Over the next year or so, this space will provide a monthly guest perspective on various aspects of regulatory compliance from the leading information security companies that make up our CSIA's membership. For our inaugural column, I'd like to focus on the need for Congressional action on data security.
I recently read an excellent study about the impact of security and privacy on brand reputation and customer loyalty. I was looking for some solid analytical data to prove my strong belief that security can be a "competitive advantage or differentiator." This study, "Secure the Trust of Your Brand," published by The CMO [chief marketing officer] Council, corroborates my convictions regarding the importance of security. It is worth downloading and showing all executives (www.cmocouncil.org).
IT security has the potential to impact a business at every level. Few other business areas, if any, have the potential to damage customer relations, disrupt supplier dealings, lower employee productivity, lose revenue and even lead to the arrest of the CEO.
Compliance is a moving target, especially when it comes to Sarbanes-Oxley and personal data protection. Technologies change, companies grow, systems evolve and compliance programs must take these changes into account to remain effective. It is important to remember that it is not the design of the compliance program that counts, but its ability to meet its overall goal, whether it's accuracy in financial reporting or protection of customers' personal information.