Ten key elements to follow data compliance regulations
Scott Schlesinger, US Data and Analytics Lead at PA Consulting, explains how organizations can stay up to speed with data compliance regulations.
The TechTarget article notes that while organizations work to reap the benefits of data, new challenges crop up as lawmakers around the world continue to enact new data privacy laws and update existing ones.
Scott said that in 2021, more than 150 privacy-related bills were under consideration across 40 U.S. states. There is a growing list of international laws, too, as organizations work to keep up with data compliance regulations.
While federal U.S. efforts to legislate data privacy are stalling, China passed the Personal Information Protection Law in August 2021, with the new regulations taking effect in November 2021. At a state level, Massachusetts is the latest to consider such legislation, with its proposed Massachusetts Information Privacy Act.
That proliferation of data privacy regulations has created considerable challenges for organizations, as executives work to understand and comply with the requirements each one contains.
Companies that approach the task by working toward the requirements of each individual law independent of the others in a patchwork approach will quickly become swamped.
To do that, the following high-level elements are essential:
Organizations must assign responsibility for data privacy to an executive, whether it's a chief privacy officer or another position. CEOs can't assume every functional leader will automatically do his or her part without someone being held accountable for the program's success or failure, said Scott.
"It has to have someone at a senior level to be that champion, otherwise, quite frankly, these things die on the vine," he added.
At the same time, no single leader can – or should – be responsible for all the required work, Scott said. A successful data privacy program needs the leader who owns accountability to collaborate with all the stakeholders (i.e., functional executives, the legal department, IT and security) to ensure that the policies are comprehensive, controls are in place and they're consistently applied throughout the enterprise.
Identified potential points of failure
Scott said that data privacy programs aren't foolproof, as both internal and external factors can create potential points of failure. Executives can't eliminate all risks, but they can effectively manage them by identifying, prioritizing and mitigating them based on risk-reward calculations.
Consider, for example, how the hybrid work environment could affect privacy processes that work well for in-office workers but may not be as enforceable for at-home employees. Also consider how enabling partners to work with data can ensure speedy services for customers and can create compliance failures if any of their vendors have substandard privacy policies or suffer a breach.
He adds: "Make sure all the internal, external, cultural and political factors that could derail your program are addressed."
A strategy to use privacy policies for competitive advantage
Companies should view that as an opportunity. Entities that are seen as leaders in safeguarding consumer data and are transparent about how they use it generally engender customer loyalty, Scott said.
"It can lead to a long-term competitive advantage, turning that data compliance challenge into an opportunity," he added.