Talk about data compliance and privacy, or the lack thereof, has been in the headlines in major ways recently. Between companies testifying in front of legislators about their handling of consumer’s information, California passing a hasty online/offline privacy bill to stave off a ballot initiative, or the European Union implementing the most robust data protection regulation in decades, data management should be on all business owners’ minds. There are three areas family business owners can focus their efforts to ensure successful data compliance and disengage any threats a breach could bring.
Build a team that can address the management of data architecture, database operations, data warehousing, business intelligence, and more. Ideally, the data team is comprised of individuals from across your organization to closely align your data governance strategy with the most impactful business needs. Managers, IT departments, and legal advisors could all play a meaningful role, collaborating on the legal requirements, the technology systems present to work with, and how the procedures will actually be implemented.
To begin, a company must determine the guiding principles and policies for how the company will collect, store, use, and disclose consumer data. Transparency with consumers about data collection and gaining their consent to use or disclose it should be paramount within these policies.
Next, a company needs to have clear definitions in place for the data assets the company will gather and develop a strategy for how data is to be owned, stored, leveraged, and interacted with inside an organization. Without this level of control, the company will not be able to understand its data or monitor and resolve compliance issues effectively. This is where technology and software will be utilized to allow a complete representation of the company’s data holdings and safeguards in place.
Also, persistent examination of various authoritative documents such as statutes, regulations, standards, company policies, and strategy documents should be implemented. Understanding how legal mandates, organizational policies, and strategic objectives intersect will help the company consolidate its business and compliance data requirements (including data quality metrics and business rules) into a harmonized set.
Lastly, a company and data team should identify threats against data security, privacy and compliance in the context of specific data flows. The team involved must be able to audit data flows, analyze the related risks, and determine appropriate control objectives and control activities. This is no small task in today’s world and even some of the most profitable companies in the world cannot seem to stay in front of this – but this does not mean you can ignore it and do nothing.
A business must explicitly distinguish the role of the legal department, which is to defend the company, and the corporate compliance department, which is to prevent, detect, and mitigate data issues. Learning from major blunders in the news lately, compliance professionals, such as the chief information and security officer, should report directly to senior management. Allowing “middle management” to control the information flow to senior management on a topic this sensitive might impair the ability of the company to respond quickly and effectively. Management should have an unobstructed line of communication with its compliance team.
Consumer data is a powerful tool for any business. But if you live by the data sword, there is the potential of dying by the data sword. Responsible stewardship of data compliance can set a company apart in today’s market. The market and law demand data security, and data compliance ensures potential liabilities are lessened and your reputation stays intact. A business can demonstrate the company’s core values, such as trustworthiness, preserve its brand value, and achieve data compliance all in one.