular audits, they have taken their lessons and now offer a similar platform that any company can use.
“Our time at Snap — and before that at Google — taught us the basic principle that guides TerraTrue’s product design,” Boutros explained. “To do privacy right and to ship features on time, privacy must be a seamless part of product development, not an afterthought done in isolation. That ensures consistency, promotes timely guidance and feedback that won’t jeopardize a sprint cycle, and minimizes complexity as a company grows.”
A slew of data privacy management and compliance platforms have emerged in recent years. This month alone we’ve seen OneTrust close a $210 million round of funding and BigID lock down $30 million, while last month DataGrail secured $30 million to help enterprises manage data privacy requests. TerraTrue, on the other hand, is tackling the privacy problem from a slightly different perspective — rather than focusing on data that has already been collected, it’s targeting pre-deployment privacy compliance.
“Whether it’s managing cookie consents, responding to data subject access requests, or mapping data that a company has been sharing with third parties, the focus [from other companies in this space] is on data that’s already being collected, stored, and processed,” Handman said. “These are all worthwhile tools, but they’re also reactive tools. They don’t address privacy risks, offer guidance, or ensure new features get reviewed before a company ships them.”
Privacy-by-design
By contrast, TerraTrue tracks new features as they’re being developed and surfaces potential privacy risks in real-time, while simultaneously issuing recommendations and automating many of processes required to address the issues at hand. Moreover, TerraTrue also tracks all new regulations that are scheduled to come out, so that by the time a particular statute is applicable, companies using TerraTrue are already up-to-date on what they need to do to stay on the right side of the law.
“In privacy parlance, this pre-deployment work is known as ‘privacy-by-design,” Handman added. “Simply stated, it’s the idea that companies should consider privacy risks, edge cases, and safeguards before they ship features and potentially introduce mischief to their consumers.”
Above: TerraTrue: Consent
All this isn’t to say that companies aren’t already trying to build privacy into their products from the outset, it’s just that it’s incredibly difficult to execute while also trying to continuously push out new features and products, something that most modern “agile” software development principles strive for.
“Companies lacked proper tooling to pull this off — instead, most companies repurposed spreadsheets, ad-hoc pings through Slack or email and Google Docs to try to understand what features product teams are building, how they map onto global privacy rules, and how they should address shortfalls,” Handman explained. “But that work is painfully manual, repetitive, and slow.”
TerraTrue integrates with many of the tools that companies use, including GitHub, Jira, Google Drive, and Slack, and is ultimately designed to “keep privacy and product teams in sync” without slowing down the product development process.
“Everything we do at TerraTrue works to seamlessly integrate privacy into the product-development life cycle,” Handman said. “And integrations are one of the most powerful ways to deliver that experience to customers.”
For instance, a project manager might launch a ticket in Jira, Atlassian’s project management product for software developers, and TerraTrue can instantly flag whether this will have any privacy implications and kickstart a review process including issuing updates and notifications to all the relevant stakeholders, in Jira, Slack, or elsewhere. All comments and responses, regardless of their source, are collated and centralized in TerraTrue.
Above: TerraTrue: Data subjects — whose data is involved in this launch?
Although TerraTrue offers many pre-built integrations that are available out-of-the-box, it also allows customers to develop custom workflows, for example to develop independent review processes that funnel into their product development.
“For example, a company might create a vendor security questionnaire, but craft it so that TerraTrue will send it to the relevant team members only when a feature would onboard a new vendor,” Boutros said. “What’s more, TerraTrue lets the company quickly triage work by assigning risk scores to responses inside the workflows.
Prior to now, TerraTrue had raised $4.5 million, and with its fresh $15 million cash injection the company is well-financed to support businesses of all sizes as they face an evergrowing litany of privacy regulations.
While TerraTrue might appeal to smaller startups without the resources to keep on top of everything themselves, enterprises too have better things to focus on than aligning every new feature they build with the latest legislation to come out of Switzerland. Boutros was careful not to give too much away, but he did point to two key strategic priorities in its future product roadmap.
“One is to support the needs of very large enterprises that have developed their own proprietary toolchains for managing development and deployment activities over years,” he explained.
In real terms, this means building external APIs for these businesses to integrate TerraTrue into their own custom tools, while also giving them the flexibility to manage the TerraTrue platform across myriad disparate teams.
Elsewhere, Boutros also said that companies can expect to see more integrations with other popular third-party productivity and development tools so that “TerraTrue works even better with the way organizations currently work.”
VentureBeat
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more
Source: Read Full Article