DataGrail

New product alert! ?? Introducing DataGrail Consent–– the ultimate solution for effortless compliance with global privacy regulations. Say goodbye to clunky set-ups and hello to rapid deployment in just minutes. Find out how you can streamline your privacy program today with the fastest, most customizable solution for building trust, collecting consent, and automating compliance. ?? https://hubs.ly/Q02Dc6FH0

An exciting employee spotlight with Zac Jaconetti! ?? Nearly two years ago, Zac joined us as a Mid-Market Account Executive, and his dedication and impact have earned him a well-deserved promotion to Senior Mid-Market Account Executive. ?? Throughout his time here, Zac has played a key role in our growth—helping expand our customer base while also strengthening the sales team by sharing best practices and valuable insights. Read more about Zac’s achievements with the link in the comments below! ??

Prioritization till it hurts. Focus, focus, and more focus. Proud to see DataGrail listed on Forbes Best Startup Employers for 2025 ?? 2025 is set to be an incredible year! ?? cc: Eric Brinkman, Lauren Volpi, Amy Reagan Hollo, Jordan Tucker, Cathy Polinsky

10 AI law requirements are already being enforced across the U.S. The surprising part is the unreported enforcement actions in 2024 in TX, CA and CO: At the California Lawyers Association Annual Privacy Summit, regulators shared the top AI compliance themes they’re enforcing. ??/ ???? ?????????????????? Companies must document all AI products and features, including inputs, outputs, and third-party data sources. ??/ ???????????? Pre-use and training data notices are required before deploying AI models. ??/ ?????????? ???????????????????????? AI systems must undergo bias audits, with some requiring third-party validation. ??/ ?????????????? Affirmative consent is required for sensitive data processing, including parental consent for minors. ??/ ??????-?????? ???????????? Users must have the ability to opt out of AI-based profiling and automated employment decisions. ??/ ???????????????????? ???????? Restrictions on data retention, purpose limitation, and duty of care to prevent misuse. ??/ ???????? ?????????????????????? Companies must assess potential harm, differentiating between "significant" and "consequential" AI decisions. ??/ ???? ???????? ???????????? A mechanism to shut down AI in cases of catastrophic harm is becoming a requirement. ??/ ???????????????????? ?????????????????? AI governance reports must be submitted to regulators or made public on company websites. ????/ ?????????????????? & ???????????????????????????? Clear AI governance responsibilities across developers, deployers, and service providers. Regulators in California, Colorado, and Texas all reported 50+ enforcement actions in 2024—many weren’t publicly disclosed. AI governance is no longer optional. Who’s responsible in your org—Legal, Privacy, or Security? #AIGovernance #Privacy #DataGovernance

In February, we rolled out highly requested customer features and expanded data discovery to support BigQuery and other sources. Here’s what’s new: ?? Pause Request Processing – More flexibility in managing privacy requests. ?? New Integrations – Expanded Data Discovery and Request Manager integrations. For full details on our February product releases, check out the link in the comments!

Privacy vs. Personalization; can the two coexist? ?? Companies including Apple and Google have put a spotlight on their concern for user privacy by implementing consent and privacy-focused features, yet critics are asking if these moves are more about protection or market positioning. The debate of privacy vs. personalization continues to be a battle with these efforts being a question of a genuine commitment to privacy or to appease regulators and strategically lock users into their ecosystem. We’re ultimately left with the question: will consumers push the industry toward a culture where security isn’t sacrificed for convenience, or will tech giants get away with putting profits over privacy? ?? Check the comments for a link to the full article.

I was shocked yesterday at the California Lawyers Association Annual Privacy Summit in LA, when the moderator asked: "How many enforcement actions did you see in your state in 2024" This was for Colorado, California, and Texas. All three states said they had 50+ enforcement actions. Many are not reported publicly. Here are the top 3 takeaways from the enforcement panel: ??/ ???????? ???????????????? ?????? ???????????????? ???? ???????????? Michael Macko shared that California is cracking down on deceptive UX practices. They’re on the lookout for companies that make it easier to opt in than out. Symmetry of choice isn’t just a best practice anymore—it’s an expectation. ??/ ???????????????????? ?????? ?????? ???? ?????? Stevie DeGroff of Colorado made it clear: If you meet CPA thresholds, you must allow consumers to opt out using Global Privacy Control (GPC). Non-compliance isn’t an option. ??/ ???????????????? ?????? ?????????????? ?????????? Stacey Schesser made the room laugh. If your privacy email isn’t regularly checked for regulators contacting you, that’s a risk. Enforcement actions can start the moment an email is sent—especially for those without a cure period. ???? ???? ????????, ???? ??.??. ???????????? ???????? ???????????? ??????????????????????, ???????? ???? ????????. The privacy landscape is evolving fast. Are you prepared for what’s next? #Privacy #Security #Legal ?

In 2005, no one got fired for buying IBM. In 2015, things changed. In 2018, no one got fired for buying OneTrust. In 2025, things have changed: OneTrust won the market. Over 14,000 companies use OneTrust for their privacy program. 500+ conversations reveal growing dissatisfaction. In 2030, it’s unlikely that lead remains. DataGrail is the new standard for data privacy. While there are contenders, we share a common goal: deliver superior products, better service, and a better solution. Change is inevitable – Just like IBM, OneTrust’s dominance won’t last if they can’t keep pace with evolving expectations. Are you ready to look beyond the default?

We’re 2 months into the New Year and here’s what you need to know! ?? The year is ramping up with February bringing new momentum to data privacy, with businesses and consumers alike prioritizing trust and transparency. In this month’s GrailMail newsletter, we break down recent news in data privacy, upcoming regulation changes like the EU AI Act, and DataGrail’s newest additions to help you stay in the loop.

Fitness bands, bluetooth scales, sleep trackers, and glucose monitors - measure our most sensitive information. But are they protecting our privacy??? The majority use hundreds of third-party systems, and personal data can be intermingled across platforms. I've spoken with dozens of teams in the last year, and those leading the market are considering privacy across the entire experience: ??/ ?????????????? ???? ?????? ?????????????? What trackers are collecting personal information? How is that data shared with other systems? ??/ ???????????? ?????? ?????????????????????? How is data collected from the user, and where is it stored? What is the purpose of collection? ??/ ???????????? ?????? ???????????????? Is user data anonymized? How is health information associated with business data? Digital health is transforming patient care. But, wearables need to protect our privacy too. ??