Experts Share Their Thoughts on Why Data Compliance Is So Important

With the recent string of cyberattacks, data has become extremely valuable. According to IBM's Cost of a Data Breach Report 2021, the average cost of a data breach is $4.24M, up from 3.86 million from the last report. 

Today, when data lands in the wrong hands, it can have devastating results. I wanted to find out from industry leaders and experts why data compliance is such a critical component of business continuity, as well as how organizations can maintain the highest level of data compliance.

Anthony Buonaspina, BSEE, BSCS, CPACC, CEO and Founder, LI Tech Advisors:

"The world is becoming increasingly dependent on technology and organizations are storing enormous amounts of information every day.  I've been telling my clients for years, that in the event of a disaster, I can replace every piece of hardware and software, but not the data. I stress the importance of having a proper data backup and recovery plan in place. The problem today is what you don't know can hurt you, and for an organization developing a disaster recovery plan, they may overlook obvious things.

This is where data compliance comes in. Data compliance regulations force organizations to improve their data security standards and practices based on guidelines that have already been implemented and give an organization a road map to follow. Following these guidelines will help prevent data breaches from occurring and the organization's sensitive data from being exposed, stolen, encrypted, or falling into the wrong hands and having the organization's reputation ruined."

Ashu Singhal, President, Orion Network Solutions:

"As more and more of our world is getting digitized, data is becoming the new competitive advantage and key resource of any business. Protecting that data, especially sensitive PII, and ensuring it's in compliance with any regulations is key to the survival of any business."

Cameron Call, CISSP, Technical Operations Manager, Network Security Associates, Inc.:

"Putting aside the ethical considerations, compliance with data regulations is important because it limits liability. The obvious one is government regulations. GDPR and some stateside regulations come with pretty hefty consequences for non-compliance. What is not always so obvious is data compliance requirements a company can and should impose on itself. If it limits what it collects, there is less to be on the hook for in the event of a breach.

Organizations also should implement retention policies. If a company has a policy to delete data, in this example, emails older than 7 years, then the content of those emails cannot be used against them in arbitration or litigation. Data consistently deleted as per policy is going to be "too bad so sad" if requested. Data deleted without a policy can have serious consequences depending on circumstances."

Jeremy Kushner, CEO, BACS Consulting Group, Inc.:

"Put quite simply, data compliance is merely a minimum set of requirements laid out by regulatory bodies, whether government or industry-specific, to attempt to keep data secure.  This is obviously a crucial first step towards data security and sets a baseline for performance in specific sectors and with specific technologies.  However, compliance should never be mistaken for full-fledged security.  We would be remiss if we assumed that the meeting of minimum compliance requirements qualifies as due diligence, especially with the relentless never-ending stresses placed on systems and networks by hackers, terrorists, and foreign governments. 

However, as mentioned prior, compliance is a crucial first step forward, and in a vast majority of areas, baselines are still lacking.  Here in the United States, as an example, businesses in most sectors are forced to fend for themselves and determine what, if anything, should be done to secure their data.  This creates a patchwork approach and leaves many under-funded or under-educated businesses and sectors scratching their heads, not even knowing which initial steps to take and not having the initiative to do so until suffering a costly breach.

As a managed services provider working with a large variety of different verticals, we understand the prescribed compliance requirements for the sectors that have baselines in place.  For all of the others, we have our own set of suggested baselines to fill the gaps. In the long term, we are looking forward to seeing compliance standards applied across all industries.  We can lead by example, but this simply is not enough."

Jorge Rojas, Partner, Tektonic Inc.:

"The whole concept of data compliance revolves around securing sensitive data, which will include company data and also your customer data. With the increase in cyber threats more than ever this is something you should be concerned about. If breached, you can lose your reputation, your business, put your customers in danger."

Michael Pickreign, President & CEO, tech42 LLC:

"Data compliance is the idea that different types of data need to be handled with different levels of confidentiality and longevity. With this idea comes that mandate that we answer the following questions within our organizations. Who can access the data?  What can they do with the data? How can the data be transferred both internally and externally? Finally, how long should we keep the data before destroying it?  In most organizations, this exists primarily as a set of written standards and procedures that are first communicated with the staff and secondarily monitored for compliance."

Nick Martin, Director of Managed Services, Mainstreet IT Solutions:

"Data compliance is the process of following specific rules and guidelines set by a governing authority. It is important because it shows that you are handling data in a manner that is compliant with specific industry standards. Industry standards and regulations are a sign of trust within the industry to put the best effort possible into protecting data a certain way. Without a governing authority creating data compliance, companies could choose to be careless with their data, which would jeopardize their security. For example, health organizations must comply with HIPAA (Health Insurance Portability and Accountability Act). This act signed by Congress in 1996 ensures that health organizations protect confidential information that pertains to the individuals in their care."

Robert Giannini, Chief Security Officer and CEO, GiaSpace:

"Data compliance is a critical part of any organization, but it's especially important for organizations that handle sensitive data. By ensuring that your data is compliant with all relevant regulations, you can minimize your risk of fines and other penalties. Data compliance can help you protect your customers' information, as well as your own.

Data compliance is essential for businesses of all sizes. Whether you're a small business or a Fortune 500 company, you need to make sure that your data is compliant with the latest regulations. Compliance can be complex and time-consuming, but it's worth the effort to protect your business and your customers."

© 2023 Lawyer Herald All rights reserved. Do not reproduce without permission.
* This is a contributed article and this content does not necessarily represent the views of lawyerherald.com