Todays global marketplace has made it easier than ever to share data, but that doesnt mean weve all agreed on how to keep that shared data safe.
Very few will dispute that to be competitive in todays marketplace, you have to keep an eye on international business and regulations. Even if you have a domestic business, serving a strictly domestic market, chances are pretty good your vendors or suppliers will have international ties. The information you share with those parties may be governed by a whole host of privacy and security laws with which you and your staff are not familiar.
The task of running a business that complies with all those privacy and security regulations has been growing increasingly more complex over the past 50 years. The emergence of privacy and security laws around digital data (as opposed to hard copy information), began slowly in the 1960s as mainframe computers became more widely used by businesses. The earliest U.S. privacy and security regulations focused more on restrictions for how government agencies could and should use, share and protect personal data. As time went on and technology evolved, more security and privacy laws and regulations emerged within the U.S., often to address the security and privacy of very specific types of personal data, within very specific types of industries.
At the same time in other parts of the world, laws were emerging to address a wide range of data that could be considered personal. The European Union established in 1995 a minimum necessary set of security and privacy controls with which all EU member countries had to comply. (Directive 95/46/EC of the European Parliament and of the Council, most commonly referenced as the EU Data Protection Directive).
Those controls will be replaced by the General Data Protection Directive (GDPR), which goes into effect on May 25, 2018. Very similar versions of the 1995 EU Data Protection Directive were also created by other countries, such as Canada. Those countries were deemed adequate with regard to their security and privacy laws, and so personal data could be more freely shared between those countries.
But even with the existence of generally accepted de facto standards based on that 1995 EU law, there are still thousands of different laws, regulations and standards around protection of data varying widely from one country, region or even city to the next. So how do business leaders respond?
The most important thing you can do is to prioritize security and privacy initiatives within your company. So what does this look like?
Organizations that are serious about global compliance invest the time and money into security and risk management initiatives. They dont pick and choose the security/privacy regulations they think apply to their organizations and brush off the rest. That approach leaves organizations open to the risk of significant fines, penalties, breaches and lawsuits. (Sadly, Ive seen hundreds of organizations taking this approach over the past several decades, and it never ends well. Ive even served as an expert witness in a few of those cases.).
Admit you dont know what you dont know when it comes to privacy and security, and make sure your organization has the tools (like our SIMBUS360.com services) and staff (either full-time or contracted professionals) to appropriately identify, address and maintain any compliance issues with every business connection global or domestic you have.