Prior to the onset of Covid-19, organizations across the globe were already struggling to achieve and maintain compliance with privacy and data security regulations in their region. Even longstanding, well-known, and highly effective compliance regulations like Payment Card Industry Data Security Standard (PCI DSS) declined for the third year in a row, hitting just under 28 percent according to Verizon. Couple that with a global pandemic that has drastically altered business processes and shifted entire workforces to a remote setting, and many organizations were forced to slow down their compliance initiatives as they diverted budgets to prioritize operational stability.
But now, as the business community starts to take steps toward resuming normalcy and get back on track, organizations will have to address their compliance posture and begin to reckon with the new level of risk that has arisen in the remote work setting.
Accepting a new level of data risk
There is no way around it: remote work is here to stay. For businesses, this poses a major challenge, especially as consumers continue to accelerate e-commerce trends and begin to live more of their lives online. The inherent danger of remote work settings stems from the fact that when employees work beyond the four walls of an office, the network becomes more exposed and dispersed as employees share information across workstations. Once employees open their laptops from home, it becomes substantially more possible for new risks to be introduced to a corporate network.
And while organizations will have to come to terms with accepting this new level of risk, that does not mean they have to give up in the face of data breaches and compliance fines. The first step in accepting this new level of risk is to thoroughly understand all the data and find out what types of information are being collected, why it is being collected, and where it is located. Only then, can compliance leaders and security officers begin to attempt to mitigate risk through education as well as awareness. Of course, as data continues to proliferate the network, organizations should be conducting regular data security assessments that determine where the greatest level of risk is, as well as the potential impact a breach would have.
Compliance enforcement on the rise
Given the pandemic’s impact on governments and global business operations, it is not surprising that we saw the enforcement of consumer data privacy laws take a backseat in 2020. And while it remains difficult to predict what enforcement will look like in the new year, with several major regulatory updates and implementations coming down the pipeline, organizations should take steps now to become compliant.
In just the first half of the year, we will see the implementation of the Thailand Personal Data Protection Act (PDPA), a completely new version of the Payment Card Industry Data Security Standard (PCI DSS), and the creation of the California Privacy Protection Agency, the first agency in the United States entirely dedicated to consumer data privacy awareness, management, and enforcement. This is just a small handful of what compliance officers and organizational decision-makers should be paying attention to in the new year.
While organizations may be hoping to fly under the compliance radar in the new year, the enforcement bodies behind these regulations may be looking to make a splash once implemented. The strain placed on businesses in 2020 was nearly unprecedented, and as they look to rebuild, a hefty compliance penalty or data breach could be devastating, not only to the bottom line, but to customer trust and overall brand reputation.
If 2020 has taught us anything, it is that things can change without a moment's notice. Businesses need to be as prepared as possible for these changes, or they run the risk of being left behind and unable to pivot to things like remote work, new product offerings and new forms of data collection. But it is just as important to be able to properly and successfully protect that pivot and the data it creates. In 2021, expect organizations to address their pivots by accepting a new level of risk and shoring up their compliance initiatives before the next unpredictable event.
Read the second part of this opinion next week