By Theodore L. Banks, Partner, Scharf Banks Marmor LLC;
Martin Goulet, Senior Sales Engineer – GRC, ELM Solutions;
Gene Stavrou, Associate Director Business Integrity, Mondelez International;
Nancy Jessen, Senior Vice President, Legal Business Solutions, UnitedLex
Although getting up early on Sunday in Las Vegas seems a bit strange, if you are coming to the CEI we have a great reason for you to rise and shine on October 15.
At 9:00 AM, you are invited to attend “Navigating IT Compliance: How Can Business and Legal Teams Collaborate to Achieve Joint Objectives?” This session will discuss the legal and compliance implications of those IT stories that are all over the media. Do you know the implications of big data, artificial intelligence and the Internet of Things? Are you protected from email hacking? What happens if you are the victim of a demand for bitcoin ransom to free your hostage computer?
Need we go on? All of these subjects should be covered in the compliance risk assessment. In some cases, a granular program may be required as your company size increases. But it would be a mistake to say “We’re only a small company. Nobody is interested in what we do.” Not true. The hackers, whether state-sponsored or just, criminal are trolling for whatever they can get. For example, the reference to “big data” may lead some people to think that this concern is only for companies that have massive databases. But the reality is that businesses of all sizes depend on data and without adequate protections and back-ups for your data repository, whatever its size, you may be exposed to serious legal compliance risks as well as business risks.
The compliance departments that do the best jobs are those that are involved in every step of the business development process. If the company, for example, is planning new products that will be connected to the Internet (“Internet of Things”), the compliance and IT departments should be communicating at the outset to address the legal risks attendant to this area. How secure are the devices from outside intruders? Is there anything built into the system to prevent hackers from taking over control of the embedded computers? What kind of risks will be created if the connection to the Internet is lost? Will the product just stop functioning or could people be hurt? The compliance/legal staff needs to be involved up-front so these kinds of questions can be asked. Businesspeople are focused on the business opportunities and the IT staff may be focused on the cool technology. The goal of the compliance staff is to prevent the disaster from occurring – not to clean up the mess afterwards.
If you hire outside consultants, lawyers, accountants, etc., do you know how secure their systems are? If any of your sensitive data is in their hands, is it protected? Do they have an open connection to your corporate systems that could serve as a penetration route to obtain corporate data?
If any of these subjects interest – or concern – you, please join us on October 15 for this important discussion of what you can do – and should be doing — to address some exciting IT opportunities as well as minimize the very scary risks.
[clickToTweet tweet=”Compliance & Data Risks” quote=”Compliance & Data Risks” theme=”style3″]