If you ask the average corporate executive if they are in favor of more regulation that will affect their ability to conduct business, you’re going to get a lot of emphatic “No!” answers. Regulations usually entail changes to business practices and almost always saddle a company with financial costs. Then there are the audits to demonstrate compliance which come with more potential financial liability. At times, as in the case of environmental regulations, an enterprise can be shut down due to non-compliance with government standards.
So regulations are not a topic that is discussed joyously when upper management gathers for lunch or a golf outing. Stock options and tax incentives are subjects that are more warmly welcomed by a group of execs. But there is one form of regulation whose adoption is gaining traction among business decision-makers. It is becoming more apparent that the best way to deal with increased concerns over data privacy is with federal regulation. In fact, the CEOs of over 50 leading U.S businesses have signed a letter requesting that Congress pass a federal data privacy law.
What Makes Privacy Regulations Different?
Not all regulations are created equally, despite what you may have heard in business school. In the case of privacy regulations, there are several issues that set them apart from other types of mandatory actions enforced upon the business community.
The U.S. Environmental Protection Agency (EPA) has a myriad of regulations to which businesses are held accountable. In many cases, they primarily impact a specific industrial sector that conducts operations that affect a particular part of the environment. While all companies need to follow the regulations, most of them are not directly impacted and do not have to make any changes to how they do business. Data privacy similarly affects all businesses and there are virtually no exceptions to its organizational importance.
The European Union (EU) has made it impossible for the United States to ignore data privacy in the global marketplace. The General Data Protection Regulation (GDPR) holds all companies that do business with EU citizens to the same high standards of personal data privacy and transparency. Failure to comply with the GDPR can result in financially devastating fines and harm to an enterprise’s reputation. Many American companies do extensive business with EU member nations, which makes them subject to GDPR compliance.
That would be enough to get many U.S.-based global businesses on board with strengthened data privacy. But the concerns over privacy are not restricted to the French and Swiss. Americans also want their personal data protected and their privacy safeguarded. It is no longer a question of if stronger data privacy regulations will be enforced. The question has become when and, perhaps more importantly, how the changes will be implemented.
A Need to Proactively Address a Potential Regulatory Nightmare
The reason that mentioning data privacy regulation does not immediately get you kicked out of the corner office is that businesses have to provide data security and comply with guidelines for multiple reasons. There are dire financial implications following data breaches affecting sensitive personal information. The eroded trust that follows the discovery of compromised personal data can have even worse long-term effects that any monetary costs. Many companies never totally recover from the impact of a major data breach.
Demonstrating regulatory compliance demands that companies take better care of their data and should, in theory, lead to fewer incidents of data breaches. Though the changes that accompany the new standards may be challenging for organizations to adopt, they are in the interests of both the business and its customers.
The concerned executives who wrote to Congress are concerned about how the coming wave of regulation will affect their businesses. Realizing that there is no escape, they are opting to champion federal rather than state privacy guidelines. From an operational perspective, a single set of regulations is strongly preferred over a patchwork of unconnected standards.
Currently, there are multiple privacy regulations in place at the state level. If they are ever stringently enforced, they would pose a compliance nightmare. The laws address specific categories of personal data protection such as that of consumer data or children’s online privacy. Some executives are realizing that the only way to save themselves from what could be a never-ending compliance effort is to convince the federal government that they need to act. Presently, we are waiting to see what develops. It could be a while.
Navigating the World of Increased Regulatory Compliance
Whichever way sensitive data regulations are strengthened in the U.S., complying with them will require new methods and procedures with which an organization treats its data. One method used to accomplish this goal is data governance. One of the tenets of data governance is an enterprise-wide language concerning all aspects of its data. Understanding and classifying data intelligently facilitates the ability to maintain compliance across the company.
IDERA’s ER/Studio Enterprise Team Edition can help an organization understand their business data through collaborative modeling and documentation. It’s an excellent way to build the common data language that is essential to a successful data governance program. It will help your business handle whatever the regulatory winds blow its way.