As a Californian, I’m accustomed to the ground shifting from an occasional earthquake. An earthquake took place during the 2008 California bar exam -- it should have been an omen of what was to come of my career as a privacy professional. The proctor said "For those of you who are not from California, welcome. For those of you who are from California, continue with your exam."

Since the bar exam and through my career as a privacy professional, this continues to resonate. We have been bombarded with change since privacy became regulated. I’m accustomed to seismic shifts in the regulatory landscape that grounds our profession. Whether it's the invalidation of Safe Harbor, Privacy Shield, the former Standard Contractual Clauses, or we're faced with CPRA challenges in California courts, the only thing constant about data privacy is that it is constantly changing, moving, shifting.

Once the first recorded earthquake occurred in China in 1177 B.C., it took nearly 3,200 years before states and localities in the U.S. adopted earthquake-mitigating building codes established by the International Code Council (ICC) to create model building codes widely used and adopted around the world.

Meanwhile, the first browser cookie was introduced in 1994, and the next year, the EU passed the European Data Protection Directive, the predecessor to the General Data Protection Regulation (GDPR). While European regulations caught up to privacy much more quickly than the construction industry did with earthquakes, the ground shifting under the privacy landscape means regulators--as well as organizations--are continuously playing catch-up with technology advances. For example, while a handful of states in the US passed or enacted new privacy laws in 2023, they’re already likely missing governance of a key technology. We can thank the rapid ascendancy of Artificial Intelligence (AI) for that.

And while building codes have played a key role in managing earthquake risk, code also plays a key role in managing privacy risk and offering an organization a seismic safe foundation – in this case, source code.

In the construction industry, engineers design reinforcements for structures to counteract the force of earthquakes. They ensure the building's foundation can withstand ground movement, changes, and shifts. In the privacy profession, the equivalent of a building's foundation is the data inventory and map. Every element of a privacy program rests on an understanding of three critical areas:

1. What data do you process;
2. Who and which systems have access to that data; and
3. How that data is processed.

When we are building privacy programs, we must ensure, when these three critical areas continue to move, shift, and change, we too can keep up with those changes. However, many privacy and data governance programs have completely disregarded the need to have a seismic safe foundation. Many organizations continue to rely on manual tooling, spreadsheets, forms, surveys, and meetings. Just as a brick building improperly constructed will crumble under the force of an earthquake, the lack of a foundational, always live data inventory and map that can adapt to change will lead to major gaps in a privacy program. And, as privacy professionals, we must be prepared not only for regulatory changes, but also changes to how new data is processed, how it is flowing, who is accessing it, and what is done to it.

Engineers and privacy professionals must build a solid foundation if they are to keep pace with ever-changing privacy requirements. At Relyance AI, our engineers developed our advanced privacy management platform to go straight to the source of truth: source code. Using machine learning, Relyance AI builds a dynamic, real-time data inventory and map so you can monitor how personal data moves through your code, applications, infrastructure, and to third-party vendors, providing an unparalleled depth of view of your data, no matter how data processing changes.

Today, nearly every company is a data company, where decisions about data processing are made in code. Smart companies set the baseline for their privacy program against the toughest regulations and extreme data flow changes, building their program to withstand any new tremors that may take place through this AI renaissance. While a building can never be completely earthquake-proof, an organization’s privacy program can be built to withstand whatever seismic shifts may come as we undergo data processing at an unprecedented scale, as well as constantly changing regulations. This happens through a clear understanding of source code. Why? Because Privacy. It's in the Code.

-

Learn more about how the Relyance AI Continuous Compliance Monitoring and Management Platform can render your organization earthquake proof by booking a demo.

As a Californian, I’m accustomed to the ground shifting from an occasional earthquake. An earthquake took place during the 2008 California bar exam -- it should have been an omen of what was to come of my career as a privacy professional. The proctor said "For those of you who are not from California, welcome. For those of you who are from California, continue with your exam."

Since the bar exam and through my career as a privacy professional, this continues to resonate. We have been bombarded with change since privacy became regulated. I’m accustomed to seismic shifts in the regulatory landscape that grounds our profession. Whether it's the invalidation of Safe Harbor, Privacy Shield, the former Standard Contractual Clauses, or we're faced with CPRA challenges in California courts, the only thing constant about data privacy is that it is constantly changing, moving, shifting.

Once the first recorded earthquake occurred in China in 1177 B.C., it took nearly 3,200 years before states and localities in the U.S. adopted earthquake-mitigating building codes established by the International Code Council (ICC) to create model building codes widely used and adopted around the world.

Meanwhile, the first browser cookie was introduced in 1994, and the next year, the EU passed the European Data Protection Directive, the predecessor to the General Data Protection Regulation (GDPR). While European regulations caught up to privacy much more quickly than the construction industry did with earthquakes, the ground shifting under the privacy landscape means regulators--as well as organizations--are continuously playing catch-up with technology advances. For example, while a handful of states in the US passed or enacted new privacy laws in 2023, they’re already likely missing governance of a key technology. We can thank the rapid ascendancy of Artificial Intelligence (AI) for that.

And while building codes have played a key role in managing earthquake risk, code also plays a key role in managing privacy risk and offering an organization a seismic safe foundation – in this case, source code.

In the construction industry, engineers design reinforcements for structures to counteract the force of earthquakes. They ensure the building's foundation can withstand ground movement, changes, and shifts. In the privacy profession, the equivalent of a building's foundation is the data inventory and map. Every element of a privacy program rests on an understanding of three critical areas:

1. What data do you process;
2. Who and which systems have access to that data; and
3. How that data is processed.

When we are building privacy programs, we must ensure, when these three critical areas continue to move, shift, and change, we too can keep up with those changes. However, many privacy and data governance programs have completely disregarded the need to have a seismic safe foundation. Many organizations continue to rely on manual tooling, spreadsheets, forms, surveys, and meetings. Just as a brick building improperly constructed will crumble under the force of an earthquake, the lack of a foundational, always live data inventory and map that can adapt to change will lead to major gaps in a privacy program. And, as privacy professionals, we must be prepared not only for regulatory changes, but also changes to how new data is processed, how it is flowing, who is accessing it, and what is done to it.

Engineers and privacy professionals must build a solid foundation if they are to keep pace with ever-changing privacy requirements. At Relyance AI, our engineers developed our advanced privacy management platform to go straight to the source of truth: source code. Using machine learning, Relyance AI builds a dynamic, real-time data inventory and map so you can monitor how personal data moves through your code, applications, infrastructure, and to third-party vendors, providing an unparalleled depth of view of your data, no matter how data processing changes.

Today, nearly every company is a data company, where decisions about data processing are made in code. Smart companies set the baseline for their privacy program against the toughest regulations and extreme data flow changes, building their program to withstand any new tremors that may take place through this AI renaissance. While a building can never be completely earthquake-proof, an organization’s privacy program can be built to withstand whatever seismic shifts may come as we undergo data processing at an unprecedented scale, as well as constantly changing regulations. This happens through a clear understanding of source code. Why? Because Privacy. It's in the Code.

-

Learn more about how the Relyance AI Continuous Compliance Monitoring and Management Platform can render your organization earthquake proof by booking a demo.