More Organizations Forgoing Legal's Input When Buying Privacy Tech
IAPP and TrustArc's “How Privacy Tech Is Bought and Deployed” survey found that legal teams have less input in the privacy purchases their organizations make—and that may be a good sign for adoption,
June 28, 2019 at 07:00 AM
4 minute read
While legal teams have influence over some of their business' spending decisions, that rarely extends to what privacy technology their organizations purchase, according to the “How Privacy Tech Is Bought and Deployed” survey of 345 in-house privacy professionals conducted by IAPP and TrustArc.
The survey found that only 26% of organizations sought out their attorneys' input on what privacy legal update tools to purchase, while just under 20% did the same with privacy program assessment, data subject consent or data subject rights request platforms. Less than 15% of all organizations gave legal a say in any other privacy-related technology purchase.
Respondent organizations' attorneys were also among the least likely group to use any privacy technology platform as well. Only 26% said their legal teams used privacy legal update tools, while just over 15% used privacy program assessment platforms and data subject access request tools.
On the other hand, the IT, information security, and privacy and data protection teams within respondent organizations were the most likely to have input and use almost all types of privacy technologies.
Almost two-thirds of survey respondents were from corporations, while 10% were outside counsel, and the rest were from consulting businesses or the public sector. Almost half of respondents also came from the U.S., with an additional 40% coming from the EU and UK, and the remaining from Canada, Asia and other regions.
Dave Deasy, TrustArc's senior vice president of marketing, noted there has been a “shift in where privacy [technology] is owned inside the company both from a responsibility and a budget perspective. … Three or four years ago there was much more clear ownership in legal. That is becoming much more distributed across information security and IT now.”
He noted, however, that such a shift has meant more adoption of privacy technology given that “legal departments don't have a technology budget,” whereas the IT side has access to more funds.
However, Deasy pushed back on the notion that legal departments as a whole were overlooked when it came to privacy purchases. He noted that while the survey classified privacy, compliance and legal teams as separate entities, in many companies those functions are all housed under the legal department.
“I think people who are responding that they are in the privacy group, are entirely in the privacy group, but they report into legal. … I think the reality in many companies isn't so black and white.”
Though privacy purchasing decisions have increasingly become the responsibility of in-house IT teams, technology adoption was not all that widespread among respondents.
The most widely-used privacy tools among respondents were network activity monitoring software (65%) and secure enterprise communications (60%). Beyond that, only a minority adopted other tools, such as privacy legal updates and information management (38%), privacy program assessment and management (27%), and data mapping (25%). Even fewer had data subject consent (21%) or personal data discovery platforms (14%).
Deasy said that the overall adoption rates were actually an improvement from years past, and underscored the nascent nature of some privacy technology. “I think if you went back in time five or seven years ago, you would see the adoption close to zero,” he said. He added, “In a lot of cases, the tools didn't seem to exist.”
Deasy also noted that secure enterprise communications and network activity monitoring software had a higher adoption rate because they were typically IT functions and had been in the market for a fairly long time.
When asked what prevented their organizations from adopting privacy tools, most respondents cited a lack of budget as the largest barrier, followed by the need to get manager approval and the immaturity of such solutions. On the other hand, the biggest motivator to adopt privacy tools was the need to demonstrate compliance, followed by the ease of use of such tools.
The report also looked at privacy tech adoption specifically among surveyed outside counsel, which was likewise relatively limited. Slightly under half deployed secure enterprise communication platforms, the most widely used technology for the demographic. Around a third deployed network activity monitoring, incident response and privacy legal update tools as well.
Deasy reiterated that adoption levels are an improvement from the past, but also noted they may be low because such technology can add efficiencies that take away from billable hours. “In some cases, we've seen resistance simply because it runs counter to the business model.” Still, he said that as alternate fee arrangements become more prominent, adoption will likely continue to rise.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Courts, Lawyers Press On With Business as SoCal Wildfires Rage
- 2Florida, a Political Epicenter, Is the Site of Brownstein Hyatt's 13th Office
- 3Law Firms Close Southern California Offices Amid Devastating Wildfires
- 4Lawsuit alleges racial and gender discrimination led to an Air Force contractor's death at California airfield
- 5Holland & Knight Picks Up 8 Private Wealth Lawyers in Los Angeles
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
