Can regulatory compliance be different this time?
I always cringe a bit when I see regulatory compliance taking the headlines in our information management industry, as it did once again at The AIIM Conference 2020 held March 3rd through 5th in my hometown of Dallas. The obvious drivers this time around were the General Data Protection Regulation (GDPR) from the European Union and the California Consumer Privacy Act (CCPA). This group is spurring similar regulations across many other U.S. states, and almost assuredly soon across the entire nation. You see, I agree with a sentiment shared on the conference main stage by AIIM President Peggy Winton when she said (and I may be paraphrasing, but only slightly), that only lawyers make money from GDPR. That in a nutshell is the basis for my angst.
Now before suppliers and practitioners in our space – doing great work to help government agencies and public companies achieve GDPR and/or CCPA compliance – and making a good living doing so tune me out, please give me a chance to explore the topic further. Because, I might just change my mind and hopefully a few others before all is said and done. But to possibly do so, we first need to get to the bottom of the problem.
Historically, regulatory compliance, as it relates to technology and investment in our industry, has long been viewed primarily as a cost of doing business, especially by U.S. companies. This has often been seen as an expense to be managed and minimized, as well as often an exercise in rationalizing the “less versus more” approach. Sometimes it is a risk/reward analysis of saving money by cutting a few compliance corners, even if it means an increased chance of a publicly visible compliance failure with fines.
I believe that the reason for this is that most customers of these businesses didn’t really care that much about the underlying regulations. At least they didn’t care enough to take their business elsewhere in sufficient quantity when a company had a compliance failure to drive a different perspective in the industry. Thus, compliance became an expense and not an investment, because in business it has always been, and will always be, about protecting and growing the revenue stream.
Tying it back to our information management industry, as suppliers – once you hitch your wagon to compliance – it is really hard to also be seen as providers of solutions that drive revenue… and driving revenue is where the lion’s share of investment is going these days. In fact, Most Digital Transformation strategies and initiatives center on serving the customer better and earning more revenue in doing so. Regulatory compliance, and those focused on it, are just a cost of doing business to be dealt with and overcome in the pursuit of revenue… possibly until now.
You see, for the first time, regulatory compliance is personal. Yes, literally and not figuratively, it’s personal because it is about our personally identifiable information (PII). We may not care if a company we are doing business with breaks some arcane government regulation, but we sure as heck care if they don’t take care of our PII. Add to that an undeniable shift of sentiment of younger consumers expecting broadly higher character behavior from the companies with which they do business, and we have a real chance that meeting regulatory compliance obligations and driving revenue growth share some common ground.
However, I think there is one more important piece of this puzzle necessary to really drive these two strange bedfellows together. I saw and heard several “green shots” from the AIIM Conference on this front. The concept to a simple thinker like myself has two major facets. The first is building powerful information management solutions that broadly enhance user productivity with core compliance actions that are fully automated and built in from the point of design. If you just think the exact opposite of things like add on records management modules with manual records declarations, you’ll get the picture.
The second is engaging the customer directly with the solutions that put data protection/compliance easily, firmly and visibly in the hands of the customer. For example, this can be accomplished by letting the customer decide how their PII is used – and doing so under an industry standard framework with easy buttons for decisioning where the consumer intuitively knows exactly what they are signing up for. For this last point I need to mention that I borrowed this idea from information management, data privacy and compliance expert, Andrew Pery, who spoke eloquently and convincingly at the conference on this very topic.
Can you imagine what we can achieve as an industry, with suppliers and practitioners working together? Especially if we could deliver regulatory compliance (most importantly in the form of protecting PII), all while demonstrating revenue growth fueled by improved customer experience and confidence in the suppliers that they do business with and in the security of their PII? Going full circle back to Peggy Winton’s comments mentioned above, when considered in context, her comments were about urging us as an industry to take on this very challenge, and include the opportunity of combining compliance and customer experience. If this is done in a way that takes information management back to the forefront of technology investment and broadly leading Digital Transformation initiatives across all industries – this is a vision that gives me anything but angst.