by 21 Jan 2016
Recent Regulations that CIOs should know about
share on

Recent Regulations that CIOs should know about

Are you breaking the law?

This is a question that gives leadership at any company shivers. Unlike in the pre-Internet era, companies now not only have to comply with laws of their home jurisdictions but also have to take into account jurisdictions where their users reside.

And in the age of cloud where there are no national boundaries this presents several complications.

In this post we will take a look at three regulations around user data which can impact how you do business.

1) The US Cyber Security Information Act-

CISA became a law late last month, and it has turned out to be controversial.

On the face of it, CISA makes sense. It gives a platform for companies to share intelligence about threats with Federal agencies like FBI and NSA so that a better threat response can be formulated.

But the devil is in the details.

The companies who share data with federal agencies like FBI and NSA will be provided immunity from liability for violating user privacy and sharing private information like financial and health records. This law has been criticized by its opponents like Electronic Frontier Foundation and companies like Facebook and Google for enabling surveillance.

The law also makes it possible for US courts to pursue foreign nationals even if the crime was committed outside US territorial jurisdiction. As the Guardian says

But the amended law would make it a crime punishable by US prison time not merely to clone the credit card or steal the Netflix password of an American citizen, but to take unauthorized information from any American company, no matter where it happens.

In other words, if a French national hacks a Spanish national’s MasterCard, she could be subject to 10 years in US prison under laws changed by the bill.

If you are a CIO you now have access to a mechanism for sharing data over threat intelligence. But in the event of strong pushback from privacy groups and tech companies you might risk losing business as privacy conscious clients and users might take their business elsewhere.

2) The EU General Data Protection Regulation

On the flip side the EU has passed the most stringent data privacy regulation ever. Called the General Data Protection Regulation it is applicable to any entity which offers goods or services to residents in the EU (this means that if you offer payment options in Euros or have a website in an European language, or ship to European countries you are liable).

Some of the provisions are:

The EU gives a window of 2 years for companies to comply with the regulation, and specifies hefty fines for non-compliance (2% of annual worldwide sales or 1 million Euros, whichever is higher).

This regulation will have a major impact on businesses that operate in the EU.

According to an Ovum report on data privacy laws:

With the trend in EU data laws showing an increasingly stringent trend companies will have to get started with compliance if they want to meet the window.

3) FTC guidelines on Big Data and predictive analytics

Big data and associated technologies like predictive analytics let companies know their customers and users more intimately than ever before.

  1. This might result in discrimination and economic disparity. Some companies might target vulnerable populations with higher prices and pursue unethical behavior: Gartner says that improper use of Big Data will cause 50% of business ethics violations by 2018.

In a recent report titled Big Data: A tool for Inclusion or Exclusion the FTC warns companies against:

There is therefore a need for companies to not go overboard with Big Data analytics, and make sure that they are not violating relevant laws.

The impact of upcoming regulations

The regulatory landscape is confusing and fluid, with complications multiplying in the event that you do business internationally. Being forewarned is being forearmed, and the sooner companies start putting internal processes to comply with these regulations the lower will be risk of non-compliance.

Recent Posts

get in touch

We're here to help!

Terms of use
Privacy Policy
Site Map
2015 IT Exchange, Inc