digital age

Security and privacy concerns continue to multiply
as companies bring digital capabilities to every aspect of
their operations and technology is embedded in every
product and service.

Good governance critical to managing digital risk

Organizations across sectors are using new digital technologies to revolutionize their businesses, even as headlines about data breaches and system glitches highlight the peril in the digital opportunity.

Although safeguarding information is key to maintaining the trust of consumers and strategic partners, a focus on technical aspects of data protection can distract companies from the bigger issue of information management, which is critical for competitive as well as security reasons. Indeed, cybersecurity should be considered part of the larger discipline of information governance.

Poor information governance can diminish an organization’s competitive advantage by limiting the use of information, one of the most valuable resources for innovation and growth. It also creates vulnerabilities to hackers and opens the door to mishandling and misusing information from within the organization and among partners and vendors (as some high-profile incidents in 2014 demonstrated).

This commonly occurs when ineffective policies allow risky practices to persist or when employees, partners or vendors aren’t required to comply with effective policies. And the challenge multiplies as the “Internet of things” expands the ability to collect data and increases the number of entities with which organizations are connected.

Robust information governance involves comprehensive controls, processes and technologies that optimize the value of information while minimizing the risks and costs of collection and use. This can start with a few simple questions: What types of information does the organization collect and keep? Where is this information stored? And how is it used?

Data breaches can result in serious bottom-line impact—for example, stiff regulatory penalties, class-action suits, or disruptions to business or reputation. Even the best-prepared organizations should assume breaches will occur, and they should develop clear cyber response protocols to minimize the damage and engage regulators and consumers as the law requires.

Legal issues converge across sectors as healthcare goes digital

The digital revolution is transforming healthcare at an accelerating rate, affecting virtually every aspect of the industry—from basic research and product development to marketing, service delivery and billing. As a result, many more tech companies are rushing into the health space—and an increasing number of healthcare companies can stake a credible claim to being tech companies.

But this salubrious convergence—sometimes called digital health—increasingly raises unfamiliar regulatory, legal and ethical issues for many companies. Tech companies offering health products or services may find themselves subject to new rules, and healthcare companies may often find the dynamics of their businesses altered or the complexity of certain issues compounded as technology becomes increasingly important to their offerings.

For example, tech companies that develop devices or services for monitoring health may be subject to unfamiliar US Food and Drug Administration rules that require scrupulous reporting about safety or that restrict how they market their products to consumers.

Privacy issues are often more complex in the healthcare space than they are in other areas. Rules about how health information can be gathered and used may be more restrictive and complex as a result. In addition, wearable, implant and cloud technologies could test privacy standards to unprecedented degrees.

Companies operating at the intersection of health and technology may also have to alter their business practices for competitive reasons. Healthcare companies have expertise in managing intellectual property through the patent system, for example. But tech companies often eschew patents when they believe that filing for them involves divulging too much information to competitors. Digital health companies may have to make tough choices about when to pursue trade-secret strategies to protect tech-based IP in the future.

Savvy innovators will learn lessons from other sectors to ensure they are able to manage unfamiliar regulatory, legal and ethical issues as they build new digital health offerings.

Scrutiny rises as digital trading approaches light speed

Regulators around the world are stepping up their scrutiny of high-frequency trading (HFT). They have also trained their sights on so-called “dark pools”—unregulated, private exchanges that are usually owned and operated by large investment banks—which have facilitated the growth of HFT (an estimated 40 percent of US equities are now traded in dark pools).

This has resulted in proposals from a number of US authorities—including one by the US Securities and Exchange Commission that would require high-frequency traders to register as broker-dealers and comply with the stricter rules that govern that group. Other US bodies—including the Commodity Futures Trading Commission, the Financial Industry Regulatory Authority, the Department of Justice, the Federal Bureau of Investigation and the New York State Attorney General’s office—are also investigating high-frequency traders and other industry participants.

European regulators have taken an interest in HFT too. The European Commission has published legislative proposals, known as “MiFID II,” which introduce closer regulation and monitoring of HFT. Germany has already implemented regulations covering HFT. Italy has introduced a tax on high-frequency equity and derivative trades. And the UK Financial Conduct Authority is developing a three-pronged approach for addressing HFT, with one prong aimed primarily at implementing MiFID II.

Even with the specter of heightened regulation, further legal enforcement action and private lawsuits, HFT is likely to remain a significant feature of equities markets around the world. It will probably become more prominent in non-equities markets as well. Indeed, future advances, including the use of microwave technology, could enable trading on the basis of increasingly smaller increments of time. But as technology and practices evolve, scrutiny from regulators, the media and the public is only likely to increase.