No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

How Global Data Privacy Laws Are Changing the CDO Role

Shedding Light on One of the C-Suite’s Newest Functions

by Stephen Cavey
August 3, 2020
in Data Privacy, Featured
executive holding data security and figure with binary background

How have recent data privacy regulations impacted the role of Chief Data Officer for organizations? Ground Labs’ Co-Founder and Chief Evangelist Stephen Cavey looks at the how the role has changed to fit today’s data standards.

Data regulation is the new reality, requiring an ever-increasing depth of knowledge in compliance, law, security and privacy. Failure to adhere to the various, evolving regulations by an organization not only has financial implications such as fines, loss of market share and even stock value, but also can destroy the trust a company was built on. Added to this, privacy regulations such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) have continued to evolve with more industries across various regions enacting new rules and regulations.

As regulations are no longer impacting just one state, one country or one industry, the responsibility and scope of a Chief Data Officer (CDO) is dramatically different from what it once used to entail. When the CDO role originated more than 15 years ago, it would have been reasonable to apply a simple data-handling policy across the broader organization, regardless of its location in the world – an approach which would likely yield significant consequences in today’s regulatory environment.

Much like compliance regulations, the CDO role has significantly evolved both in scope and responsibility. Let’s explore:

Today’s Chief Data Officer

Historically, CDOs were primarily concerned with determining the types of data an organization will capture, retain and exploit, as well as how it will be utilized. Today’s CDO faces a broad landscape of data to control, surrounded by numerous metaphorical landmines represented by data privacy regulation and, depending on the country and region, penalties that may be levied at both a federal and state level.

The CDO must not only be internally aware of data-handling activities, but also become externally aware of data-centric laws in each market the organization both operates in and collects data from – all while being a trusted advisor to the business. The latter is even more critical, as a common misconception occurs when organizations only acknowledge and maintain awareness of laws where they have a presence – not necessarily awareness of every law for all data sources collected.

The CDO in most instances is the single point of responsibility for ensuring an organization fully understands the sources of its data, how it’s handled, why it’s handled and what boundaries and limitations exist. Without this holistic view and central point of control, a business may struggle to maintain adequate control of the existing and new data being collected, as well as its broader implications.

Heightened Focus on Security

Data privacy is no longer just a concern for legal, compliance or security teams; it should be one of the biggest concerns for all departments within a commercial organization, including the board. As organizations continue to comply with the many data and privacy regulations, the responsibility to coordinate with both the board and the Chief Information Security Officer (CISO) falls on the CDO’s plate. These relationships are critical to every CDO’s success, as the CDO will often encounter scenarios overlapping the fields of data security and legal compliance.

One of the responsibilities of the CISO is to provide full monitoring and continuous awareness of personal and sensitive data across the business from a security perspective. By working together with the CDO, the CISO can have a better understanding of where all of an organization’s data lives and can gain key insights into how to prioritize data management and mitigate risk.

As technology and data security practices have evolved, more organizations have deployed capabilities to find and monitor all forms of personal data across the entire company. At this time, the CISO and CDO must work together to ensure that all of the PII within the company is secure and compliant on an ongoing basis, no matter where it is stored.

Repercussions of Noncompliance

Keeping data safe from breaches, fraud and attacks and ensuring compliance with all international data privacy regulations are some of the most important roles the CDO is tasked with. As the ever-changing rules and bylaws for each regulation continue to evolve, it’s critical that the CDO pays close attention to how each regulation differs, along with the heavy cost of being noncompliant.

Unlike its European counterpart, the GDPR, which imposes fines based on the degrees of violation, the CCPA allows individuals to pursue legal action against companies for their infractions. Noncompliant companies could be on the hook for up to $2,500 per individual violation of a data breach — an amount that can quickly get out of hand.

While in the past it has been common for data to be stolen from an organization due to the data being unknown and stored or processed outside of the organization’s security controls, with the recent data privacy laws, there is no room for costly oversight or lack of data awareness. These common challenges can quickly turn into potential data breaches and/or heavy civil and regulatory liabilities.

