Tens of thousands of respondents have weighed in via multiple surveys, and Gartner analysts have identified 15 legal and compliance hot spots spanning five main trends. Stephanie Quaranta reports on the issues creating or exacerbating the legal, compliance and privacy risks legal leaders must manage.
1. Heightened Regulatory, Trade and Recession Uncertainties Complicate Risk Analysis
Regulatory uncertainty, geopolitical volatility and macroeconomic uncertainty combine to make it more difficult for legal leaders to assess and manage organizational risks at the same time, meaning that fast, proactive responses to emerging risks are becoming more crucial to success. But at the same time, such an abundance of uncertainty can make it hard to act quickly.
The idea that organizations currently face high levels of geopolitical volatility is well established, with events such as Brexit, the ongoing U.S.-China trade negotiations and tensions in the Middle East all contributing factors. Uncertainty is also economic in nature, as we are currently witnessing the longest economic expansion in U.S. history, yet globally economic growth has peaked according to the UN. This leads many to speculate that a change in macroeconomic fortunes is overdue.
Looking at Gartner survey data across all industry segments, at least 60 percent of respondents reported an increase in the scope of relevant regulatory change in the past three years. The three hot spots that emerged within this trend are:
- Trade barriers being used as a policy tool
- Patchwork regulation in key areas
- Heightened recession chatter
2. New Technological Applications Cause Clash of Efficiency and Ethics
Organizations are increasingly finding immense value in using big data and analytics. Growth in the use of these technologies, however, continues to outpace clear regulatory and ethical consensus which leaves organizations struggling to weigh their current value against the potential for crossing an as-yet undefined line.
Regulators are beginning to draw that line in response to the demands of their citizenship. Legislation such as the EU’s GDPR and California’s CCPA show us that regulators are willing to act very firmly in the event of data misuse, with the top 10 GDPR fines said to amount to almost half a billion U.S. dollars.
Few will have failed to notice the cookie consent forms now almost ever-present across the internet, and really this is just the tip of the iceberg when it comes to changes organizations have made to ensure data protection compliance. As this kind of legislation is relatively new and technical, there is concern amongst legal and compliance professionals about their organization being noncompliant, or even about how to ensure compliance due to the proliferation of so many third-party suppliers, data sources and new analytic techniques.
The hot spots are:
- AI implementation without clear guidelines
- Employee monitoring reducing trust
- Growing consumer demands for data privacy
3. External Change Increases the Complexity of Compliance
As organizations have increasingly adapted their business models to rely on the capabilities of third-party partners and contingent workers, the business ecosystem has become more complex. As more than four-fifths (83 percent) of the organizations Gartner surveyed are employing an external workforce, it is important for most legal leaders to think carefully about how to manage the associated risks.
What’s more, the U.K.’s supreme court ruled that a gig worker was entitled to worker’s rights – which could increase pressure on some firms to change their business models. A Californian court recently followed suit, so it doesn’t seem like this was a one-off ruling.
The hot spots here are:
- Shifting classifications for gig workers
- Increased complexity of nth-party ecosystem
- Unpredictable Foreign Corrupt Practices Act (FCPA) enforcement patterns
4. Rising Social Consciousness Leads to New Stakeholder Demands
Almost nine in 10 (87 percent) of the employees Gartner surveyed said they expect companies to take a public position on social issues relevant to the business. But this is not easy to do well, and the consequences of getting it wrong can be steep, as stakeholders from employees to investors feel more empowered to demand change.
Indeed, in 2019, both Google and Microsoft faced demands from their employees to end work with government agencies. Also, 10 percent of Wayfair’s employees walked out in protest at its willingness to supply furniture for U.S. immigration facilities. With unemployment at historic lows and employee disengagement rising, it seems employees feel more able to seek alignment between personal and corporate values.
The hot spots are:
- Rising employee activism at work
- ESG at a corporate expectation
Read More Articles About 2020 Compliance Trends:
5. Advances in Data Processing Heighten Risk to Businesses and Consumers
As both regulators and customers increase their attention on the ways in which organizations combine, analyze and otherwise use information, data processing is on pace to surpass data collection as the primary source of privacy risk for organizations. As data sets become more complete and analytics more sophisticated, there is a rising threat of de-anonymization.
Eighty-seven percent of U.S. citizens can be successfully re-identified from just their birthday, five-digit ZIP code and gender. Anonymized data such as this was previously thought beyond the scope of privacy regulation because it posed no risk. Now, legal and compliance leaders must balance the decreased effectiveness of anonymization with the regulations that require it.
Biometrics use is also on this rise, with Garner predicted that between 60 and 90 percent of large or mid-size organizations will be using it by 2022. The regulatory landscape is still developing, but it is covered by GDPR, CCPA and others. Biometric data is effectively an unchanging “password” of great interest to hackers, so we expect to see breaches in future.
Perhaps unsurprisingly, with such a proliferation of new data sources, interest in data lakes among senior executives is growing rapidly. Gartner analysts’ call volumes on the topic have risen almost fourfold in the past six months. This increased interest is pressuring legal leaders to manage associated privacy risks.
The hot spots are:
- Increasing use of biometrics as identifiers
- Rising threat of de-anonymization
- Emergence of data lakes
- Expanding definition of personal data