What’s trending in Governance, Risk and Compliance

nGlobal developments are ramping up the need for GRC professionals.n n

nData privacy is the digital trend that will define this decade. Governance,nrisk and compliance (GRC) officers are finding themselves pushed to thenfront lines of politics, the economy, digitization, the blockchain, andnpersonal and civil rights. GRC issues today are expanding beyond domesticnborders. The cyber professionals who can walk the talk in the internationalnsecurity dialogue will come out ahead.n

n

nHere are three of the top trends in GRC.n

n

nThe era of data privacy regulationsn

n

nThe 1990s were all about exploring the capabilities of the internet, and then2000s were about harnessing it to gather data. Now, we’re all about pullingnback and trying to protect what we’ve created. It’s the inevitable arc of annextravagant beginning, and it’s here. That’s why those who know the ropes ofnthis newly regulated, highly debated and often geographically fickle domainnwill be in incredibly high demand going forward.n

n

nIroning out a ‘crazy quilt’ of policiesn

n

nIt’s predicted that by the end of next year,nnthree-quartersnnof the world’s population will be covered by data privacy laws. But as thesenlaws come into their own, they’ll face the inevitable growing pains thatncome with doing things for the first time.n

n

nProtecting bytes of digital data containing sensitive information aboutnbillions of people around the world is without precedent. Consequently, thenrush of state and local governments, international agencies andnorganizations to establish appropriate data guidelines now threatens tonoverlap and confuse, creating a “crazy quilt” of patchworked policies alongnthe way.n

n

nIn 2022, two more U.S. states enacted privacy laws, bringing the total up tonfive. Utah and Connecticut, in addition to California, Colorado andnVirginia, have state-led cybersecurity policies in place. What’s more,nroughly 30 other states had a privacy bill cross their desks last year — andnmore than 20 passed them. However, many of the finer points of statenregulations could be superseded if the U.S. decides to pass a federalnnpreemptivennprivacy law,nnThe American Data Privacy and Protection Act (ADPPA)nn. Meanwhile, as that waits on the horizon, states are continuing to movenforward with state-led legislation.n

n

nGlobally, international lawmakers are grappling with general data protectionnregulation (GDPR) as they iron out the kinks. Since its emergence in 2018,nmore thannn100 countriesnnhave established data protection or privacy laws, and the legislationncontinues to grow. Notably, thennEU-US Data Privacy Frameworknnsigned last October is expected to take effect this year, and it willnpresent a GDPR-compliant framework for transatlantic data transfers andnstorage.n

n

nRegulating AIn

n

nAnother compliance trend we’ll see a lot more of soon is the regulation ofnartificial intelligence (AI). AI grew at an exponential rate last year, bothnin the cybersecurity and cybercrime communities, to say nothing of its reachninto industries from medical to marketing.n

n

nThe US ADPPA bill, in particular, seeks to significantly increasennoversightnnof the ways organizations leverage AI. Section 207: Civil Rights andnAlgorithms states that covered entities “may not collect, process orntransfer covered data in a manner that discriminates in or otherwise makesnunavailable the equal enjoyment of goods or services on the basis of race,ncolor, national origin, sex or disability.” The law, if passed, would alsonrequire companies to get FDA approval on certain AI tools beforenimplementing them. It’s a strong start, and we can expect to see more of thensame as both the AI and privacy sectors continue to evolve and intersect.n

n

nGRC means staying competitiven

n

nIt’s clear that in the coming months, cybersecurity’s big issues will bendiscussed and decided on an increasingly larger stage. The world will benwatching as nations, states, federations and corporations determine thenrules of data privacy. Professionals who are able to discuss and contributento those conversations are the ones with GRC knowledge.n

n

nData privacy and compliance is gaining visibility as crucial to informationnsecurity. The 2020s will be defined by how we handle access to the datanwe’ve spent the last 15 years accumulating. Financial firms, retailers,ngovernment agencies, critical infrastructure, technology, healthcare andnevery other industry will need to adjust to the GRC requirements coming downnthe pike. Those that do will stay competitive; those that don’t will benforced to wait on the sidelines until they are able to operate above-boardnon data privacy laws. As is the case with the recentnncyber-centered Executive Ordernn, those who don’t will miss out on government contracts and opportunitiesnwith major supply chains and corporations.n

n

nGRC compliance is becoming not only an asset for organizations but anliability for those that fall short. The day is coming when every operationnwill need to reassess how they handle payments, store customer information,nhandle in-app data, advertise, email and run the inner workings of theirnsecurity infrastructure. Strategizing against current GRC protocols will bena necessity — and the same will be true of thennGRC professionalsnnwho can guide organizations on that journey.n

n

nLearn more about governance, risk and compliance professional certificationnin ThenUltimate Guide to the CGRC.

]]>