All businesses collect data -- from major retail chains and airlines to credit bureaus and social media giants. That's nothing new.
Today, however, there are rising concerns surrounding data compliance. These issues involve how data is gathered, analyzed and secured. Data compliance improves a company's image, fosters customer loyalty, attracts high-caliber employees and keeps businesses compliant with regulations.
What is data compliance?
In a broad sense, data compliance is following the law of the land. It requires implementing policies, procedures, workflows and operations to ensure legal obligations are met. Data is a fluid entity, and compliance requires constant time and attention.
Data compliance regulations can differ from country to country or continent to continent. For instance, U.S. companies operating globally must be cognizant of the EU's GDPR.
A culture of data compliance
All data within an organization must meet data compliance standards. It's important employees work for a data-compliant company with a strong set of ethics for a number of reasons:
- Data compliance signals to customers that their personal information will remain secure, thereby building brand loyalty.
- It helps avoid noncompliance and reduces the chance of bad publicity, which can damage a business.
- When a corporate code of ethics includes data compliance, it helps attract high-caliber employees.
- Data compliance enhances the bottom line and is a best practice for any data-driven business.
Perception is reality when it comes to protecting data
Strong brand perception is a valuable asset. Privacy policies can help strengthen a company's image and can be a valuable marketing tool. On the flip side, data breaches are poison for social media platforms and can lead to lawsuits. In recent years, Facebook's brand has been tarnished by data privacy issues, which make some users hesitant to try the platform's new features.
Data analytics can be a positive business attribute when adhering to compliance parameters. Many companies mine data -- often via mobile apps used to establish user profiles, which then offer users customized deals.
This practice, however, comes with a mandate to use the information responsibly. Dynamic Yield, a startup that provides retailers with algorithmically driven "decision logic" technology, was purchased by McDonald's in 2019 to help companies mine data. As a result, drive-thru customers are recommended items based on their app purchasing history. The technology helps increase business and brand popularity.
When managing data compliance regulations, it's important to establish an internal data ethics framework. The process should encompass regulatory obligations, while also creating a balance between the commercial and ethical value of the company's data. When data compliance results in lower profits, an ethics framework helps organizations avoid sacrificing compliance for profit.
Data regulations vary across countries and industries. Some IT professionals worry that if, or when, universal data compliance policies are established, they will give hackers a clearer roadmap to follow. That's why companies always need to be diligent about protecting data -- and a reason why following basic regulations isn't enough.
One size does not fit all
Data compliance is not the same across the board. Variations in data retention under HIPAA, for example, make transference of health records more difficult. In some states, medical records are owned by the healthcare provider. Minimum retention periods can from vary from seven to 10 years. HIPAA Journal also noted that the most common violations include "the failure to perform an organization-wide risk analysis to identify risks to the confidentiality, integrity and availability of protected health information … [and] delayed breach notifications."
In another example, CCPA, modeled after GDPR, was implemented to enhance privacy rights and consumer protection for residents of California. It gives consumers more control over how their data can be shared or managed. Social media users in California who want their profile deleted from a platform and all related ecosystems can have the task performed immediately -- not a month later as is standard for some social media platforms. Users can also demand a report on how their data is shared with other digital platforms and request that sharing be stopped in many cases.
Consumer awareness surrounding data can also prompt companies to rethink or modify how they go to market.
The awareness factor
A lack of awareness for what constitutes adequate data compliance is a real concern. Some smaller entities have limited knowledge about what it means to follow guidelines -- and some of these firms may decide to risk bad publicity to avoid the added security expenses of preparing for a data breach.
Taking a customer-first approach by being upfront when there is a breach -- not weeks or months later as has been true with some high-profile incidents -- may keep some of those customers from turning away when they see efforts are being made to fix the problem.
Sharing personal data online requires a leap of faith and means the end user is saying, "We trust you to use this information ethically and to protect it from bad actors." Businesses should not misuse the trust placed in them to be data-compliant. They must establish guidelines and ethics that go above and beyond any current regulations.
In summary, it's just good business.
About the author
Mitesh Athwani is a senior IT leader with more than 15 years of experience in services, consulting, analytics and data governance. He has an MBA and a degree in computer science engineering. You can contact Athwani at [email protected].