I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info
Margarita Rivera-Santiago, CISSP, CISM, CRISC, CISA - Director of Information Security Risk & Compliance, LMC-A Lennar Company
Compliance as a business driver?" - said no one ever…. until now.
Compliance has always been viewed as more of a burden than a competitive advantage. However, as technology has continued to evolve, new innovative ways to utilize data have brought about the need for an increased focus on the protection of that data. Amidst an ever-evolving technological landscape, the law has always lagged in protecting the data that resides within those technologies. Despite this, there is significant business value when approaching technology compliance proactively, rather than reactively, within the organization. The EU’s General Data Protection Regulation (GDPR) that became effective in 2018 and the California Consumer Privacy Act (CCPA) that becomes effective January 2020 has completely changed the way technology, security, and privacy is viewed within the business. It is no longer simply the burden of having to comply to some regulation but rather the opportunity to accept the responsibility of protecting the data and to be strategic in doing so.
The ability to proactively incorporate protections and controls into the technology saves money by avoiding the need to retrofit solutions and minimizes the risk of being fined or incurring costs due to a data breach
The evolution of technology and compliance over the last 15 years has been nothing short of amazing. Smart technology, artificial intelligence, robotics, and the ever-evolving business model of leveraging data to target consumer preferences pose both challenges and opportunities when it comes to technology and specifically, data protection. The reality is that it is no longer just about personal identifiable information. Whereas it was sufficient just to protect social security numbers, names, and addresses, now any personal data that directly or indirectly identifies the data subject must be protected.
The change in the data requiring protection has brought about a convergence between Information Technology, Security, Privacy, and the Business in order to better manage compliance requirements. As a result, these groups are now also collectively seeking opportunities for added business value. Like never before, these groups are having to speak the same language and work together to find solutions to manage risk. In doing so, these groups are able to generate solutions that positively affect the business.
Additionally, more and more businesses are paying attention to their relationships with their 3rd party vendors. A 2018 study conducted by Opus and the Ponemon Institute showed that 61% of US companies experienced a data breach due to a 3rd party relationship. Although 3rd party solutions are providing services, such as a Software as a Service, that are easy and inexpensive for the business to consume, the risk of the 3rd party not having appropriate security controls in place to protect the data that it hosts poses a significant concern and liability for the business. Business collaboration is key in ensuring the correct oversight and due diligence are performed.
Regardless of your view of the technology and/or compliance evolution, the massive impact on businesses everywhere and the increased impacts for years to come are undeniable. There is inherent savings in managing compliance proactively rather than reactively. The ability to proactively incorporate protections and controls into the technology saves money by avoiding the need to retrofit solutions and minimizes the risk of being fined or incurring costs due to a data breach. Those organizations that can be more strategic and forward-thinking will not only save significant time and money but will also find innovative ways to leverage technology and data to affect the bottom line positively. Strategic compliance can provide business value, but collaboration is key.
See Also: