0

0

0

0

0

0

0

0

0

This article is more than 5 month old.

Data protection law will boost privacy-tech startups

Mini

Technology can help businesses meet privacy regulations effectively and in a cost-effective manner.

Data protection law will boost privacy-tech startups
A parliamentary committee is providing final touches to India’s data protection bill, nearly four years after the government first set up a committee to consider it. The law will place many obligations on businesses that collect data. They will need to ensure data security and will face fines if customer data is breached. They will need to expeditiously respond to a customer’s request to access, modify, or delete her data. They will face penalties for not conducting a data audit or failing to appoint a data protection officer. The management will potentially face jail terms if data is de-anonymised without the user’s consent.
In parallel, consumer awareness about data privacy is also rising. For example, a survey of nearly 9,000 Indians showed that 51 percent of them said they will reduce or stop using WhatsApp because of the changes in its privacy policy. Therefore, expectations for businesses to be responsible stewards of data are rising – from consumers, regulators, and business partners.
Meeting these expectations will not be easy. Research by Monitor-Deloitte shows that Indian businesses use only 5-20 percent of the data they collect. The rest is distributed in different places within the organisation, creating risk of data leaks. Many businesses have announced that they will transition 50-75 percent of the workforce to permanent work-from-home, which means they won’t be able to secure employee devices as easily. Cyber-threats are also rising – the number of data breaches in India increased 37 percent between 2019 and 2020.
In this situation, technology can help businesses meet privacy regulations effectively and in a cost-effective manner. As a result, privacy-tech businesses have emerged as unicorns in geographies like Europe and USA, which have had privacy laws for longer. US-based OneTrust, whose platform helps businesses ensure compliance with privacy laws, raised its Series C at a $5.1 billion valuation in December 2020. Around the same time, Israel’s Big ID, which helps companies find, track and “de-risk” customer data, achieved unicorn status as well. The phenomenon has reached Indian shores – Druva, a Pune-based company that builds data protection solutions for business clients, became a unicorn in 2019.
When the data protection bill is passed, this trickle is likely to become a wave. Three sub-sectors within privacy-tech are likely to see the fastest growth.
As businesses move to a remote working environment due to Covid-19, it will become important for them to ensure that only genuine customers and employees, rather than hackers, access internal data systems. They will need to do so without compromising on speed and customer experience. Named ‘identity and access management (IAM)’, this sector is expected to be a $23 billion global industry by 2025. The Indian market is under-penetrated and is likely to see innovations that replace insecure existing methods like one-time passwords (OTPs).
Even the best IAM system will not eliminate the risk of data breaches. Businesses can, however, reduce the financial and reputational harms that breaches cause. Today, most data stored by businesses is unencrypted – which means hackers can easily read it. If the data is encrypted, the consequences of a breach are less severe. Hence, the privacy law will incentivise businesses to invest in better encryption, i.e. techniques that make data unreadable to outsiders even if they use sophisticated techniques like quantum computing. Start-ups will also likely create encryption products for mid-market businesses, who do not have budgets or internal IT teams to deploy existing products.
Finally, businesses will need to ensure and prove compliance with the data protection law. Technology will help them do so effectively and cheaply. This ‘data compliance and management’ sub-sector is likely to be a $6 billion global industry by 2025. It includes products that enforce rules about which employees can access customer data, create automated privacy compliance dashboards, and respond quickly to data requests from customers. Indian start-ups will have a competitive advantage because the privacy bill mandates that certain kinds of data be processed only within India.
These trends are already in motion, and are creating opportunities for entrepreneurs and investors alike. Research by the Data Security Council of India shows that the cumulative revenue of cybersecurity product companies grew 39 percent annually between 2016 and 2020. These companies attracted investments of $490 million in this period, three-quarters of which came from venture capital firms. This growth was driven by an intensifying threat landscape and the European privacy law. Once the Indian law comes into force, we should expect further acceleration. In short, privacy-tech is set to emerge as an important and rewarding investment area.
-by Subhashish Bhadra
, Principal, Investments, Omidyar Network India
(The author works at Omidyar Network India, an investment firm that invests in bold entrepreneurs who help create a meaningful life for every Indian.)
next story