Data compliance lagging issue for US businesses, yet 42% vulnerable to fines – CIO Dive


Dive Brief:

  • Data privacy regulators have fined more than 10% of companies for data-related issues,according to a Dun & Bradstreet reportof 510 U.S. and U.K. business decision makers. 
  • Almost one-third of U.S. businesses are unconcerned about data compliance, yet 42% of respondents believe if regulators examined their data practices, they would be fined, according to the report. 
  • About 41% of organizations lack a head of data management, according to the report. Over the last decade, IT departments are responsible for data, as opposed to overall business for 42% of U.S. business leaders. 

Dive Insight:

Data gives companies insights into customers’ preferences and their market trajectory. But reckless data collection comes with steep implications. 

More than half of companies, 56%, say they have not “realized the full potential of data,” according to the report. However, the ones that have may not be properly managing it, which has led to regulatory fines or loss of customers.

Data under insufficient management practices can become “siloed, inaccessible and out of date very quickly,” according to the report. One of the pillars of the General Data Protection Regulation (GDPR) is knowing where consumer data is at all times, whether stored on-prem or through a third party. Forgotten data canlead to penalties

U.S. companies’ resistance to compliance concerns correlates with the federal government’s slow crawl to passing a comprehensive data privacy law. 

TheCalifornia Consumer Protection Act(CCPA) is the closest U.S. law to GDPR, but by some standards, it cannot be regarded as a comprehensive data privacy law, according to Chris Calabrese, VP of Center for Democracy and Technology, speaking at a CompTIA event in Washington, D.C. Monday.

While the CCPA addresses the same consumer rights as GDPR — right to access, delete, opt out, etc. — it doesn’t speak to what companies can collect. The goal of the CCPA is to put more control in the hands of consumers, to make them feel more comfortable, said Calabrese. 

A comprehensive data privacy law, however, is about achieving better outcomes “regardless of whether or not consumers decide to use those controls or not,” said Calabrese.

Factoring in consumer rights into data management has become just as important as driving business insights. A company can no longer lawfully harvest insights on data without policy protecting it.




Read More


Please enter your comment!
Please enter your name here