Organizations can use data both strategically and responsibly, and that latter part of the equation is something they must strive to achieve now more than ever due to the constantly changing regulatory and compliance landscape, according to privacy experts at PwC, AT&T, Indiana University and the Information Accountability Foundation (IAF).
“Beyond the consumer need of individual privacy, we’re also seeing things like data localization laws around the world, which are really impacting companies – and I know our clients, for sure,” Alison Kutler, principal, risk & regulatory consulting at PwC, said Dec. 11 during the webcast “Can Data Be Used Strategically and Responsibly?”
“Different countries and different agencies in different countries and different localities in different countries are passing certain laws that [govern] the way data can be transferred [and] what kinds of data,” she explained, adding: “It’s just another area to make this more complex. Some of it is based on individual privacy. However, it’s a larger business issue that I think folks are grappling with.”
Organizations are using more data than ever before, and that use incurs more risk. As organizations strive to use data strategically as a business asset, managing those risks both ethically and technically has become an unprecedented challenge, according to PwC, which sponsored the webcast. It was the third in PwC’s Data Use Governance series.
Part I in the series covered the proliferation of data and need for governance and Part II explored a strategic framework approach to data as a business enabler.
Part III on Dec. 11 continued the conversation by investigating how organizations can and do use data responsibly in the midst of a changing regulatory and compliance landscape. The panel discussed evolving public policy, regulatory guidance and expectations relating to the fair and ethical use of data; how new risk and strategy management programs can facilitate this fair and ethical use; and industry-driven initiatives to help manage public policy risk.
“Every type of business and every part of the business is using data currently,” Jeff Brueggeman, VP of global public policy at AT&T, said. “So, I think we’ve gone from a model where certain parts of a company or certain companies would be heavily data-focused to one where every part of the business is going to be managing data,” he said, adding: “As you do that, you really benefit a lot from standardizing and consolidating your processes across the company. It’s no longer helpful to have pockets of data scattered throughout the company and rely on individual-level management. The more you can create uniform systems and oversight, and ways to both harmonize and manage that data, the better off we’re going to be.”
One major issue is that IAF still sees “a lot of organizations where data is frozen within silos – has not yet been liberated – and most of that is driven by trust issues between the silos within organizations,” Martin Abrams, IAF executive director, said.
One of the biggest challenges now is the increasing number of laws and regulations that are “coming from almost everywhere,” within the U.S. and around the world, Fred Cate, VP for research at Indiana University, said. “I think it’s a real challenge for businesses [to] keep up with all of this activity,” he told viewers, adding that even if you don’t think one of these policies will impact one’s business, you realize that it often does.
Brueggeman agreed, saying: “One major concern that AT&T has is the “growing risk of fragmentation” because of the various different privacy laws that are being created, he said, citing as examples a new law in California and the European Union’s General Data Protection Regulation (GDPR), which went into effect May 25.
“We really see the potential for more states and more regulators to be crafting their own sets of privacy laws,” Brueggeman said, adding: “That makes it very challenging to have a unified approach within a company.” It’s in an organization’s best interest to “have an agile, coordinated approach internally that is syncing up what’s happening with the external policy environment and make sure that you’re managing to the right risk within the company,” he noted.
Abrams stressed the need for organizations to prepare in a timely way to protect data and be compliant with new laws and regulations. Unfortunately, “we see a lot of organizations wait until the fire is really ablaze before they get involved,” he said.