Two things were bound to happen when someone mentions regulatory compliance within the tech industry. The first several acronyms will bombard the conversation, those include GDPR, HIPAA HITECH, GLBA, CCPA, and PCI DSS to name the bigger players in the regulatory compliance legal realm. The second is someone within the discussion will scoff and question the importance of dedicating the time and effort towards ensuring compliance.
The naysayer mentioned above may at first to be making a lot of sense. Companies have bigger concerns to manage in the day to day running of the business, dedicating time, and resources to compliance seem counter-productive. Listening to the naysayer may have had some appeal that was until those making the laws and subsequent regularity bodies showed they had a big stick and the power to use it.
Towards the end of the second quarter of 2019, the UK’s Information Commissioner announced that it had fined British Airways and its parent company International Airlines Group 230 million USD. The fine, a truly staggering amount, was empowered by the EU’s data privacy law, GDPR, and was handed out in connection with a data breach which impacted the airliner and 500,000 customers who had their personal data, as well as credit information, was stolen from a company they entrusted them to.
The naysayer’s argument seems to lose much of its bravado in the face of a regulatory body’s rather large fine stick. When arguing for bringing in a compliance partner to help create a SharePoint compliance solution the fines scenario is certainly one to get even the more stubborn board members on board. Doing something so as not to be fined can leave a bad taste in a lot of people’s mouths. There is another reason to ensure compliance that is less dependent on what lawmakers dictate but aligns with many businesses’ core ideals, that being trust.
Trust as a Compliance Driver
The various laws, regulations, and subsequent amendments, modifications, and penalties attached to the laws need to be considered. The list of requirements is long and mired in the legal text which is boring to read at the best of times. Fortunately, third parties do exist to help provide tailored compliance solutions and strategies, especially when dealing with cloud-based technologies designed to improve workflow like SharePoint.
The added cost of this is sure to make some grumble as with the entire compliance scenario. Trust was mentioned above as an important consideration for the need for compliance. It may well be the most important consideration. Much of the business world is built on trust which is hard-earned between clients, partners, and the business itself who bears the burden of maintaining the trust built. A data breach like the one which impacted British Airways will destroy that trust. Looking at compliance then as a guide, albeit legally required, of best practices to help maintain that trust in a digital age where hackers are scrounging for any and all information they can gather.
Adopting trust, as well as maintaining it, as the primary reason to insure SharePoint compliance may seem to some as looking hard for a silver lining. However, it may be a silver lining that companies which suffered major data breaches wish they could see.