Industry 4.0 is bringing about engaged regulator agencies seen in the expanded use of technology by regulator agencies and the changing laws. Examples of this expanded use of technology include nudges prompting people to pay their taxes timely and crowd sourcing for transportation improvement ideas.
In addition to the use of technology, there is an uptick in the laws related to technology, more specifically the Internet of Things (IoT). Laws are being redefined and restructured for relevance surrounding IoT. The global activity is seen in laws such as the EU’s General Data Protection Regulation (GDPR); Brazil’s privacy law, Lei Geral de Proteção de Dados (LGPD); and closer to home, state laws such as the California Consumer Privacy Act (CCPA).
Understanding probable outcomes related to privacy in 2019 helps direct company strategy. Incorporate each prediction in the article, “Data Privacy Day: seven privacy predictions for 2019” written by Jay Cline, Principal at PwC, as applicable, to guide a privacy strategy through 2019 and further.
Prediction 1: State’s such as New York, Washington and Hawaii have pending legislation. The author predicts the increased activity at the state level could be “the spear ….. that prod(s) Congress to work more urgently on national data privacy legislation.” In the last sentence of the paragraph, the author writes, “companies should take action on ‘no regrets’ privacy capabilities such as the right of data access and deletion for American consumers, rather than taking a ‘wait and see’ approach.”
Prediction 2: The law’s exemptions and ambiguities, in combination with, the inherent difficulty in understanding the complete framework of individual’s data across many systems in numerous storage scenarios, i.e. local and cloud, will prove too difficult to overcome by the compliance deadline of January 1, 2020. The author’s final thought on this prediction is, “The silver lining: companies that make a concerted effort to boost their CCPA readiness have a major opportunity to stand out from the pack.”
Prediction 3: A record uptick in complaints and breaches led to [EU] twenty-eight-member states concluding months long investigations. This resulted in high-profile lawsuits paving the way for private right of action; which is when a law creates rights, even though not explicitly stated in the law, known as implied rights. The wrap up to this prediction is increased enforcement occurring in the European privacy enforcement regulator agencies.
Prediction 4: Drops in venture capital funding and declines seen in advertising market share, are two examples of negative economic consequences that resulted from GDPR. Mr. Cline states companies need a strategy to incorporate GDPR into expansion and acquisition plans in European countries.
Prediction 5: Brazil’s new privacy law going into effect February 2020 is vastly more robust than countries such as Canada and India. Wrapping up this paragraph, the author again focuses on the strategy of resources needed, like staff and budgets.
Prediction 6: A mad rush into Industry 4.0 with investments in artificial intelligence (AI), robotic process automation (RPS), and IoT will test privacy. Mistrust of these technologies will raise the expectation for getting it right the first time. The author’s final thought on this prediction is “Companies that develop responsible AI will gain first-mover advantages overcoming these obstacles and winning stakeholder trust.”
Prediction 7: Chief data officers will emerge to address data risks and opportunities. This is a new an undefined field. The visionaries will forge a comprehensive data strategy. Additionally, Mr. Cline’s last sentence is highlighting the necessity of privacy experts being a “technology maven”.
The article wraps up with this: “Who will be the winners if these predictions materialize? The first companies to embed automated privacy into their digital transformations -- and the customers and consumers they serve.” Find the article here.
As evidenced in the aforementioned article, privacy compliance in Industry 4.0 isn’t just about reporting to regulatory agencies. It is also about redefining compliance as a proactive tool not as a retroactive requirement. Privacy should be embedded within the framework of the strategy, overseen by a Chief data officer, and automated through digital transformation.
Compliance is more than checking the boxes and filing reports timely. It’s the willingness and desire to act morally without a specific rule. There are two no regret strategies of compliance to expand upon in this scenario: moral and proactive.
Moral compliance is about doing the right thing even without a specific rule. Proactive compliance is acting morally without specific rule and all the while anticipating a rule to be forth coming, and thus, prepared.
Moving away from privacy and focusing on regulator agencies, a real-world application on no regret strategies is next.
The scenario references multi-state employees which are employees that work across state lines. A combination of cumbersome and time-consuming laws exists to understand and report correctly. There are various scenarios of agreements, or lack thereof, between states regarding payroll taxation on multi-state employees. In addition, the amount of time spent in a state is, generally, the trigger for payroll taxation in a state. Each state sets the time trigger and are independent of each other. This combination creates an area in which there is potential for companies to not report correctly: unintentionally or intentionally.
In this scenario, moral compliance of a no regret strategy is to report payroll subject to taxation to the letter of the law by each state. Frequently a lack of resources and increased cost deter employers from reporting exactly as required.
Proactive compliance within this scenario is to recognize the (probable) changes coming to multi-state payroll taxation due to the expanded capabilities of regulator agencies via technology. Right now, gain an understanding of multi-state payroll taxation triggers.
Build a strategy from the information gleaned from the process. Glean information such as the monetized economic effect, including prior year taxation and fees, for unreported or inaccurately reported multi-state payroll; and peoples’ real and opportunity costs, like “putting out the fire” costs. Also, build into the strategy compliance as a competitive advantage.
For example, a very simple strategy aligning multi-state employees with states that are:
The example is provided to highlight legal proactive compliance planning. No regret strategies can be realized throughout all regulatory compliance. No regret strategies including AI will result in maximizing the strategy, and at the same time minimizing risks.
Regulatory agencies are using technology to expand their touch. This is seen using technology such as crowdsourcing and the laws surrounding technology like CCPA. Technology is important to compliance. However, a hap hazard approach will result in mistrust from the community and continued way of doing business of “putting out the fire”.
Success with compliance in Industry 4.0 is embedded in a company’s strategy and includes the technological framework. Success is seen through proactive compliance planning resulting in trust creating a competitive advantage.