Building a Blueprint for Global Data Compliance

• In which jurisdiction does this data sit? Are there any unique data requirements for this jurisdiction?

• Does this data need to be preserved? If so, for how long?

Think of this entire process as creating a blueprint for your corporate data infrastructure—it should help create a stratified approach to information and data management and help you meet business needs while ensuring full compliance with both regulatory and internal requirements. It is also an essential tool for developing effective response plans to emergencies, which should be audited and analyzed on a regular basis.

Adopting New Tools and Technology

Big data, BYOD, and the Cloud have caused a big headache for have a choice when it comes to using these technologies. We live in a fast-paced, data-charged economy that requires us to conduct business in a virtual world. CIOs and CCOs of today need to be able to keep up with and understand all available tools and need to consider something that most wouldn’t have to think about when integrating a new platform, or adopting a new technology or tool: is there a chance that it could violate any of the tens of thousands of policies and requirements that govern your business? CIOs, CTOs and CCOs need to be able to come together to do the following:

• Discuss business challenges that exist where new technology, tools, platforms or infrastructure will alleviate issues or business requirements

• Understand the core usage of the new tools that they are evaluating and what practical effects the tools will have on your organization. Things to think about: Where does the data sit? Where does it go? Will it have personnel or customer information? Could it be requested as part of a regulatory or legal issue? If so, how do you ensure its integrity and preservation and how do you extract it?

As a part of this exercise, CIOs and CCOs should set up a regular task force with key stakeholders whose mandate is to analyze, map out and approve technology, bridging the gap between ensuring compliance and meeting business needs.

Embracing data

As regulators attempt to direct the flow of this data, making comprehensive demands and imposing massive fines, companies are scrambling to develop and implement new data management programs to ensure compliance. But it looks like the flow of data may be too strong and unpredictable to immediately control. It’s also expensive: CCOs and CROs in the financial services industry, for example, have collectively spent $50 billion on compliance mandates alone.

"We live in a fast-paced, data-charged economy that requires us to conduct business in a virtual world"

Simply put, regulators and corporations live on two separate clouds. While regulators have mandated how data should be stored, shouting across the gulf of space, companies are only now beginning to hear their calls.

We need to get to a point where we’re not afraid, or overwhelmed, by data; where we view it not as a liability, but as an asset. Figuring out the right way to build a proper data governance framework will allow us to remain compliant in other areas. Take the beleaguered financial industry, for example, plagued by fines and bad press. Six major banks—Bank of America, Citibank, Commerzbank, JPMorgan, SocieteGenerale and Standard Chartered—recently announced that they are working to jointly establish a registry of shared customer data to facilitate due diligence and compliance. This network will allow a secure flow of customer information from one bank to another, promoting knowledge sharing and allowing each to bolster their own compliance programs and clarity into their data through collaboration.

The future resides in the safe and efficient sharing of data. It’s time to bridge the gap between the clouds—to get to a point where we can share and expand with a clear mind and a clear conscience.