By Yacov Salomon / June 25, 2020
For global businesses, the data-privacy rulebook isn’t getting any shorter. The GDPR and the CCPA are just the tip of the iceberg; over 80 countries have passed or strengthened data privacy laws. Industry-specific regulations such as HIPAA and FERPA further complicate matters, while COVID-19 contact tracing will open a whole new Pandora’s box of regulatory complexities. With China and India also joining the party, the regulatory landscape will only grow more tangled in coming months.
There’s no way to avoid all those rules and regulations. Data, not oil, is the fuel powering our economy, and we’re using more of it than ever. New innovations such as AI and IoT constantly add to the torrents of data inundating businesses: a single smart-car produces 300 terabytes of data a year; by 2025 the world will generate a colossal 175 zettabytes of data a year. Companies can no more opt out of using data than a fish can opt out of the ocean.
But managing all that data while simultaneously complying with a constantly changing and growing body of regulations is a major challenge, and one most companies aren’t equipped to handle. Firms typically respond to new regulations by patching their data management tools to ensure data is handled correctly, but taking an iterative, point-solution approach while navigating the expanding global regulatory morass is like playing Whac-A-Mole — except that the field is growing, the moles are proliferating, and you have only a single mallet. No matter how fast you hammer, you’ll never be able to keep up.
That’s the bad news. But there’s good news, too. While the challenges are real, there’s also a real and practical solution that can help businesses to stay compliant amidst a sprawling and ever-changing regulatory landscape. And paradoxically, the best way to stop the bleeding and stabilize the patient is to stop worrying so much about regulations.
Obviously, you can’t ensure compliance without paying attention to regulations. But that doesn’t mean everyone in your organization should be constantly fretting about how regulations affect them.
Under the current paradigm, when new regulation is enacted, businesses have to gather together everyone — business leaders, legal experts, developers, and so forth — to hammer out a fix. That’s fine when you’re dealing with modest amounts of data and a circumscribed body of regulations. But when you’re dealing with rapidly changing data and regulations on a global scale, it simply isn’t sustainable. All too soon, you’re left with a patchwork of point solutions — complex, brittle, failure-prone, and impossibly expensive to maintain.
This Rube Goldberg approach to regulatory compliance also takes up huge amounts of time and energy, driving up costs and distracting your legal, business, and technical teams from more important matters. It also stifles innovation and slows product development as engineers shelve other projects to bolt yet another set of unscalable compliance solutions onto an already struggling tech stack. And it forces legal and business stakeholders to second-guess what’s technologically possible, and engineers to parse the nuances of statutes and regulations as they struggle to ensure their code is compliant.
What’s really needed is a more efficient approach: not an all-hands effort to rebuild your data management system each time a new regulation comes along, but rather a mediating layer between legal and business experts, on the one hand, and developers and engineers on the other.
Instead of treating compliance as a regulatory problem, treat it as a data-processing problem — and build a data-tech stack that’s capable of natively support any new regulations, and applying changes seamlessly across your entire data-set without requiring legal folks to understand code, or developers to understand the fine points of privacy statutes.
That’s where Switchbit comes in. Our platform decouples your data handling and compliance processes by establishing a central control system that lets you update data governance protocols without ever touching the code driving your data-handling tools.
By separating these functions, we free legal and business teams to focus on articulating a data governance worldview that’s aligned to the latest regulatory requirements, and to consumer needs and rights, without worrying about execution. On the tech side, developers can integrate data-handling systems with the data governance module once and once only, and never worry about compliance again.
Sound too good to be true? Here’s how it works:
First, using our simple but feature-rich Regulatory Harmonization tools, legal and business folks develop policies setting out what’s allowed and what’s not. Imagine TurboTax, but for privacy regulations instead of the tax code: a simple, slick dashboard that requires no technical expertise, but lets you draw on Switchbit’s experience and templates, plus your own industry knowledge, to create a customized rulebook that determines precisely how your company can handle data.
At this point, the legal and business team’s work is done, but Switchbit is just getting started. Based on the policies you’ve defined, we automatically generate permits — a kind of smart contract that sets out the precise rights and obligations of every user or piece of data in your system. Enforced through high-end encryption, the permits make it literally impossible for data to be used incorrectly, much as DRM makes it impossible for IP assets to be improperly shared.
Finally, we assign each piece of data a unique identifier, a bit like the barcode that identifies every can on a supermarket shelf. That’s important because it’s the only piece of our system that developers need to worry about: using a simple API, developers can use that identifier to check whether a specific action is permissible for a given piece of data. They never have to interpret the rules themselves — they just ask the question, and get a straightforward answer.
The power of that approach should be obvious. If a new law is passed, or an old one changes, the only people who have to worry about it are your legal and business team. They can implement the new policies, and know that their changes will propagate instantly across the company’s entire data infrastructure. And because compliance is handled centrally, your codebase never changes or needs revising — while the permitted actions for any given user or bit of data might change, the infrastructure itself remains the same.
The result: a top-to-bottom governance system that ensures future-proof compliance without forcing you to rewire your data infrastructure. Policy changes propagate through your system automatically, even extending downstream into middleware, or to partners and consumers who access or use your data. And because you’re no longer working with a patchwork of point solutions and custom fixes, the entire network is more secure, more efficient, and easier to maintain.
For too long, digital enterprises have been running to stand still when it comes to data compliance. It’s time to get off the treadmill, and find a new, genuinely scalable approach that treats data compliance first and foremost as a data-processing problem.
Switchbit is that solution. Just as Stripe revolutionized online payments with an API approach, so we’re turning data compliance into a solvable problem. No matter how quickly regulations change or how fast your business grows, you’ll never have to waste time rewiring your data management tools — you’ll just update your data policies, and get back to serving your customers.
Global regulators aren’t about to stop passing privacy laws, but you don’t have to let your company get swept away by the deluge. If you’re ready to stop playing catch-up, get in touch today, and let Switchbit change the way you think about compliance.