Search
  • Straits Interactive

Compliance Trends you better leave behind in 2019

By: Henry J. Schumacher, President of the European Innovation, Technology, and Science Center Foundation (EITSC)




Now that we are starting a new year, we can reflect on a few compliance trends that emerged over 2019 — including ill-advised practices and bad habits that compliance officers would do well to leave behind. In the Philippines, four major trends come to mind:


Ignoring Vendor Data Security Risk


Every year, more companies allow more third parties access to their confidential data — and far too many don’t have a clue about how much risk they are inviting.


Consider these stats from a 2019 survey of more than 1,000 security professionals:

  • Only 35% of respondents rate their third-party risk management program as highly effective

  • Only 34% of respondents say they have a comprehensive inventory of all their third parties

  • Only 29% of respondents say a third party would contact them about the data breach

That is not good. Strengthening vendor risk management is not easy, but ignoring the problem will not accomplish anything. Even simple fixes like contract clauses requiring third parties to report a breach of your data are a start.


Uniform Due Diligence Reviews


Along similar lines, a stubborn number of companies still apply uniform standards of due diligence to all third parties for anti-corruption. That’s better than no due diligence at all (see data security risks, above), but it still spawns two other headaches. Either you perform too little due diligence on a high-risk party and open the door to misconduct, or you perform too much due diligence on a low-risk party, and waste precious compliance resources.


Neither one does a company any favors. The goal should be a strong, versatile risk assessment process, so companies can have a credible defense should some third party indeed create a misconduct risk that contaminates your company’s reputation.


Thinking Only About What’s Legal, Not What’s Ethical


Numerous times in 2019, we saw prominent corporations sharply rebuked in the court of public opinion for transactions that might have been legal, but still didn’t pass the ethical smell test. Outlandish contracts with unqualified consultants; data sharing with shady third parties; inadequate personal data protection. I won’t name names here, but examples abound.


Fundamentally, employees and customers are gaining more power to force difficult questions about companies’ ethical principles, and they’re willing to do so. On the other hand, boards are downright terrified of heightened reputation risk.


That means standing behind the fig leaf of “Well, legally we did nothing wrong!” no longer works. Share prices can still be battered; boycotts can still take flight on social media. Companies must stop relying on what’s legal, and start defining what’s ethical.


Believing data and security breaches are not going to happen


We are seeing almost on a daily basis that data privacy is breached, that sensitive data is leaked and that the reputation of companies is challenged because the implementation of the Data Privacy Act and the Rules and Regulations issued by the National Privacy Commission are taken lightly.


It is high time that this attitude is changed and policies, procedures and controls for data protection are put in place. This requires to

  1. Commit to comply – with focus on governance and the task of the Data Privacy Officer

  2. Know your risk – data inventory and analysis / data protection impact assessment

  3. Be accountable – create a privacy management program

  4. Demonstrate compliance – implement measures re compliance monitoring to audit

  5. Be prepared for breaches – have a proper breach management team in place.

And let me repeat: companies must stop relying on what’s legal, and start understanding that breaches are not happening on the legal side: they happen in operations.



Good Luck with your New Year’s Resolutions!!!


If you need assistance – contact me at Schumacher@eitsc.com

49 views1 comment

QUICK LINKS

  • Facebook
  • YouTube

CONTACT US

SINGAPORE

43D Beach Road Singapore 189681
Tel: +65 6602 8010
Fax: +65 6448 4615
Email: sales@straitsinteractive.com

MALAYSIA
Tel: + 603 9212 8533
Email: malaysia.sales@straitsinterative.com

PHILIPPINES
Tel: + 63 91 7515 0369
Email: philippines.sales@straitsinteractive.com

Copyright © 2019 Straits Interactive Pte Ltd. All rights reserved. 
All third party trademarks (including logos and icons) referenced remain the property of their respective owners.