When Compliance isn’t Good Enough: Thinking Beyond Regulations is a Must

With the January 2020 deadline for CCPA compliance looming, what lessons from GDPR compliance apply most this time around? Topping the list should be thinking and acting beyond compliance to build and sustain a long-range view of data security.

Achieving compliance should be seen as passing a milestone, not crossing the finish line.

‘Compliance is a seat belt on a 747’

In a recent presentation, Dr. Chase Cunningham, principal analyst at Forrester serving security and risk professionals, says, “Compliance is a seatbelt on a 747. You’ve got to have it to back away from the gate; it’ll probably help you if you hit some turbulence on the way. However, if things go really bad, does anyone really think a three-inch strip of nylon is going to make you walk away from a plane crash? Absolutely not. Compliance is not a strategy.”1

Dr. Cunningham is absolutely right. Compliance is an important checkmark, but not a strategic lever for driving an effective data protection strategy. Focusing on short-term compliance goals and settling for checkmark solutions might suffice initially but will fall short in the long run.

No one wants to realize a year later that the decision wasn’t part of a holistic strategy. This narrow-minded thinking can set you back by opening the door to unforeseen vulnerabilities.

Start with a Data Protection Mindset

Compliance should be a byproduct of an overarching security strategy, with greater focus on data protection as the pivotal point of entry. Think of compliance as the “what.” As in what is driving short-term action? Then, quickly move to the “why.” Why do I want to be compliant? The answer should always be “to protect my data.”

While compliance can provide useful guardrails, it doesn’t go as far or wide in delivering all the necessary protection, especially in terms of personal data privacy.

Do the Right Thing: Respecting Personal Data Privacy

After watching Mark Zuckerberg get raked over the coals before Congress recently, it’s easy to see that privacy is—and should be—on everybody’s mind. Companies of all sizes across every industry must focus on doing the right thing—for their business, customers and employees—by tackling the pervasive personal data privacy problem.

Finding all the places personal data exists is tricky as it proliferates across emails and files as soon as they’re created. That’s why it’s wise to gain a thorough understanding of the current data environment and impact of personal data on the existing security architecture.

It will take time to gauge how much personal data is created on a daily basis. So, iterative steps, and even a handful of tools are recommended to assess personal data risk exposure accurately.

Mindset Drives Methodology

Proper data security requires risk assessment and abatement as an ongoing evolution characterized by persistence and patience. Look for tools that deliver incremental value. Diligence is necessary for revisiting risk profiles and identifying security gaps.

Be mindful of cultural implications and upfront in communications about the importance of having a shared security responsibility. It’s not about putting burden on employees to ensure privacy is a front-and-center issue. It’s more about providing a methodology that reduces risk without making it more difficult for employees to do their jobs.

Look for solutions that automate and simplify the process to facilitate more widespread acceptance. Whether motivated by doing right by employees and customers or avoiding significant fines—remember, achieving compliance simply isn’t good enough. What’s most important is ensuring proper protection policies bolster data privacy while putting the organization on a strategic security path.

1. Dr. Chase Cunningham, SecurIT Summit 2018

About the Author

Mark Cassetta, senior vice president of strategy for Titus, oversees the product lifecycle from concept to implementation and customer success.

Featured

  • NOLA: The Crescent City

    Twenty years later we finds ourselves in New Orleans. Twenty years ago the aftermath of Hurricane Katrina forced exhibitors and attendees to look elsewhere for tradeshow floor space. Read Now

    • Industry Events
    • GSX
  • Nothing Artificial About this Intelligence

    I have been looking forward to this year’s GSX show in New Orleans, the Cresent City, or if you prefer The Big Easy. It seems like quite a while since we’ve been here. Twenty years ago, ASIS, as it was known then was literally washed out of the city by someone known as Katrina. It is a good thing to come back to NOLA. Read Now

  • From Monitors to Mission Control

    Security Operations Centers (SOC) were once defined by rows of static monitors, each displaying a single feed with operators quietly watching for issues. That model has become obsolete. Incidents evolve too quickly, data comes from multiple locations, and decisions must be made in seconds—not minutes. Read Now

  • New Gas Monkey Garage Venue Uses AI-Enhanced Video Technology

    Gas Monkey Garage, the automotive custom shop and entertainment brand founded by Richard Rawlings of Fast N’ Loud TV fame, has opened a vibrant new restaurant and bar in South Dakota, equipped with advanced, AI-enhanced video tech from IDIS Americas. Read Now

  • Data Driven, Proactive Response

    As cities face rising demands for smarter policing and faster emergency response, Real Time Crime Centers (RTCCs) are emerging as essential hubs for data-driven public safety. In this interview, two experts with deep field experience — Ross Bourgeois of New Orleans and Dean Cunningham of Axis Communications — draw on decades of operational, leadership and technology expertise to share how RTCCs are transforming public safety through innovation, interagency collaboration and a relentless focus on community impact. Read Now

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.