close
close

Effective data management in the face of changing compliance regulations

Posted on by darion

GUEST OPINION: It’s no secret that sectors such as financial services, telecommunications and healthcare have continued to dominate the headlines over the last twelve months, but not always for the right reasons. In fact, managing operational risk in the company continues to be a significant challenge due to several factors, including accelerated digital transformation, increased cyber threats, the explosion of data volumes and the adoption of generative artificial intelligence.

As companies expand their operations, adopt new technologies and navigate a changing regulatory environment, they are exposed to a wider range of operational risks. Until now, many companies have treated compliance, especially regulatory compliance, as a check-box exercise that does not necessarily enhance their core security framework.

According to the Australian Information Commissioner (OAIC), the financial services industry was one of the top contributors to reporting data breaches in 2023, accounting for 10% of all data breach notifications. Not only that, IBM Data Breach Report Cost also found that the average cost of a single data breach in Australia was $2.7 million. Not to mention the incalculable costs of undermining the organization’s reputation and the goodwill of its customers. It is therefore not surprising that industry regulators are taking steps to reduce risk exposure.

The impact of changing consumer demands on data management
These regulatory changes also coincide with increasing consumer demands and expectations. From a consumer perspective, there is much greater awareness and demand for both service mobility and data security. Recent high-profile data breaches have also made security more important to us than ever before.

One such breach occurred in late 2022 at a large Australian telecommunications company. The breach affected ten million people, or one-third of the population, and hackers stole information including names, dates of birth, home addresses, phone numbers, email contacts, and passport and driving license numbers. The breach even led to the company agreeing to pay to replace hacked passports.

Consumers’ growing data literacy and the resulting perception of data management are becoming a key factor differentiating consumers’ opinions when choosing who to entrust their financial assets to. At a minimum, consumers expect their data to be private and secure – a basic expectation that, unfortunately, is not always respected.

Understand what best practices look like in an evolving regulatory landscape
We are often asked for advice on best practices as organizations begin to take the steps required to future-proof their risk and compliance strategies. While each organization has its own set of challenges to address, there are three key areas of common ground to consider.

  • Consistency between compliance, risk and security – the security team will establish mandates for the organization’s risk appetite and implement prevention, detection and response policies; but the ones who actually implement these policies are the IT team – a completely separate team – which is why there is this division of responsibility and collaboration between groups is essential.

  • Data sovereignty considerations – from a security perspective, this means considering where your data is located? Does it work in the service provider’s environment or in yours? How much control do you have over your data? Can you block a service provider if necessary?

  • Avoid supplier lock-in – operational risk is not only data breaches caused by financial crimes; there may also be risks associated with increased costs associated with technological disruptions that make critical data unavailable.

Selecting the right technology partners improves operational resilience
There are many issues to consider when considering who to entrust your data to. Strong data management can mean the difference between success and failure. As highlighted in a recent Forrester report, selecting the right managed services partner can help organizations save significantly on mitigating risk events. Moreover, the ability to augment existing internal skill sets is also a key factor as talent pools remain tight.
It’s important to look for partners that offer flexibility in data storage, but also understand and adhere to interoperability compliance with industry regulations.

We work with Revenir, a London-based fintech that automates tax recovery by partnering with banks, governments and digital receipt companies. For a company in the financial sector, it was crucial that CTO Brian Wagner was able to balance data management with cybersecurity and maintain compliance with domestic and international regulations. Through our open-source data platform, we were able to help Revenir balance these needs while providing access to a collaborative community that continually sought and developed innovative solutions to these challenges.

The open-source, multi-cloud data platform also tackles other challenges of our modern, data-intensive world with intelligent solutions that directly alleviate problems. This includes cross-cloud deployments – mentioned above, cross-cluster migration and replication, and the ability to leverage open source software.

To summarize, when choosing a technology partner, make sure they can:

  • Provide automatic updates to ensure your software stays up to date

  • Offer non-vendor-specific technologies so you can use what makes the most sense for your organization

  • Ensure data management is simplified, sovereignty compliant and secure

  • Provide 24/7 support that is region-agnostic

  • Reduce downtime with service integration

  • Provide data storage flexibility to maintain compliance

The devil is in the details. Closing the compliance gap
Taking required steps to address any gaps in current data management strategies to ensure compliance it doesn’t have to be discouraging or create more pressure on overworked employees.

Outsourcing is definitely part of the solution, but remember that you need to be ruthless with your priorities. There must be a clear plan of action so that you know where the gaps are and then go out to fill them. This is especially difficult for smaller organizations that may not have security teams or the appropriate expertise. But ultimately, every organization must manage security and compliance risks. Even in the case of outsourcing, you need to be sure that the service provider is doing its job properly. Outsourcing can help, but it is not a complete solution.

Businesses must remain vigilant and proactive in managing their security. Now is the time to take action while ensuring you have the right technology partner who understands your regulatory compliance needs.