We were fortunate to be able to pick the brain of data management innovator Peter Bierfeldt. Here, he highlights some pressing regulatory changes and discusses the best solutions to meet those challenges head on.
CCI: What are some of the most significant issues facing CCO and CISOs?
Peter Bierfeldt: The rapidly changing threat landscape is an ongoing worry for CISOs. As an example, an acute concern is the fall in Bitcoin prices. In recent years, the most common threat facing an organization has been a threat actor accessing the corporate network and stealing processing power for Bitcoin mining. With Bitcoin prices falling rapidly, the concern is that threat actors may now be starting to look beyond these weak servers and snooping into what is stored on that network.
The changing legal landscape and the complexity and differences in privacy rules represent other challenges. Security and privacy requirements overlap in many areas. The General Data Protection Regulation (GDPR), changes resulting from EU Privacy Shield, inconsistencies in Chinese laws and guidance and the California Consumer Protection Act (CCPA) are a small number of the myriad privacy-related changes that have knock-on effects for security. CISOs must work closely with Chief Privacy Officers to navigate and address requirements in this ever-changing legal landscape.
CCI: What do you see as the greatest business risks facing companies today?
PB: Organizations can no longer use the traditional model for competitive strategy. Businesses that fail to change and adapt to new data-driven realities end up like Borders, Toys-R-Us and Blockbuster. Data plays a massive role in this change. For example, look at the success of companies like Waze, leveraging data from customers collected via normal activities like commuting to work. Reltio, by leveraging modern master data management technologies such as NoSQL, graphical databases, data as a service (DaaS) and machine learning enables companies to better govern their data. With clean input data, companies can derive relevant, timely insights from their customers and marketplace while meeting compliance regulations.
CCI: In your opinion, what’s the greatest challenge for companies from a regulatory standpoint?
PB: Both GDPR and CCPA affect the most companies and represent the most significant risk from regulatory fines and other impacts. The risk of substantial fines as a proportion of revenue represents substantial risk for businesses operating in Europe and those that have European consumers on their website. CCPA is similar to GDPR, although the fines may not be as significant; it impacts almost all companies, as nearly all companies have consumers who are California residents.
CCI: How might Chief Compliance Officers prepare to face the hurdles you mentioned?
PB: CCOs can prepare for these challenges in a number of ways. Engaging privacy and legal firms with expertise in these laws can help perform a gap assessment against these legal requirements. These assessments take the form of a survey and assess the current policy, procedure and technical privacy controls against requirements in the laws.
CCOs must also work with CIOs or Chief Data Officers to ensure a comprehensive data management strategy. Using modern data management technology can help provide technical and process capabilities to meet the compliance challenges that legacy systems cannot support.
CCI: What does Reltio do to help its clients address these challenges?
PB: Reltio Cloud is highly configurable modern master data management platform as a service, and it’s GDPR-ready. Reltio has a single view of the consumer that identifies PII data and enables customers to manage consent more effectively. Reltio Cloud enables the management and maintenance of rights and consents with the ability to capture and store consent types using graph technology to easily find out whether an adult provided consent regarding the collection of information for a minor.
Built-in workflow processes support the right to be forgotten and also support processing any other customer requests, such as request to access or data change requests. Reltio Cloud ensures purging of all traces by customer entity type in support of data erasure, including the removal of any attribute, historical activities made by individuals captured as part of their digital activities and activity logs on the Reltio platform.
Reltio Cloud offers built-in audit and data lineage to support accountability for the business to be able to demonstrate compliance. Attributes are also traced back to the internal and external data providers they came from. In the case of a change request, the request can be routed back to its original source.
CCI: How do you affect change within your clients’ environments?
PB: This can vary based on the use case and the level of engagement required for the customer. Reltio professional services and partners work closely with customers’ business and IT implementation teams to assess current processes and determine the future state, developing a realistic plan to implement people, process and technical changes to realize value from Reltio’s modern master data management platform. Many customers use Reltio as a lever for change. Reltio can transform existing data governance processes to enable capabilities and use cases that were previously impossible or difficult to achieve in a legacy environment.
CCI: What other compliance solutions does your company provide?
PB: Reltio is highly configurable and can be adapted to other compliance reporting needs related to consumers or other entities. An example in life sciences is meeting with requirements of open payments or the Sunshine Act. Reltio’s workflows, granular audit trails and powerful search, coupled with the ability to configure other attributes, quickly enable Reltio to support many compliance needs.
CCI: Compliance departments are often asked to accomplish their work with limited resources. What best practices would you share to help them accomplish this?
PB: Integrate and automate as much as possible. Look for technologies that can integrate with other upstream and downstream systems easily and ensure consistent and accurate data across all systems, applications and analytics. With data management systems like this in place, compliance teams won’t have to spend their efforts on data extraction and clean-up activities. Data for compliance review and reporting should be available immediately. Also look for a data management technology that can incorporate advanced analytics and machine learning to provide insights into compliance through a scoring system or by suggesting recommendations to improve data quality. This and efficient task management with workflows to incorporate in human quality assurance steps where required make compliance departments more productive.
Peter Bierfeldt is Chief Information Security Officer at Reltio, where he is responsible for internal security compliance, as well as external certifications of Reltio Cloud. He has more than 20 years of industry experience, including leading complex, large enterprise IT programs and projects. He also has over 10 years of experience in the pharmaceutical industry and has managed the global delivery of a multimillion-dollar IT program for a top 10 pharmaceutical organization. Peter comes to Reltio from Yard 3 Technologies, where he served as Practice Director, leading the Master Data Management, Security, Validation and Compliance Practice.