Equifax could have better protected itself if it had a committee in place for data monitoring. Source: Twitter/Equifax
Data protection is a collective responsibility
IS data protection the responsibility of a company’s legal professional or is it the domain of operations professionals? To be honest, neither are responsible for the task.
Since data protection involves the law as much as it does operational compliance, organizations must form a committee that champions the cause and monitors progress.
This is simply because it is highly unlikely for someone to be an expert in both the legality of data as well as the operational needs of the organizations.
If such a committee was part of Equifax, for example, the fate of the company would have been very different and it wouldn’t suffer the consequences it did as a result of the data breach in September 2017.
Without compromising either side of things, there should be experts across disciplines and areas of the business in the committee.
Data protection is a collective responsibility. After all, data is at every nook and corner of today’s business.
The exponential growth of data is directly proportional to the proliferated use of technology in business.
In other words, all business arms need to be equipped with the know-how of data protection to be relevant in today’s world.
Conversely, the legal team needs to be aware of the overall workflow to ensure that there are no unforeseen circumstances.
The committee will need to be multidisciplinary to take care of all dimensions of a business.
The varying background will provide not only insights of different uses into data within the company, but also weed out conflicting processes.
What does it take to be in the data protection committee?
Although data protection is very much about legal implications, the committee isn’t going to be discussing that at all times.
Instead, the group will focus on making sure the data that the company possesses is secure and free from misuse.
Therefore, attributes that executives need in order to be a part of the multidisciplinary committee are: accountability and responsibility.
When businesses get right down to it, the regulation is about accountable and responsible use of data.
As a result, businesses with a strong data protection committee thrive as they build deeper trust with their customers and partners.
In the end, having a committee with different backgrounds does not eliminate the company from data breaches.
However, it gives stakeholders confidence that the company will do whatever it takes to protect shared data and confidential details.
In the digital sphere, this may just be the competitive edge a business needs.
READ MORE
- Strategies for Democratizing GenAI
- The criticality of endpoint management in cybersecurity and operations
- Ethical AI: The renewed importance of safeguarding data and customer privacy in Generative AI applications
- How Japan balances AI-driven opportunities with cybersecurity needs
- Deploying SASE: Benchmarking your approach