When Compliance isn’t Good Enough: Thinking Beyond Regulations is a Must

With the January 2020 deadline for CCPA compliance looming, what lessons from GDPR compliance apply most this time around? Topping the list should be thinking and acting beyond compliance to build and sustain a long-range view of data security.

Achieving compliance should be seen as passing a milestone, not crossing the finish line.

‘Compliance is a seat belt on a 747’

In a recent presentation, Dr. Chase Cunningham, principal analyst at Forrester serving security and risk professionals, says, “Compliance is a seatbelt on a 747. You’ve got to have it to back away from the gate; it’ll probably help you if you hit some turbulence on the way. However, if things go really bad, does anyone really think a three-inch strip of nylon is going to make you walk away from a plane crash? Absolutely not. Compliance is not a strategy.”1

Dr. Cunningham is absolutely right. Compliance is an important checkmark, but not a strategic lever for driving an effective data protection strategy. Focusing on short-term compliance goals and settling for checkmark solutions might suffice initially but will fall short in the long run.

No one wants to realize a year later that the decision wasn’t part of a holistic strategy. This narrow-minded thinking can set you back by opening the door to unforeseen vulnerabilities.

Start with a Data Protection Mindset

Compliance should be a byproduct of an overarching security strategy, with greater focus on data protection as the pivotal point of entry. Think of compliance as the “what.” As in what is driving short-term action? Then, quickly move to the “why.” Why do I want to be compliant? The answer should always be “to protect my data.”

While compliance can provide useful guardrails, it doesn’t go as far or wide in delivering all the necessary protection, especially in terms of personal data privacy.

Do the Right Thing: Respecting Personal Data Privacy

After watching Mark Zuckerberg get raked over the coals before Congress recently, it’s easy to see that privacy is—and should be—on everybody’s mind. Companies of all sizes across every industry must focus on doing the right thing—for their business, customers and employees—by tackling the pervasive personal data privacy problem.

Finding all the places personal data exists is tricky as it proliferates across emails and files as soon as they’re created. That’s why it’s wise to gain a thorough understanding of the current data environment and impact of personal data on the existing security architecture.

It will take time to gauge how much personal data is created on a daily basis. So, iterative steps, and even a handful of tools are recommended to assess personal data risk exposure accurately.

Mindset Drives Methodology

Proper data security requires risk assessment and abatement as an ongoing evolution characterized by persistence and patience. Look for tools that deliver incremental value. Diligence is necessary for revisiting risk profiles and identifying security gaps.

Be mindful of cultural implications and upfront in communications about the importance of having a shared security responsibility. It’s not about putting burden on employees to ensure privacy is a front-and-center issue. It’s more about providing a methodology that reduces risk without making it more difficult for employees to do their jobs.

Look for solutions that automate and simplify the process to facilitate more widespread acceptance. Whether motivated by doing right by employees and customers or avoiding significant fines—remember, achieving compliance simply isn’t good enough. What’s most important is ensuring proper protection policies bolster data privacy while putting the organization on a strategic security path.

1. Dr. Chase Cunningham, SecurIT Summit 2018

About the Author

Mark Cassetta, senior vice president of strategy for Titus, oversees the product lifecycle from concept to implementation and customer success.


  • 12 Commercial Crime Sites to Do Your Research

    12 Commercial Crime Sites to Do Your Research

    Understanding crime statistics in your industry and area is crucial for making important decisions about your security budget. With so much information out there, how can you know which statistics to trust? Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX
  • People Say the Funniest Things

    People Say the Funniest Things

    By all accounts, GSX version 2023 was completely successful. Apparently, there were plenty of mix-ups with the airlines and getting aircraft from the East Coast into Big D. I am all ears when I am in a gathering of people. You never know when a nugget of information might flip out. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity


New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3