All the activity around data, especially sensitive data, we discussed in our previous predictions (1, 2 and 3) will continue to draw attention from regulators. We have already seen several state-level laws including CCPA and CPRA in 2020 in California, Virginia and Colorado passed this year, and active bills in at least 6 other states. Every time a new state law is passed it increases the complexity of data access controls for governance and security teams.
And this will make data literacy just as necessary as financial literacy for executives, including board members. They’ll need to have a crisp understanding of how data works in the business, where it comes from, who it goes to, what data is meaningful and what can be ignored. Leaders will need to understand what’s required by regulations and how the way company is using data creates regulatory risk. We expect that soon company executives will be looking at “data flow” statements alongside cash flow statements each quarter.
Companies that have this competency baked into their business will be in a better position to weather the next big regulatory storm: a U.S. federal data privacy law on the level of the Sarbanes-Oxley Act of 2002. “SOX”, passed in reaction to several financial scandals including Enron, Tyco and WorldCom, requires corporate officers of publicly traded companies to personally certify that the company's financial statements are accurate. Officers who sign statements they know are inaccurate can face criminal charges and penalties including prison. We certainly hope that we don’t see scandals as shocking as those of the early 2000s, but if data breaches continue to worsen, we can expect legislation that requires publicly traded companies to have board-level data audit committees documenting how the company is protecting sensitive data, with CEOs and CDOs required to sign accountability statements.
To see all our predictions for 2022, download our white paper here.