IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image

Managing data effectively in the face of changing regulatory compliance

Fri, 24th May 2024

Undeniably, sectors such as financial services, telecommunications, and healthcare have been at the forefront of news coverage over the past year, and not always for the right reasons. In fact, the task of managing operational risk within these sectors has become increasingly complex due to a multitude of factors, including the rapid pace of digital transformation, a surge in cyber threats, a massive increase in data volumes, and the implementation of Generative AI.

As businesses expand their operations, adopt new technologies, and navigate shifting regulatory environments, they are exposed to a wider array of operational risks. Up until now, many companies have treated compliance, especially regulatory compliance as a checkbox exercise, not necessarily increasing the foundational framework of their security.

According to the Australian Information Commissioner (OAIC), the finance services sector was one of the top reporters of data breaches in 2023, representing 10% of all data breach notifications. Not only that, IBM's Cost of a Data Breach Report also found that the average cost of a single data breach within Australia was US$2.7 million. Not to mention the incalculable cost in terms of eroding the organisation's reputation and goodwill with their customers. It's therefore not surprising that industry regulators are taking steps to reduce risk exposure.

The impact of changing consumer demands on data management

These regulatory changes also coincide with increasing consumer demands and expectations. From a consumer perspective, there is much greater awareness and demand around both mobility of service and security of data. Recent high-profile data breaches have also made security more top of mind than ever before. 

One such breach was with a major telco in Australia at the end of 2022. The breach impacted ten million people, a third of the population, with information stolen by the hackers including names, birthdates, home addresses, phone numbers, email contacts, and passport and driver's licence numbers. The breach even led to the company agreeing to pay for replacements of compromised passports.
Rising consumer data literacy, and their resulting perception of data management, are becoming a key point of difference in consumers' minds when choosing who to trust with their financial assets.  At a minimum, consumers expect that their data is private and secure – a basic expectation that unfortunately is not always upheld.
Understanding what best practice looks like in a changing regulatory landscape

We are often asked to advise on what best practice looks like as organisations start taking the steps required to future-proof their risk and compliance strategies.  While each organisation has its own set of challenges to factor in, there are three key areas of common ground to consider.

  • Cohesiveness between compliance and risk vs security - the security team will set mandates around the organisation's risk appetite and put prevention, detection and response policies in place; but the ones who actually implement the policies are the IT team – a separate team altogether – so, there is this division of responsibility and collaboration between groups is essential.
  • Data sovereignty considerations - from a security perspective this means considering where does your data live? Is it running in the service provider's environment, or is it running in yours? How much control do you have over the data? Can you lock the service provider out of it if needed?
  • Avoid vendor lock-in – operational risks aren't just breaches of data because of financial crime; they can also be risks related to escalating costs associated with technology disruptions where critical data becomes inaccessible.

Choosing the right technology partners improves operational resilience
There is much to consider when thinking about who to trust with your data. Strong data management can spell the difference between success and failure. As highlighted in a recent Forrester report, choosing the right managed services partner can help organisations save significantly on reducing risk events.  Furthermore, having the ability to scale up existing in-house skillsets is also a key consideration as talent pools remain stretched.
It is important to look for partners that offer flexibility in terms of data storage but also understand and adhere to operational compliance in line with industry regulations.

We are working with Revenir, a London-based fintech that automates tax recovery through partnerships with banks, governments and digital receipt companies. As a company in the financial sector, it was crucial that CTO, Brian Wagner, was able to balance data management with cybersecurity and remaining compliant with national and international regulations. With our open-source data platform, we were able to help Revenir balance these needs while also giving them access to a collaborative community that was continually seeking and developing innovative solutions to these challenges.

An open source, multi-cloud data platform also contends with other challenges of our modern, data-heavy world with smart solutions that directly alleviate pain points. This includes cross cloud deployments - mentioned above, cross-cluster migration and replication, and the ability to leverage open source.


In summary, when selecting your technology partner, ensure that they can:

  • Provide automatic updates to ensure your software remains up-to-date
  • Offer non-vendor specific technologies so you can use what makes the most sense to your organisation
  • Ensure data management is simplified, adheres to sovereignty laws, and is secure
  • Provide around-the-clock support that isn't region-specific
  • Reduce downtime through integration of services
  • Deliver flexibility of data storage to maintain compliance

 The devil is in the details. Closing the gap to achieving compliance

Taking the required steps to address any gaps in your current data management strategies to ensure compliance doesn't have to be daunting or create more pressure for over stretched employees.

Outsourcing is definitely part of the solution, but remember you need to be ruthless in terms of prioritisation. There needs to be a clear roadmap, so you know where their gaps are and then drive to close those gaps. This is especially challenging for smaller organisations that may not have the security teams or the knowledge in house. However, it's ultimately up to each organisation to manage their security and compliance risks. Even when outsourcing, you need to ensure that the service provider is doing their job properly. Outsourcing can help, but it's not the complete solution.

Companies need to remain vigilant and proactive in managing their security.  Now is the time to take action while also ensuring you have the right technology partner, who understands your compliance needs, for the journey ahead.  
 

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X