 Enterprises today are collecting more and more data, and the data being collected is more sensitive than ever. Locations, habits, medical conditions, and even genomic data are all being stored and processed. While this data can be a goldmine for enterprises that want to better understand their customers and offer enhanced services, it also represents a huge risk. If this data is stolen or used inappropriately, the business and its brand are at stake. According to most privacy laws, you need a person's consent to use their personal data for a specific purpose. Even then, it can only be kept as long as it's needed for that purpose. According to IDC, by 2019, 25% of security spending will be driven by EU data protection regulations and privacy concerns. Most applications today have an all-or-nothing approach to privacy and consent. The goal of our consent management technology is to simplify consent for enterprises and provide users with more control over how and when data is used. Today, privacy laws and policies are legal guidelines that don't translate into IT components or models. So there's really no way for the best-intentioned enterprise to automatically audit or enforce the policies or even understand what the user really agrees to. But if we model the consent and link it to data in a secure warehouse, we can enforce policies, audit compliance, and keep both enterprise users and end users happy. Today, product developers are responsible for implementing privacy and compliance. With our consent management solution, the privacy definitions and requirements are included in the infrastructure and developers can use pre-built tools and libraries. Now privacy officers can be much more involved in the process. Let's see how this solution is implemented on a new fitness app being used by Sally Shaw. On this screen, Sally can set her goals for the week. On the Activity screen, she can see a general and detailed view of her workouts. She can also display maps of where she runs, walks, or cycles. Sally can also show the feedback she got from friends after sharing her fitness information. With consent management working behind the scenes, Sally can indicate her sharing preferences for a variety of services. She can share data to get encouragement from friends, send her medical information to her doctor, or allow it to be used for medical research. For each service, she can choose the level of data she's interested in sharing. The Feedback section is essentially a separate app, so the same list is seen by all users. We can see that Dave and Shannon decided to share a minimum of data, since their IDs don't display gender and age. If Sally taps Dave's ID, for example, she doesn't see any information. Sally, however, chose to share all her data for fitness encouragement. If we select her name in the Feedback app, all of her activity is displayed, and we can even drill down to see maps of the specific routes she took. If Sally returns to her profile and redefines her sharing level to the minimum, her ID no longer shows gender and age, and her fitness details no longer appear. If the sharing level is set to decline, she disappears from the list entirely. This retail web application is yet another service that can use the fitness data collected by the app to send active users appropriate deals according to their activity type and level. Here again, you can see that when set to all data, all of Sally's details appear on the active runner's page. When she sets the sharing level to minimum data, only her first name, email and phone number are displayed. And when sharing is set to decline, her name disappears from the table. To set up these privacy features for the user, the app developer didn't need to start from scratch. The Consent Manager helps define everything. First, the organization's privacy officer can use the Consent Management backend to define the data that requires consent. This includes what data is shared at the different levels. After that, all the developers have to do is decide on the level of access the end user has to these settings. With the privacy policies enforced, data is prevented from being exposed without the user's consent and the audit trail can be automatically collected by tools. This allows the enterprise to examine exactly what transpired in their data flow. The same audit trail can also be used to show users the history of access attempts to their data, including both successful and failed attempts at the data access. Data accesses can be viewed by service in both summary and detailed form and by data item. Owning lots of sensitive data can be a bonanza or a disaster for a business. 80% of consumers have stated they would rather purchase from companies they believe protect their personal information. In short, enterprises can now automatically monitor, audit and enforce privacy policies, increase control and visibility, build end users' trust so more data is likely to be shared and use real-time monitoring to identify risks before damage occurs. Thank you for watching this demo. For more information, contact us at IBM Research Haifa.