Robert Meyers is the Channel Solutions Architect for One Identity, a software company that helps organizations establish an identity-centric security strategy. Tom Fox welcomes him to this week’s show to talk about compliance, data privacy, and employee data issues.
The Role of One Identity
“Most companies forget about employees, and this gets impacted by GDPR,” Robert says. His role at One Identity allows him to explain to companies where they can fit identity protections for employees. He also helps companies with their logging systems to prevent them from sending out sensitive information into their log store. Robert adds that he also works as a consultant for partners and helps with privileged access management.
Data Has a Life Cycle
“Data itself should have a life cycle,” Robert emphasizes. The concept of never deleting anything and keeping copies of everything is a bad idea. Data discipline and data management governance expects that you remove data at an appropriate time. Robert iterates that data privacy and data protection have to be integrated with operations because if it isn’t, it won’t be dealt with at all. In response to Tom’s question on who owns Compliance, Robert says that it has to be the Chief Operating Officer.
What’s Next
Tom asks Robert what businesses should expect to happen around data privacy between now and 2023. Robert says that there will be more risk assessment. Most breaches conducted within organizations are internal. He advocates for greater enforcement of laws and regulations as well as more legislation.
Resources
OneIdentity.com
Robert Meyers | Twitter, LinkedIn
Tag: Data
The DOJ and SEC have both made it clear that they expect companies to be more robust in their use of data analytics in compliance programs. This means using data to not only detect and prevent illegal conduct but also in the remediation prong of any best practices compliance program as well through continuous improvement. In 2019, former Deputy Assistant Attorney General Matthew Miner said in a speech that the DOJ will inquire whether compliance departments have access to internal data that could help them identify misconduct and whether compliance officers make adequate use of data analytics in their reviews of companies under investigation. Since at least 2016 in the FCPA enforcement action involving Key Energy Services, Inc., the SEC has been communicating to compliance professionals of the need for increased use of data and data analytics in any compliance program.
The bottom line is that it is not if but when you begin to incorporate corporate information into your compliance program to make your compliance program more efficient and your business process run more effectively. My suggestion is that you begin now to identify the data you have access to and the data to which you currently do not have access. Find a way to bridge that gap.
Three key takeaways:
- DOJ pronouncements mandate CCO availability to and use of data.
- Data can be an actionable solution across geographic and business lines.
- Use data as a business strategy.
For more information, check out The Compliance Handbook, 4th edition, here.
The Department Of Justice and Securities and Exchange Commission have both made it clear that they expect companies to be more robust in their use of data analytics in compliance programs. This means using data to not only detect and prevent illegal conduct but also in the remediation prong of any best practices compliance program as well through continuous improvement. Former Deputy Assistant Attorney General Matthew Miner said in a speech that the DOJ will inquire whether compliance departments have access to internal data that could help them identify misconduct and whether compliance officers make adequate use of data analytics in their reviews of companies under investigation. Since at least 2016 in the Foreign Corrupt Practices Act (FCPA) enforcement action involving Key Energy Services, Inc., the SEC has been communicating to compliance professionals of the need for increased use of data and data analytics in any compliance program.
The new DOJ Antitrust Division released its Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (Antitrust Guidance), was the clearest regarding this mandate when it stated, “Does the company use any type of screen, communications monitoring tool, or statistical testing designed to identify potential antitrust violations?” For the anti-corruption compliance professional, this means you need to incorporate a statistical analysis into your ongoing monitoring to see if there are any anomalies which could be indications of FCPA violations.
The bottom line is that it is not if but when you begin to incorporate corporate information into your compliance program to make your compliance program more efficient and your business process run more effectively. My suggestion is that you begin now to identify the data you have access to and the data to which you currently do not have access. Find a way to bridge that gap.
Three key takeaways:
- What advantages can data bring to your compliance regime?
- Both the DOJ and SEC have said companies need to be using data in their compliance programs.
- Data will make your compliance program more effective, your business process more efficient and your company more profitable.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit this month’s sponsor Affiliated Monitors at www.affiliatedmonitors.com.
Christian Perez Font is the founder of Thinkeen Legal, a law firm that uniquely incorporates data analytics, compliance and law. He began his career as a corporate attorney and in 2008 joined Baxter International, a multinational healthcare company, as in-house counsel. When he joined Baxter, his work was 10% compliance-related and 90% business-related, but by the time he left 5 years later, he was doing 65% compliance work. The key to becoming a better compliance professional, he proposes, is to become a better business person. He and host Tom Fox discuss the importance of data in compliance and in business.
Listen to the Episode:
Data as Fuel
When people think about Data Analytics they imagine some form of AI that’s going to automatically pinpoint problems. Christian says that the truth is that Data Analytics has to be at the core of compliance: data is the fuel that powers the compliance engine. It’s the data that will tell you how you should be communicating compliance policies and doing training so that you can achieve your business goals. Most of the data that is used for compliance purposes is already there from the business side; you just need to understand how to aggregate it, how to look for it and how to plug it in. You have to understand your industry and your company goals before you start collecting that data.
How Thinkeen Uses Data
Tom asks how Thinkeen Legal uses its data proficiency in mergers and acquisitions, transactional work and compliance. Christian shares how his company used its data expertise to advise clients in cross border transactions. Because we know where the touchpoints are, he says, we’re able to incorporate them into the due diligence process and ask the right questions and get the right information. They can identify areas of risk which helps their clients decide whether to proceed with an acquisition. Christian finds that general counsels are becoming savvier about compliance and they appreciate that his firm gives them advice and support.
The Future of Data and Compliance
The intersection of law, data and compliance will continue to evolve, Christian predicts. He is happy that the importance of Data Analytics is being acknowledged. If you don’t have the right data, you won’t get the right information, without which you can’t make the best business decisions. In addition, a big part of what we do with data is benchmarking, Christian says. The more information that we can share in the industry, the better.
Resources
ThinkeenLegal.com
Thinkeen Legal on Twitter | Instagram
Christian Perez Font on LinkedIn