Data privacy compliance has become a hot new market in the brave new world of regulated privacy and security.
Since my piece about OneTrust, the Atlanta-based privacy management startup that closed a Series A $200 million was published here last week, I have been flooded with press releases and phone calls from representatives of other startups looking to break into the fast-growing market of providing software to help multinationals comply with the endless stream of privacy and global security laws now being mandated around the globe.
To give you an idea of scale, at the last count, more than 80 countries around the world have implemented data sovereignty regulations, including Germany, Brazil, China, and India.
In the U.S. alone, at least 25 states have passed data privacy laws, many of which go into effect January 2020. Despite the urgency, 86 percent of U.S. companies still aren't compliant with global data regulations, according to a TrustArc survey.
Each of the new companies appears to bring some new wrinkles to the core data compliance offering. While none of them I've seen so far quite match the rapid trajectory into unicorn status enjoyed by OneTrust, several have impressive stories.
Consider, for example, InCountry, a San Francisco-based startup that emerged from stealth mode only three months ago with $7 million in seed funding and last week added another $15 million in Series A funding led by Arbor Ventures of Singapore, Global Founders Capital of Berlin, and Mubadala of Abu Dhabi, with participation from previous investors including Caffeinated Capital, Felicis Ventures, Charles River Ventures, and Team Builder Ventures.
InCountry says it will use the funds to open regional offices in Singapore, Berlin, and Abu Dhabi, and launch its new product, InCountry Border, that will offer industry-first encryption and data handling capabilities that stay within border lines. This is an important point since more and more countries are demanding that data collected within its borders stay within those borders. Said CEO and Founder Peter Yared:
Data sovereignty or data localization laws are a growing and a particular challenge for international companies. From Australia to Vietnam, almost 100 countries currently require companies to physically store their citizens' data within the country of origin. These laws vary by specific country and are evolving every day. That means companies with multinational operations face a confusing, fragmented landscape and risky business conditions. Non-compliance means hefty fines, or worse, even banishment from a country.
Because of data sovereignty rules, Google has moved its European data from the U.S. to Ireland to aid with compliance, while huge fines await companies that mismanage customer data. China requires all data relating to Chinese customers to be hosted in China, while Russia has had data localization laws in place since 2014.
Yared says InCountry - which he calls the first Data-Residency-as-a-Service platform - solves the difficult problem of country-specific data regulations by providing the global infrastructure for companies to store and retrieve data in its country of origin, and includes an API that funnels data to and from InCountry's local data centers, provided by AWS, Microsoft Azure, Google Cloud Platform, and Alibaba Cloud.
InCountry says its solution helps multinationals scale by providing easy integration in under ten minutes, with one click of a button. Enterprises outsource the majority of their compliance risk, while safely and securely storing data in each country they operate in.
InCountry Border provides a suite of new features to further secure and streamline the storage and processing of protected data, including:
- Localized encryption-Customers can manage and store regulated citizen data without the data leaving its country of origin
- High availability in highly-regulated countries - InCountry has increased server capacity in highly-regulated countries such as Russia, India, China, Vietnam, Indonesia, United Arab Emirates, and Germany
- Integrates without coding- Customers can integrate with InCountry using domain-overlay technology so that InCountry points-of-presence can manage citizen data between the user's browser and the customer's global web application.
The software doesn't replace an application's own data store but adds an additional local repository for specific regulated data, enabled by the InCountry software development kit. It synchronizes the data across two data centers for each country, ensuring there is always a backup available.
Melissa Guzy, co-founder and managing partner at Arbor Ventures, will be joining the board. Guzy said:
The rapidly evolving and complex global regulatory landscape in our technology driven world is a growing challenge for companies. InCountry is the first to provide a comprehensive solution in the cloud that enables companies to operate globally and address data sovereignty.
Peter Yared was more succinct:
Think of InCountry as the Deloitte of data: we help you navigate the complexity of global data regulation and ensure you're compliant.
Data privacy compliance has rapidly become a big business and investors appear to be rushing to fund startups that can grab a piece of the new market. Regulators and lawmakers are helping out by writing new laws every week and increasing the penalties for non-compliance.
InCountry Border allows multinationals to meet data residency requirements on a jurisdiction by jurisdiction basis without requiring any coding changes to their software. That lets customers expand their global customer base with little impact on their engineering resources.
Unlike OneTrust, which bought DataGuidance, an in-depth and daily updated privacy and security regulatory research platform, to provide legal support, InCountry has partnered with international law firms, and has a dedicated team of experts who act as an extended research team across the globe to ensure that data is properly hosted, processed, secured and regulated.
I can't wait to see how many pitches I get this week.