Saturday, December 7, 2019
Corporate Compliance Insights
  • Home
    • Home
  • About
    • About CCI
    • Writing for CCI
    • Advertise With Us
  • Articles
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
    • Home
  • About
    • About CCI
    • Writing for CCI
    • Advertise With Us
  • Articles
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Compliance, Cloud Security and Environmental Law: Learning from Past Experience

by Tal Klein
April 20, 2015
in Compliance
cloud computing

As U.S. industry waits to see how the president’s call for new digital security law translates into actual legislation, it may be useful to look to other regulatory regimes to set reasonable expectations for establishing national standards for privacy and data protection. The logical inclination would be to look at existing, related regulations like HIPAA and Sarbanes-Oxley. But as technologies such as cloud computing, mobile and the Internet of Things disrupt the landscape there may be a better exemplar: environmental law.

Legislative efforts to address air pollution began in the mid-20th Century with California’s landmark air quality law. What began with the Golden State’s oil boom in the late 1800s when Los Angeles boasted a population of barely more than 100,000 grew through to the 1940s when the West Coast had become a magnet for entertainment, shipping and industry the city’s population mushroomed to more than 1.5 million.

As a result of the influx of people, automobiles and other trappings of modernity 1943 saw the first reports of smog in Los Angeles. The problem got so bad that in 1947 Governor Earl Warren signed the Air Pollution Control Act, thus beginning the age of environmental law—and the first regulation written to protect the public from hazardous clouds!

But passing a law didn’t eliminate the problem of smog. Indeed, the situation became a lot worse, but it started a process that enabled continued improvement as we learned more about smog’s causes and remedies. Those lawyers and legislators working on data and privacy protection can learn from the experience. We can’t try to stop the march of progress, nor can we turn back its clock.

Few will argue that air quality standards and environmental regulations are a bad thing; likewise there should be laws in place that create incentives for implementing strong data security practices. And as with the Air Pollution Control Act in 1947, California led the way with on privacy law with the passage of its data breach notification law, SB1386 In 2002. More state and federal laws have followed, including HIPAA/HITECH, Gramm Leach Bliley, Sarbanes-Oxley, Massachusetts 201 CMR 17, PCI DSS and others.

Just as the Air Pollution Control Act and subsequent regulations responded to an existing problem rather than attempt to remedy situations that did not yet exist, data security and privacy laws should evolve same way. Acknowledge that there are risks, but do not discourage innovation by trying to prevent the unknown. To the contrary, give innovators room to develop new approaches and solutions.

After all, we know that an over-emphasis on regulation can have the undesirable effect of directing resources inefficiently—to appease auditors rather than address problems that need solving. In fact, the nature of the third party audit trade itself would seem to reward a pursuit of repeat business rather than effective compliance.

For example, California’s Air Pollution Control Act actually made it more difficult for Californians to buy low emission diesel cars because they didn’t exist when the law was written. According to the law there was no difference between older diesel engines and clean diesel technology, which was introduced in 2007. It took five years for California to catch up when in 2012 it passed the LEV (Low Emission Vehicle) III regulations.

We see the results of this conflict in CIOs who are paradoxically tasked with being both compliant (checking boxes) and innovative (thinking outside boxes). Cloud adoption is a good example of this double standard as businesses demand SaaS tools like Salesforce, Marketo, and Successfactors, but compliance teams and auditors raise red flags over lack of data governance and unclear privacy accountability. To outsiders looking in, the need to keep up with progress is self-evident, but doing so in the context of our current regulatory compliance environment puts those who follow the rules at a clear disadvantage.

CIOs, CPOs and CISOs must constantly examine the impact of regulation and be an active participant in the process. Unlike California, enterprise IT can’t afford to wait a decade for compliance to catch up to the needs of their business.


Previous Post

Adopting a Blended Learning Strategy Improves Ethics and Compliance Program Effectiveness

Next Post

Big Corporate Titles, Big Social Media Mistakes

Tal Klein

Tal Klein headshot 12-18-14Tal Klein is vice president of strategy and marketing at cloud computing and SaaS security provider Adallom, based in Palo Alto, Calif. Previously, Tal was senior director of products at Bromium where he led a product marketing strategy that helped build that company into a multimillion-dollar business. He has managed integrated product strategy at Citrix and also spent more than a decade in the web hosting industry, developing managed infrastructure services.

Related Posts

job candidates awaiting inerview

An Unconventional Interview Question: “Do You Have an HR Department?”

December 5, 2019
closeup of magnifying glass on gray background

DiCianni’s Idea: How It All Got Started

December 4, 2019
woman's hand touching beam of light on digital blue screen

The Evolution of Compliance

December 3, 2019
"fire drill" words beside flashing strobe

How M&A Benefits from Independent Assessment

November 20, 2019
Next Post
social media man

Big Corporate Titles, Big Social Media Mistakes

Free Downloads

OFAC whitepaper cover
Compliance Job Interview Q&A
Reputation Risk Management Research

RSS SEC Litigation News

  • Iconix Brand Group, Inc., Neil R. Cole and Seth Horowitz December 5, 2019
    SEC Charges Iconix Brand Group and Former Top Executives with Accounting Fraud
  • Lester Burroughs December 5, 2019
    SEC Charges Connecticut Man with Defrauding Retail Investors
  • SBB Research Group LLC, et al. December 4, 2019
    SEC Charges Hedge Fund Adviser and Top Executives with Fraud

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks Big Data blockchain board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management corporate culture corporate governance culture of ethics cyber risk data analytics data breach data governance decision-making Dodd-Frank DOJ due diligence fcpa enforcement actions GDPR GRC HIPAA information security internal audit internet of things (IoT) KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • Audit
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • HR Compliance
  • Leadership and Career
  • News
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights