When Compliance isn’t Good Enough: Thinking Beyond Regulations is a Must

With the January 2020 deadline for CCPA compliance looming, what lessons from GDPR compliance apply most this time around? Topping the list should be thinking and acting beyond compliance to build and sustain a long-range view of data security.

Achieving compliance should be seen as passing a milestone, not crossing the finish line.

‘Compliance is a seat belt on a 747’

In a recent presentation, Dr. Chase Cunningham, principal analyst at Forrester serving security and risk professionals, says, “Compliance is a seatbelt on a 747. You’ve got to have it to back away from the gate; it’ll probably help you if you hit some turbulence on the way. However, if things go really bad, does anyone really think a three-inch strip of nylon is going to make you walk away from a plane crash? Absolutely not. Compliance is not a strategy.”1

Dr. Cunningham is absolutely right. Compliance is an important checkmark, but not a strategic lever for driving an effective data protection strategy. Focusing on short-term compliance goals and settling for checkmark solutions might suffice initially but will fall short in the long run.

No one wants to realize a year later that the decision wasn’t part of a holistic strategy. This narrow-minded thinking can set you back by opening the door to unforeseen vulnerabilities.

Start with a Data Protection Mindset

Compliance should be a byproduct of an overarching security strategy, with greater focus on data protection as the pivotal point of entry. Think of compliance as the “what.” As in what is driving short-term action? Then, quickly move to the “why.” Why do I want to be compliant? The answer should always be “to protect my data.”

While compliance can provide useful guardrails, it doesn’t go as far or wide in delivering all the necessary protection, especially in terms of personal data privacy.

Do the Right Thing: Respecting Personal Data Privacy

After watching Mark Zuckerberg get raked over the coals before Congress recently, it’s easy to see that privacy is—and should be—on everybody’s mind. Companies of all sizes across every industry must focus on doing the right thing—for their business, customers and employees—by tackling the pervasive personal data privacy problem.

Finding all the places personal data exists is tricky as it proliferates across emails and files as soon as they’re created. That’s why it’s wise to gain a thorough understanding of the current data environment and impact of personal data on the existing security architecture.

It will take time to gauge how much personal data is created on a daily basis. So, iterative steps, and even a handful of tools are recommended to assess personal data risk exposure accurately.

Mindset Drives Methodology

Proper data security requires risk assessment and abatement as an ongoing evolution characterized by persistence and patience. Look for tools that deliver incremental value. Diligence is necessary for revisiting risk profiles and identifying security gaps.

Be mindful of cultural implications and upfront in communications about the importance of having a shared security responsibility. It’s not about putting burden on employees to ensure privacy is a front-and-center issue. It’s more about providing a methodology that reduces risk without making it more difficult for employees to do their jobs.

Look for solutions that automate and simplify the process to facilitate more widespread acceptance. Whether motivated by doing right by employees and customers or avoiding significant fines—remember, achieving compliance simply isn’t good enough. What’s most important is ensuring proper protection policies bolster data privacy while putting the organization on a strategic security path.

1. Dr. Chase Cunningham, SecurIT Summit 2018

About the Author

Mark Cassetta, senior vice president of strategy for Titus, oversees the product lifecycle from concept to implementation and customer success.

Featured

  • AI Is Now the Leading Cybersecurity Concern for Security, IT Leaders

    Arctic Wolf recently published findings from its State of Cybersecurity: 2025 Trends Report, offering insights from a global survey of more than 1,200 senior IT and cybersecurity decision-makers across 15 countries. Conducted by Sapio Research, the report captures the realities, risks, and readiness strategies shaping the modern security landscape. Read Now

  • Analysis of AI Tools Shows 85 Percent Have Been Breached

    AI tools are becoming essential to modern work, but their fast, unmonitored adoption is creating a new kind of security risk. Recent surveys reveal a clear trend – employees are rapidly adopting consumer-facing AI tools without employer approval, IT oversight, or any clear security policies. According to Cybernews Business Digital Index, nearly 90% of analyzed AI tools have been exposed to data breaches, putting businesses at severe risk. Read Now

  • Software Vulnerabilities Surged 61 Percent in 2024, According to New Report

    Action1, a provider of autonomous endpoint management (AEM) solutions, today released its 2025 Software Vulnerability Ratings Report, revealing a 61% year-over-year surge in discovered software vulnerabilities and a 96% spike in exploited vulnerabilities throughout 2024, amid an increasingly aggressive threat landscape. Read Now

  • Motorola Solutions Named Official Safety Technology Supplier of the Ryder Cup through 2027

    Motorola Solutions has today been named the Official Safety Technology Supplier of the 2025 and 2027 Ryder Cup, professional golf’s renowned biennial team competition between the United States and Europe. Read Now

  • Evolving Cybersecurity Strategies

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.