Over the last year, we’ve seen the challenges of the COVID-19 pandemic continue to re-shape our society. The increase in remote work, remote study, and remote shopping has rapidly accelerated the digitization of many aspects of our lives, bringing to the forefront concerns around privacy and the security of our personal data. With this backdrop, law-makers around the world have accelerated their efforts to regulate the use of personal information.

 

That trend is set to continue and accelerate still further in 2022. Many new laws are in various stages of adoption around the world, covering not only privacy and personal data protection, but also non-personal data governance, cross-border data transfers, AI ethics and algorithmic transparency.

 

Keeping up with this constantly evolving regulatory landscape is table stakes for companies operating in the global economy. Here at IBM, we advocate for policymakers to focus on constancy and compatibility when crafting new regulations because we believe that compatibility facilitates a consistent approach to handling personal information and high-risk AI applications, and enables the free and secure flow of data across different regions around the world in support of global digital economies. This, in turn, helps to ensure a high level of privacy protection for consumers globally. Challenges remain, however, such as the possibility of geographically divergent regulatory approaches to AI. Addressing this and other challenges calls for a new approach designed to not only speed up, but also help ease the burden of remaining compliant and maintaining consumer trust in your organization. We refer to this approach as “continuous compliance.”

 

A continuous compliance framework

 

The European Union’s General Data Protection Regulation (GDPR) drove the regulatory landscape to evolve from reactive compliance into a more proactive stance, requiring companies to scale those regulatory requirements across their global operations. Later regulations, such as Brazil’s LGPD, California’s CCPA and China’s PIPL also required considerable compliance efforts from companies. As comprehensive regulations increase in number and complexity, and the amount of data and data usage grows exponentially, organizations will discover that even a proactive approach may no longer be sufficient on its own.

 

However, new technologies like data fabrics are allowing organizations to connect and access siloed data across distributed environments without ever having to copy or move it, all with governance and privacy embedded. These new technologies and processes will also lay the foundation for “auto-privacy” that will minimize the needed work effort while increasing the quality and eventually becoming a process of continuous compliance.

 

And that’s needed – now more than ever. Just look at the speed at which new regulations are announced and implemented. China’s PIPL, for example, was announced in August and effective in November. That’s a far cry from the 2 year period companies were given to implement the GDPR. There is no time to waste.

 

The coming year

 

As 2022 progresses and new regulations emerge, we will see some commonality of requirements but there will also be divergences that will make compliance more challenging. And it’s not just data privacy… regulations in cybersecurity, governance of non-personal data, and the emerging area of AI ethics and algorithmic accountability all underpin the need for a new, agile framework.

 

IBM believes consumers deserve strong privacy protections, consistent across jurisdictions, and that it is in businesses’ best interest to build trust by providing those protections. In order to help future-proof those privacy protections, the complexity around the growing amount of data and these new regulations can be more easily managed by implementing a framework of continuous compliance. Continuous compliance will help free up much of the manual labor involved in addressing these new or changing regulations, as well decrease the time to resolution.

 

Join me to hear more about continuous compliance in this IAPP Web Conference, also featuring other IBM leaders from our Chief Privacy Office, Chief Data Office and IBM Promontory.

 

Christina Montgomery, Chief Privacy Officer, IBM

Share this post: