Sign in Subscribe
2 min read

Why I'm Building Truspecta

Privacy programs need more than good intentions. I'm building Truspecta to help teams replace static questionnaires with continuous privacy posture.

A Reintroduction

👋 My name is Nathan Lemay.

I became a software engineer because I liked video games. Since then, I've built a career focused on positively impacting people and society through technology.

I've helped scale privacy programs at Amazon, Robinhood, and Google. Before that, I worked as a software engineer focused on Digital Crimes and Child Safety.

When these programs work, nobody notices. When they don't, people are harmed.

For my next chapter, I'm building Truspecta.

Finding My Obsession

Over the years, I've become obsessed with providing robust privacy outcomes. How do companies know whether they're actually fulfilling their obligations?

Most privacy programs start the same way. Some unsuspecting attorney, program manager, or security engineer is told to "figure out that privacy thing". Many conversations about "PII" later, the race is on to answer the privacy holy trinity:

  1. What data do we have?
  2. Where does it go?
  3. What is it used for?

How do we answer these? Questionnaires of course!

Fast forward a few years, the company hires a dedicated privacy team. Huzzah! The team procures a vendor to feed the Cookie Monster, and starts automating access requests, deletion requests, and (maybe) retention. They formalize Privacy by Design reviews and work on cleaning up the dreaded privacy backlog.

How do we identify all these new obligations? Questionnaires of course!

There must be a better way.

The Privacy Pain Cave

In the beginning, questionnaires are a practical approach, but they don't scale.

Engineers and program managers spend years answering: what data do you collect, why do you collect it, where is it stored, and who is it shared with? This approach also trusts that teams can answer these questions accurately.

Often, teams are attesting to things they're already doing. Remember the backlog?

Teams spend 80-90% of the review providing undifferentiated facts about their infrastructure, data stores, and schemas. Their answers may reflect reality depending on the Earth's rotational axis and phase of the moon.

This cycle repeats when the company remembers that the privacy team exists.

Can we reduce this friction, improve outcomes, and escape the privacy pain cave?

Why Truspecta

Privacy programs should be built on more than good intentions.

Truspecta is the evidence layer for privacy programs. Instead of spending years collecting data that is immediately stale, move toward continuous privacy posture.

Engineers spend too much time recalling undifferentiated facts that can be automatically collected. Privacy programs are drowning in a sea of reviews instead of building scalable guardrails and well-paved paths.

To deliver better privacy outcomes, we need better mechanisms.

Privacy teams should have better visibility, context, and confidence to focus their attention on what matters and the people they protect.

Replace static questionnaires and artifacts with continuous privacy posture.

What Comes Next

The road goes ever on and on. For me, this is the start of a long journey.

I'm building Truspecta to make it easier to do the right thing. If you'd like to tag along, I'll be sharing my journey here—whatever it may look like.

Ready to build an evidence-based privacy program? I'd love to chat!

Published by:

Nathan Lemay