Now that we are starting a new year, we can reflect on a few compliance trends that emerged over 2019 - including ill-advised practices and bad habits that compliance officers would do well to leave behind. In the Philippines, four major trends come to mind:
Every year, more companies allow more third parties access to their confidential data — and far too many don’t have a clue about how much risk they are inviting.
Consider these stats from a 2019 survey of more than 1,000 security professionals:
That is not good. Strengthening vendor risk management is not easy, but ignoring the problem will not accomplish anything. Even simple fixes like contract clauses requiring third parties to report a breach of your data are a start.
Along similar lines, a stubborn number of companies still apply uniform standards of due diligence to all third parties for anti-corruption. That’s better than no due diligence at all (see data security risks, above), but it still spawns two other headaches. Either you perform too little due diligence on a high-risk party and open the door to misconduct, or you perform too much due diligence on a low-risk party, and waste precious compliance resources.
Neither one does a company any favors. The goal should be a strong, versatile risk assessment process, so companies can have a credible defense should some third party indeed create a misconduct risk that contaminates your company’s reputation.
Numerous times in 2019, we saw prominent corporations sharply rebuked in the court of public opinion for transactions that might have been legal, but still didn’t pass the ethical smell test. Outlandish contracts with unqualified consultants; data sharing with shady third parties; inadequate personal data protection. I won’t name names here, but examples abound.
Fundamentally, employees and customers are gaining more power to force difficult questions about companies’ ethical principles, and they’re willing to do so. On the other hand, boards are downright terrified of heightened reputation risk.
That means standing behind the fig leaf of “Well, legally we did nothing wrong!” no longer works. Share prices can still be battered; boycotts can still take flight on social media. Companies must stop relying on what’s legal, and start defining what’s ethical.
We are seeing almost on a daily basis that data privacy is breached, that sensitive data is leaked and that the reputation of companies is challenged because the implementation of the Data Privacy Act and the Rules and Regulations issued by the National Privacy Commission are taken lightly.
It is high time that this attitude is changed and policies, procedures and controls for data protection are put in place. This requires to
And let me repeat: companies must stop relying on what’s legal, and start understanding that breaches are not happening on the legal side: they happen in operations.
Good Luck with your New Year’s Resolutions!!!
By: Henry J. Schumacher, President of the European Innovation, Technology, and Science Center Foundation (EITSC)
Contact: Schumacher@eitsc.com
Get access to news, enforcement cases, events, and actionable tips and guides
Get regular email updates and offers
Job opportunities, mentorship and career guidance
Exclusive access to Data Protection community - ask questions, network and share knowledge with peers and experts via WhatsApp and Linkedin
DPEX Network is a Community Initiative of Straits Interactive.
Copyright © Straits Interactive Pte Ltd. All Rights Reserved.
All intellectual property rights to logos and brands featured on this website remain the property of their respective owners.