Introducing Phaselabby Josh Schwartz
I’m excited to introduce Phaselab, which I’ve founded with David van Dokkum. Driven by the conviction that data privacy concerns are becoming as critical and ubiquitous as security concerns, we created the company to help companies automate data privacy policies across their technical stacks. We make compliance teams more efficient by identifying gaps in their privacy posture and surfacing remediation steps, and we drastically reduce the in-house engineering effort associated with maintaining data privacy compliance.
When I served as CTO of Chartbeat, the leading analytics company for global media businesses, consumer privacy was one of the largest concerns in my portfolio. As a company measuring traffic on many of the largest websites in the world, we processed the data of more than a billion consumers globally. This presented both direct regulatory risks but also business ones, as our enterprise customers demanded we meet their privacy requirements as a cost of doing business.
In the early days of GDPR and CCPA, privacy work was more legal than technical. But in the last few years, that dynamic has changed. The Schrems II decision invalidating Privacy Shield and subsequent EU enforcement actions gave notice to companies that they were expected to give serious attention to validating their vendors’ technical privacy practices. More recently, the rise of state-level privacy laws in the US (with 10 state-level laws signed to date) raises the prospect of significant increases in the number of data-related requests companies will receive and the number of regulators exercising oversight. This growth in regulations meant a growing number of technical initiatives required to support customer relationships across jurisdictions.
But with each privacy initiative we considered, we were forced to trade off our own developers’ time on building for privacy versus building features for our customers. This was fundamentally different from security, for example, where a massive ecosystem of tools and services existed that allowed us to tackle most of our challenges by purchasing software, rather than building it.
Insights from the market
Since founding the company, David and I have talked with more than 50 privacy and technology leaders, and we’ve heard the same stories again and again. Companies want to be able to guarantee privacy for their users, both because of regulatory threats and because it is simply the right thing to do. But, bandwidth constraints particularly within engineering mean that systems for enforcing privacy policies are lacking. In the US alone, numerous FTC fines penalize companies whose technical systems failed to actually follow their stated privacy policies. Meanwhile, budgets for tools are going unspent, for lack of services to purchase.
Companies’ fundamental needs for enforcing privacy are more alike than they are different, and there is a massive opportunity for technologists to build a common set of tooling that goes beyond the frontend and actually enforces privacy practices across a company’s data infrastructure.
From these observations, Phaselab was born, with a mission of enabling our customers to deliver on the privacy promises they make to their customers. We’ve begun our work by automating data retention and deletion policies — surfacing and remediating gaps between what companies say they’re doing with data and what is actually happening behind the scenes, so companies can find and fix issues before regulators do.
If you’re passionate about privacy and have problems you need help solving, we’d love to chat. Reach out to email@example.com anytime.