Compliance is costly in more ways than one. According to a recent study conducted by Ponemon and Globalscape, companies cough up $5.47 million on average to bring their practices in line with global and domestic mandates. (Those that don’t comply suffer around $14.82 million in fines, business disruption, and lost productivity and revenue.) Moreover, from 2011 to 2017, the price of attaining compliance rose by 43% and reached as high as 103% in industries like health care.
TrustArc (formerly TRUSTe) hopes to change that. The San Francisco-based provider of compliance solutions tailored to GDPR, the California Consumer Privacy Act (CCPA), and hundreds of other regulations today announced that it’s raised $70 million in series D funding led by Bregal Sagemount, bringing its total raised to over $100 million. CEO Chris Babel said the round, which saw participation from existing backers Accel Partners, Baseline Ventures, DAG Ventures, Icon Ventures, and Industry Ventures, will enable TrustArc to “further advance” its leadership in the privacy market.
“We are very excited to bring on Sagemount as a strategic and financial partner. Given their prior success investing in market-leading, high-growth technology companies, we believe they are the right partner for the next phase of our growth,” said Babel. “We have been building on our … privacy leadership to design cutting edge technology solutions, and this significant growth investment will allow us to further help enterprises around the world navigate the rapidly evolving data privacy regulatory landscape.”
For the uninitiated, TRUSTe was founded in 1997 by Lori Fena (then executive director of the Electronic Frontier Foundation) and Charles Jennings as a nonprofit industry association. In 2008, under the leadership of executive director Fran Maier, it changed its structure to a venture-backed for-profit company and appointed Babel, former senior vice president of VeriSign’s worldwide authentication services, as CEO.
TrustArc develops compliance, data protection, and certification products for large enterprises, which it delivers through a platform featuring a centralized, modular dashboard populated by guidelines, regulatory news, and insights. TrustArc develops tools designed to help monitor risk and project statuses, like a data manager that builds flow maps and reports and an assessment manager that conducts privacy audits. Its intelligence engine reviews processing risks for regulations, and its assessment library attempts to identify gaps for multiple frameworks.
That’s only the tip of the proverbial iceberg. TrustArc’s suite can handle things like cookie consent preferences (to meet GDPR requirements) and facilitate user consent for email and other marketing campaigns, and it’s equipped with tools to manage data access requests for regulations such as CCPA. Additionally, TrustArc’s ads compliance manager can manage user advertising preferences per legislative guidelines, or surface key metrics thanks to robust integrations with third-party apps in a range of hosting environments.
For organizations in need of more bespoke implementations, TrustArc offers privacy consulting and professional services for FERPA, HIPAA, NIST, ISO 27001, CASL-PIPEDA, and other areas. It works with clients to identify gaps in compliance and develop remediation plans, and to chart out roadmaps for accountability structures that support evaluating and auditing control effectiveness. In the last phase, it stages the rollout of programs and processes (plus customized policies and procedures) to create and manage data inventories that support reporting requirements.
According to Babel, it’s all in service of companies struggling to stay abreast of fast-moving regulatory landscapes. More than 50 additional digital privacy laws and regulations were adopted in the past year alone, he says, including from China, Nigeria, and over a dozen U.S. states. Even those executives who are on the up and up sometimes struggle to get their ducks in a row: According to a recent survey conducted by TrustArc, 88% of U.S. companies said they require external help to understand CCPA requirements.
“[TrustArc] has been at the forefront of the data privacy management market for two decades and we are just as committed to the market as we were on day one,” said Babel. “With TrustArc’s next-generation cloud platform, we will continue to power the solutions the market needs today and tomorrow.”
TrustArc competes to an extent with StandardFusion, LogicGate, Iubenda, and Netwrix Auditor, all of which are vying for a slice of enterprise governance, risk, and compliance market that’s estimated to be worth $64.62 billion by 2025. Bregal Sagemont partner Daniel Kim isn’t terribly concerned about rivals, though — he points out that TrustArc has engaged with over 10,000 customers to date across its client base of more than 1,000 clients.
“Companies are increasingly required to serve as fiduciaries of personal information. Their customers, supply chain partners, and vendors are more likely to provide such data to companies that have the policies and software to manage it properly,” said Kim. “TrustArc’s privacy industry leadership has allowed it to build a unique suite of technology solutions to help companies differentiate themselves in today’s regulatory environment.”