To add to the mix, today’s data is more than just employee information and customer lists; it can also include data from a variety of next-generation technology, such as biometric and facial data. With 90 percent of data breaches caused by human error, the CDO can reduce the chance of significant damage by a breach by educating themselves and employees on the different types of data and where they may be storing this information.

Need for Increased Monitoring

Privacy regulations like the GDPR and CCPA have increased transparency and given consumers the ability to opt-out of data-sharing policies, but as the regulations grow in scale and complexity, CDOs are exploring ways to meet these requirements without hindering business success.

Because an organization must now accept the responsibility of storing sensitive data as a cost of doing business, it’s important for the CDO to confirm that all collected data is being continually monitored to ensure it isn’t stored or transmitted to locations outside of the organization’s security controls. This is similar to having locks on all entry points in an office to prevent access, but also deploying motion sensors and camera surveillance on all sensitive areas to verify that the physical access controls are preventing unauthorized access.

All too often, sensitive data files within an organization can either be over-shared or inadvertently copied from a secure encrypted location to an unsecured location (e.g., the My Documents folder on a Windows desktop). This can result in potentially large quantities of highly sensitive personal data ending up across a number of unknown and insecure locations.

Now What?

We all know that data security and risk mitigation is an integral part of modern business. Ensuring that your data is kept secure is important, but recent data security regulation means that securing data to a high standard is now mandatory, not just good practice.

A major, ongoing challenge will be determining what information falls under the new regulations and how to find that information within the organization. Therefore, CDOs must look at compliance as a journey. This means establishing the proper people, processes and technology to support regulations, with the understanding that compliance isn’t achieved overnight. With the right steps in place, and under the CDO’s leadership, the compliance journey can become both achievable and repeatable so that it can be relied upon for the long term.

By establishing complete and ongoing visibility of all regulated data, an effective CDO can make a significant impact to the organizational process, company balance sheet, company reputation and risk mitigation effort. Most importantly, the CDO serves a crucial role in avoiding regulatory penalties and ultimately, avoiding a costly data breach.


Tags: California Consumer Privacy Act (CCPA)Data BreachGDPRMonitoring
Previous Post

Defense Contractors: What’s Next with CMMC?

Next Post

ICA & Mongolian Compliance Association Launch Bespoke Qualification

Stephen Cavey

Stephen Cavey

Stephen Cavey is Co-Founder and Chief Evangelist at Ground Labs, where he leads a global team empowering its customers to discover, identify and secure sensitive data across their organizations. He leads its worldwide product development, sales and marketing and business operations and was instrumental in extending Ground Labs’ presence with enterprise customers. Stephen has deep security domain expertise with a focus on electronic payments and data security compliance. He is a frequent speaker at industry events on topics related to data security, risk mitigation and cybersecurity trends and futures. He started Ground Labs after holding leadership positions at Paycorp Holdings, a provider of integrated electronic payments solutions; he also held engineering roles with Webpay, a payment services provider later acquired by Fidelity, and Webtel, an early Australian ISP.

Related Posts

data breach

Sobering Reality: Drizly Order Indicates Officers May Face Personal Liability for Data Breaches

by Baker Donelson
February 1, 2023

The FTC says Drizly’s CEO James Cory Rellas was alerted to a potential security loophole two years before a data...

eu flag

Preparing Your Company for the Latest GDPR Data Transfer Developments & Upcoming Deadlines

by Kevin L. Coy
November 30, 2022

An EU court decision and legislative moves in the U.S. and UK make compliance with privacy regulations increasingly difficult. Arnall...

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

checklist

5 Tips to Gain Compliance on Your Compliance Training

by Stu Sjouwerman
October 12, 2022

We know that compliance doesn’t necessarily equal security and that training employees is vital to preventing cyber attacks. But a...

Next Post
e-learning concept

ICA & Mongolian Compliance Association Launch Bespoke Qualification

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT