[author: Thomas Bonk]
Epiq was back on the road last week for another in-person industry event – this time in Atlanta, GA to get a read on the privacy, risk, and ethics compliance space at OneTrust’s annual customer and partner conference, TrustWeek 2022. The primary takeaway from the event was the strong, palpable excitement from all there that they are on the leading edge of something new. The energy at the conference felt reminiscent of the energy of burgeoning eDiscovery community observed in the early 2000s.
Below are the main takeaways and new learnings gained from TrustWeek 2022:
- There is a greater focus on privacy compliance and consent management technology to the broader portfolio of enterprise compliance and management solutions which address GRC, ethics, and ESG. For OneTrust, the defining theme it is evangelizing this year is, “Trust” which should come as no surprise considering the company’s branding.
- There were some very bold claims that Trust (with a capital T) is foundational across all its solutions, so much so that “Trust Intelligence” is the appropriate moniker for a brand-new software product category. In his conference keynote presentation, CEO Kabir Barday stated that “The last decade was about digital transformation” with an implication that some unintended consequences that followed drive the current Trust imperative. He further stated that “The next (decade) will be about Trust transformation” which is the bet the company is clearly pivoting towards. Barday’s pitch was compelling and well-received by an audience of practitioners who by all appearances are primed and ready to address these (mostly new) challenges. It will be interesting to see if this Trust Intelligence concept takes hold and resonates in the marketplace in the years ahead.
- Many of the themes and ideas presented at the privacy-focused International Association of Privacy Professionals (IAPP) conference recently held in North America this past April were reinforced at TrustWeek 2022. Privacy regulations continue to advance in complexity, especially in the United States where California is evolving from its initial law (CCPA) to its second, expanded iteration (CPRA) and with several additional states (Utah, Colorado, and Virginia) bringing forth their own privacy statutes. Additional drivers of complexities in privacy compliance include ever-expanding data volumes within the technology landscape and increased stakeholder awareness on its associated business risk, especially with concerns expressed at an enterprise’s board of directors level.
- On the consumer consent management front, the declining practice of web browsers collecting cookies for sale to third-party marketers was discussed, which largely requires consent to be gained from individuals via disruptive and annoying banners. This approach is likely to wind down with an end expected in 2023 or 2024 as Google deprecates its use of third-party cookies. Third-party cookies practices will likely be replaced by new and more transparent approaches from marketers wishing to gain consent from their customers to track browsing data for their own specific “first-party” purposes accompanied by new methods to managing consent from customers. All of this bodes well for continued innovation in automated technology solutions that address the anticipated changes in consent management requirements for privacy regulations.
- Of note was the ethics and compliance discussion as there has been an increased interest in the marketplace, especially from C-suite stakeholders concerned with various challenges related to the cultivation of transparency and accountability within their enterprise’s culture. OneTrust’s solution extends to the enterprise’s auditing and ongoing due diligence of its third-party vendors which is useful as the interconnectedness and dependencies on vendor performance often goes hand in hand with a company’s overall brand performance. Another great discussion was about the emerging need for technology solutions to support ethical AI initiatives that document principles and associated frameworks for IT, finance, product development, marketing, HR and legal stakeholders to utilize across functions and in a consistent manner as there is a prevailing assumption that government regulation of AI tools and their use is inevitable.
As privacy laws continue to evolve and GRC, ethics, and ESG become more important, it is all about “Trusting” AI solutions to help solve complicated problems. This conference shined a light on the capabilities of technology in the space and the excitement around the growth of more robust AI initiatives down the line.