Even Industries That Aren’t Digital-First Face Privacy Challenges. Here’s What Legacy Companies Need to Know About Data Protection

Privacy laws continue to emerge and evolve in the U.S. Still, less than half of organizations have implemented the foundational steps needed to establish and uphold compliance. Certain industries, especially those that are not typically data centric, are struggling more than others to operationalize data protection requirements and ensure adequate privacy controls for employees, partners and/or customers. 

As one industry example, consider manufacturing, which has existed much longer than our current digital era or the advent of data privacy protections. Organizations in this industry have historically centered around product design, engineering and production, with administrative functions such as compliance often taking a secondary priority. However, organizations in this industry (and others that are not typically data-centric, such as agriculture, construction and education) are increasingly interacting with personal data, either of their employees or their customers, introducing new data privacy compliance risks that need to be addressed. 

At the same time, companies with a long legacy of operating without a data-related compliance function, often use data repositories that do not have good hygiene practices factored into system functionality or do not have established defensible data disposal capabilities. These repositories may have data stored in multiple countries and formats on inflexible, legacy platforms from which it is difficult to query, export or analyze data. Moreover, an IBM report from this year found that manufacturing companies are more vulnerable to data breach than organizations in any other industry. 

Though it can be challenging, companies that are not “digital natives” must recognize the importance of establishing a flexible and robust data protection program. This starts with reviewing the plethora of U.S. privacy regulations in place to understand current obligations and understanding the applicable laws on the horizon so they can be prepared for as they come into effect. 

Addressing compliance is challenging but mandatory

Despite growing awareness of data privacy risks, many companies in legacy industries remain resistant to meaningful change. Lagging investment in the people, tools and operational changes necessary to minimize risk is common. This hesitance can be especially pronounced when an organization has not yet been the target of regulatory enforcement.

That “yet” is important, because privacy enforcement is continuing to rise and the risk of data breaches is increasing in most industries. Organizations that are underprepared, with understaffed departments or provisional and manual processes, are also likely to face exaggerated scrutiny when regulators come calling. 

Ultimately, leadership at companies that are not inherently data-driven must recognize their unique data privacy imperative. With the right tone from the top, organizations can reevaluate risk management and compliance frameworks to ensure data privacy considerations are included. This is where experts can make a difference. Information governance and data privacy experts can guide the development of programs and supporting components beyond minimum standard to establish a repeatable, sustainable state. Again, buy in from executive leadership is critical as any new or expanded risk framework is rolled out, to ensure employees understand the importance of compliance and that everyone plays a role in it compliance. 

Today’s legal and regulatory environment demands that data protection not be ignored or deprioritized. Moreover, as technological disruption propels forward at a rapid pace, data privacy compliance will be an increasingly critical component of every company’s risk management framework. By investing in program development, appropriate staffing, training and recommended frameworks, organizations (even those that are not digital-first) will be positioned for more effective digital transformation and to leverage data privacy as a value enabler.

Related topics:

The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.