Among the more critical topics we follow at Sprinklr is the often-overlooked trifecta of security, risk, and compliance. We consistently counsel partners on how to use the Sprinklr platform to help mitigate the risks associated with privacy such as data breaches. Our experience working with some of the world's most socially-savvy brands has provided a wealth of experience helping large enterprises navigate through the complicated, potentially dangerous new world. Not to mention that we have several social practitioners who have led Security & Risk (S&R) efforts within huge, regulated businesses. As such, we thought it time to offer some of our perspective below in what we propose as the first of several thought-starters on security, risk, and compliance.
1. The market will continue to adapt.
There is actually a social risk and compliance ecosphere - and it is on the cusp of exploding into a new cluster of issues. The ecosphere is adapting to new processes and procedures at a rapid rate because consumer digital device adoption and the proliferation of digital and social channels has exponentially multiplied and fragmented, forcing brands to manage an increasing flood of social conversations and consumer data.
At its core, brands are challenged to deal with more and more people who are sharing personally identifiable information (PII) through social channels. Currently, 45% of social media users are "somewhat" comfortable providing credit card details when they buy through a digital or social channel, and this number is projected to significantly increase as younger, less technology risk-averse people mature into enabled consumers accustomed to seamless and safe electronic commerce regimes.
While only 26% of people today indicate any interest in digital currency such as Facebook credits, some suggest that virtual credits will alleviate these risks as people become more comfortable using them. While the jury's still out on virtual currency, we believe there is a high likelihood some virtual currency / mechanism - probably something that stems from mobile payment technologies such as Square - will take root within the next decade. Brands are smart to monitor these trends closely.
2. What we're seeing
Many enterprise brands have become acutely aware of the need to adapt to new compliance protocols, particularly those who are required to manage PII within heavily regulated industries - Sprinklr has a number of financial services clients, for example, who are at the tip of this spear. But we're seeing most other industries lagging behind in terms of establishing new internal governance structures and workflows. Many brands simply believe they can handle all sorts of consumer data the same way they did before email, and have not developed proprietary privacy policies or data management regimes.
Technology alone can't protect or safeguard a brand from the inherent risks associated with privacy laws that differ from state to state and corporate data aggregation and warehousing regulations that are not unified at a federal level. Security & Risk (S&R) practitioners could very well become agents of change, fostering new levels of attention to how companies develop compliance regimes, organize across the organization to manage compliance at tactical levels, and ensure S&R management becomes a corporate priority that, like social, is threaded into the core of the business.
3. Current compliance structures are not designed to manage real time-digital or Big Social.
How will future structures adapt to support comprehensive S&R management?
Typically, three groups shared the responsibility for managing S&R compliance but acted as independent agents: technology specialists, compliance "authorities", and legal experts. These individuals served as stopgaps to any messaging, content or use of technology that might harm the brand, its systems or employees. So why won't this work today (or tomorrow)?
We have a couple of theories.
- A tsunami of real-time business - propelled by a huge, always-on streams of consumer-generated data - has most enterprises on their heels. They simply don't have enough expertise or resources to manage the velocity and volume of information, respond in a timely fashion based on consumer expectations, or analyze for compliance, especially if the brand is interested in profiling people for re-marketing.
- A host of technology issues pervade the S&R space today. Powerful, smart social technologies can play a significant role in identifying compliance risks and alerting proper internal channels that an issue needs to be managed. Housing data in a cloud-based Virtual Private Network is also both a risk-mitigation solution as well as an added layer of data privacy complexity, which blurs the traditional structure of technology specialists and compliance authorities in terms of who is responsible for managing S&R.
- Brands need a comprehensive S&R management approach that blends technological prowess with compliance expertise. We can envision new job titles such as Compliance Technologist emerging in short order - lead by uniquely qualified people with educational and experience backgrounds in law, social business, and information technology - so that they know can marry technology, business operations, and law into a new S&R perspective.
The Difference Between Then and Now
In the early days of social, innovators would jump in and use any tool they wanted, a HootSuite or a TweetDeck. However, as Social becomes a truly enterprise-wide initiative, requiring a new set of priorities and parameters, we believe large brands must equally consider the trifecta of risk, compliance, and security alongside the more "exciting" ares of engagement, listening, and metrics to identify and implement the most comprehensive solution possible.
We believe that a platform originally architected to meet the security and compliance needs of large enterprises is ultimately the best choice. Bolting a solution together, regardless of whether the aggregator is a large company or a smaller one, is going to lead to security lapses (as we've already seen).
Whatever choice you make, Social Practitioners and Executive sponsors need to make them in as educated a fashion as possible and we encourage them to partner with the Security, Risk, and Compliance professionals early on in the process of selecting a comprehensive enterprise-wide platform for becoming Social@Scale.
If there is any way that we can of service and share our insights and experience on working with large brands around these issues, please let us know.