5 Best Practices for IoT Privacy Compliance
The Strategic Value of Risk Taking
In a recent report, the Federal Trade Commission (FTC) cited “enabling unauthorized access and misuse of personal information” as the main area of concern regarding the internet of things (IoT). Consumers need to be able to trust internet-enabled devices with their personal information. If companies do not include privacy compliance as a component of risk management they risk financial penalties, legal actions and loss of their IoT investments with consumers who refuse to purchase their products out of fear of data breaches and lack of trust. At this time, in the US, there is not an absolute set of rules when it comes to data privacy and security regulation. The FTC is working to strengthen its positions on IoT compliance. In the meantime, several safeguards can be taken to protect against IoT risks, including: • Establish who is responsible for privacy compliance • Determine how consumer data is collected, stored, who has access to it and what it is being used for • “Privacy by design” should be included by ensuring that promises that companies make to consumers regarding management of their data is disclosed to consumers in a clear and concise language • Create policies and action plans to respond to any security breaches that might arise • Train employees on the importance of compliance and the requirements to build privacy and security. Gotshall, Justine Young. “5 Best Practices for IoT Privacy Compliance.” Risk Management, Risk Management, 1 Sept. 2017
13
A recent Deloitte survey finds an abundance of confidence among C-level executives regarding their organization’s risk-related capabilities and actions. But a closer look shows several disconnects when it comes to risk management, the company’s practice conflicts with their philosophy. Eighty-seven percent of the executives believe risk management should drive value creation, but only 18% actively use risk to drive returns. More attention needs to be paid to the role of the CRO. Only 63% of the respondents say they have a CRO, a figure that should be closer to 100%. Many times the CRO role is performed by another executive, and in 88% of such cases, this is the CFO—an already full-time position. Several things need to happen for the CRO’s role to grow, including: • Executives must acknowledge that CROs do not assume risk. CROs help define and execute strategic objectives and provide a basis for executive decision-making • Evaluate, and where appropriate, implement new risk management methodologies • Provide input on business strategy development with respect to risk and periodically reassess the plan • 58% of executive believe that CROs should spend more time setting the strategic direction of the company. To ensure success, companies must utilize risk to drive returns and employ a full-time CRO who can be a strategist. Balaji, Sam. “The Strategic Value of Risk Taking.” Risk Management, Risk Management, 25 Sept. 2017
PAMIC 360