Wednesday, January 27, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Risk

10 Privacy Risks Every Company Should Prepare for in 2018

by Brian Lee
November 10, 2017
in Risk
business meeting with white board

The Areas of Greatest Risk and How to Cover Your Bases

Privacy officers spend so much of their time putting out fires and focusing on operational activities, that they don’t have time to see the trends (and accompanying risks) that are around the corner. Brian Lee and Stephanie Quaranta outline three major risk themes and ten emerging risks privacy and compliance officers should be aware of heading into 2018.

with co-author Stephanie Quaranta

These are challenging times for organizations. A rapidly evolving technological and regulatory environment has created exciting opportunities for data use and collection, as well as new – and potentially serious – privacy concerns. As compliance and privacy executives incorporate these risks into their 2018 planning, CEB, now Gartner has identified three major risk themes and ten emerging risks that they should monitor closely.

Theme 1: Heightened Public Scrutiny

Recent data breaches and privacy failures have increased the public’s concern for data security and use.  Consumers are becoming increasingly reluctant to share personal information – and regulators are not far behind. In addition, external threats aimed at gaining access to sensitive information inside of organizations are becoming more sophisticated. Specifically, executives should account for these emerging risks:

  • Regulatory Fragmentation: Today’s global regulatory environment is more complex and the consequences of failure are more severe. More than 100 countries now restrict the collection and use of customer and employee information. Despite the consolidation of privacy standards in the European Union through the General Data Protection Regulation, other countries (the U.S. included) have been slow to create compatible frameworks.
  • Erosion of Customer Trust: Organizations are beginning to face a backlash from customers that have become wary of sharing their information, citing concerns about how companies use it and how well they protect it. In fact, 79 percent of consumers say they are unlikely to share data with companies they do not trust. More and more, organizations are relying on data for success, but failure to appropriately safeguard it jeopardizes their ability to access it.
  • Ransomware: Global ransomware damage costs are predicted to exceed $5 billion in 2017, up from $325 million in 2015. Individual and organizational data are at risk of corruption and theft, disrupting sales and key business initiatives. In addition, failure to actively protect customer and employee information from ransomware attacks could put organizations in violation of regulations such as HIPAA and the FTC Act.

Theme 2: Analytics-Based Business Models

Data analysis is fast determining everything from target marketing to whom to hire. The benefits are obvious—sizeable revenue and productivity gains – but with these benefits comes risk, from storing the growing amount of data to ensuring its proper use. Therefore, compliance and privacy executives should pay attention to:

  • Consumer Marketing: Many organizations advertise using apps and social media, enabling the collection of even more valuable consumer data. While this data-driven, personalized marketing has significant business benefits, there are also risks to using consumer data, specifically shifting expectations (and accompanying notices) around consent.
  • Talent Analytics: Talent analytics’ growing prominence means companies are collecting more employee data and processing it to understand performance, retention and engagement – all areas of significant privacy risk.
  • Shifting Data Assets to the Cloud: Our research predicts that more than half of global enterprises currently using some form of cloud solutions will have adopted a full cloud strategy by 2021. As cloud systems gain prominence, organizations will increasingly rely on third-party providers and security. This is especially concerning – 70 percent of IT professionals worry about ensuring the security and privacy of data and systems on the cloud.

Theme 3: Corporate Digitization

Today’s consumers are impatient — they expect organizations to deliver their products and services quickly and efficiently. Meeting this demand requires organizations to overhaul their operations, relying more on digital and interconnected processes and systems. These advances often outpace privacy and security oversight, creating new or heightened privacy risk exposure. As a result, executives must monitor the following emerging risks:

  • Digital Transformation: By the end of 2017, two-thirds of Global 2000 CEOs will have “digital transformation at the center of their strategy.” This requires fundamental changes in the collection, use and storage of information, and executives must ensure business growth doesn’t come at the expense of undue risk.
  • Legacy Processes and Systems: Many compliance and privacy executives report limited visibility into the data legacy processes and systems are dealing with a problem; this has only worsened with more M&A activity over the past decade, causing one legacy system to be cobbled onto another. This makes managing an organization’s data flows a logistical challenge, increasing the chance that data is mishandled or unsecured.
  • Artificial Intelligence (AI): Businesses are capitalizing on AI advances to drive value through automation. In fact, 72 percent of business executives believe AI will be the business advantage of the future. Optimizing AI functionality means collecting more kinds of data more quickly, but can also multiply the risk of privacy failures as new types of metadata are created.
  • Internet of Things (IoT): Organizations are increasingly focused on creating “smart” products that improve the customer experience through interactivity and data processing. However, IoT technology also increases the number of access points and volume of generated data, thereby magnifying the avenues by which personal information can be compromised.

To manage the risks outlined above, executives must shift from reacting to risks the business accepts, to preventing unnecessary risk from being assumed in the first place. They can do this by:

  • Establishing a Privacy Risk Consensus: In the “gray areas” where regulation has not kept pace with technology, organizations must decide on an approach for the managing of high-risk information and codify this stance in a set of common guidelines. Privacy should serve as a strategic advisor on the organization’s data strategy, helping stakeholders understand tradeoffs and take smart risks.
  • Building Privacy Considerations Into Business Workflow: To proactively manage risk is to ensure the business considers privacy at the start and throughout the lifecycle of any project. For this to happen, Privacy must design considerations to be natural parts of business systems and processes.
  • Maintain Ongoing Risk Visibility: To keep pace with an ever-changing business, technology and regulatory environment, Privacy must move from a reliance on point-in-time risk assessments to “always-on” monitoring that enables agile response to changes in risk.

As organizations navigate this complex environment, they are taking risks to drive innovation, productivity and growth. To ensure smart risks are being taken, compliance and privacy executives need to understand how regulations, technology and corporate strategy spur new privacy risks and be prepared to adapt their programs in response.

 


Tags: data analyticsData Privacy
Previous Post

Compliance is a Tall Order for Small Financial Institutions

Next Post

Six Questions with an Ethics & Compliance Officer: Seth Rice

Brian Lee

Brian Lee is an experienced lawyer and Managing Vice President at Gartner, where he leads research focused on turning compliance and privacy departments into high-performing business units. Gartner is a research and advisory company headquartered in Stamford, Connecticut. Gartner helps business leaders across all major functions in every industry and enterprise size with the objective insights they need to make the right decisions.

Related Posts

businessmen in miniature studying volatile stock market

The Risk of Undervaluing Culture in a Volatile Market

January 27, 2021
RiskMap 2021: Legal and Compliance Outlook

RiskMap 2021: Legal and Compliance Outlook

January 25, 2021
silhouette of businesspeople in meeting with blue cyber background

Cyber Risk Quantification and Prioritization is the Future of GRC

January 20, 2021
man working on smartphone and laptop

Adverse Media Screening: Relying on Google Alone Can Expose Organizations to Risk

January 19, 2021
Next Post
6 questions

Six Questions with an Ethics & Compliance Officer: Seth Rice

Access realtime data
Dynamic Risk Assessments with Workiva

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security internal audit KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights