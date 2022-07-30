



Whether due to poor data privacy protections, weak cybersecurity controls and oversight, or anti-competitive behavior, the financial and reputational costs of regulatory violations continue to rise. , the government is more determined than ever to make breaking the law as painful as possible for the bottom line of corporations. line. This aggressive enforcement approach is especially acute in the technology, media and telecommunications (TMT) industry. There is an increasing global legislative and regulatory effort to curb companies perceived to have free power and influence in the industry.

TMT companies are battling to balance the impact of current and future regulations with the need to constantly innovate. How will responsible technology companies act in this environment? In our whitepaper, Finding Equilibrium in an Era of Heightened Regulation, Protiviti tackles these difficult issues and helps businesses meet today’s consumers, governments, and other key stakeholders to better understand their changing expectations, providing some guidance. to make better business decisions.

growing pains

In a tweet last month, U.S. Representative David Cicilline, chairman of the House Subcommittee on Antitrust, Commercial and Administrative Law, wrote: Cicilline is one of his primary sponsors of the American Innovation and Choice Online Act. This is a legislative action designed to stop tech giants from endorsing their products and services. A Washington Post article described the bill as “the epicenter of a massive power struggle between Washington and Silicon Valley.”

In addition to the increase in aggressive legislation, enforcement actions are becoming more common. In the United States, the Federal Communications Commission, Federal Trade Commission, and Department of Justice are the leading agencies in this effort.

Given this dynamic, the first step for TMT companies operating in the United States is to be clear about the current state of their compliance programs and how they keep pace with enforcement and regulatory trends. You have to look. This increased understanding will enable us to improve or extend the program, including fixing problems, if necessary.

There are growing pains across the Atlantic too. In late April, the European Union passed the Digital Services Act (DSA). It aims to protect the digital space from the spread of illegal content (hate speech, child sexual abuse, etc.) and to protect basic user rights (restrictions, etc.). advertising targeted at children). With very broad terms, DSA requires analyzing the systemic risks that large digital platforms and services create and performing risk mitigation analyses. However, it has not yet been decided how the EU plans to enforce the new law.

Since the United States does not have federal legislation like the DSA, many states (at least 11 as of today) are questioning how social media platforms use algorithms to promote violence and address children’s mental health problems. We are investigating what is causing the States are leading efforts to regulate Internet content because they believe the federal government is moving too slowly.

As an example of U.S. federal inertia, state legislators are voicing federal support for the Children’s Online Protection Act (COPA), which was passed in 1998 to restrict access to material defined as harmful to minors. pointing out inaction. The law was never enforced and a permanent injunction was issued in 2009 after several lawsuits. In recent weeks, after a mass shooting in Buffalo, New York, a shooter live-streamed, causing problems with online restrictions. The content has again gone up in flames, with New York Governor Kathy Hochul slamming his social media platforms for not doing enough to stop the spread of this violent recording.

Meanwhile, the war between Russia and Ukraine has also affected relations between governments and big tech companies. One example is the threat of cyberattacks from Russia or state-sponsored attackers and the threat of some technology companies knowingly or unknowingly allowing their products and platforms to be abused by Russia or its agents. Fears that it could lead to regulatory scrutiny around the world. Given these concerns, TMT organizations should reassess the risks of using software or hardware manufactured or owned in Russia (or China) to ensure that the integrity of their supply chain networks is an integral part of their overall cyber resilience management. should be made a priority. For more on the impact of the war on the industry, read our recent blog, Geopolitical Tensions Exacerbate His Top TMT Industry Risk Concern.

But Russia isn’t the only country raising concerns about supply chain integrity. The U.S. Department of Justice violated Section 889 of the National Defense Act (covering companies doing business with five Chinese companies) and Executive Order 14028 (requiring companies to conduct a full risk assessment of their cyber supply chains) announced that it will track companies that Communication network). Under this order, companies wishing to do business with the U.S. government must scrutinize their third-party providers and continuously evaluate their vulnerabilities and the consequences of those vulnerabilities.

To achieve this goal, companies need to put together a baseline of security standards by developing a framework of software or hardware bills of materials that support government-mandated forms of certification. Clearly, this is a growing problem that will affect more companies in the coming years. By one estimate, 45% of organizations worldwide will experience an attack on their software supply chain by 2025.

Last year, the Justice Department created the Civil Cyber ​​Fraud Initiative. This is a task force to use the False Claims Act to track cybersecurity-related fraud by government contractors and grant recipients. The goal is to protect entities or individuals from knowingly providing inadequate cybersecurity products or services, misrepresenting cybersecurity practices and protocols, or failing to monitor and report cybersecurity incidents or breaches. to hold responsible.

Data privacy remains the most critical issue for TMT companies. In the United States, states such as California are leading data privacy regulations, and more are expected to follow suit.

As discussed in this blog post, the FTC has also steadily increased its crackdown on alleged privacy violations. Last year, authorities banned spyware makers and their chief executives from operating in the surveillance industry, secretly collecting and sharing mobile data about people’s body movements, phone usage, and online activities, and exposing that information. was accused of publishing on the open internet. There is also growing demand in the EU for additional privacy regulations regarding the use of artificial intelligence and machine learning. This effort will only increase with the deployment of Internet of Things devices.

What companies can do now

Overall, the TMT industry faces a significant challenge in developing a culture of compliance. This is because the industry has not been heavily regulated in the past and instead companies focused on a culture of innovation and a first-to-market attitude to foster success. Those days are gone.

Established and start-up companies should focus on building capabilities, including staffing with compliance, risk management, legal, privacy and legislative expertise, along with clearly assigned roles and responsibilities. As part of this effort, businesses should hire independent consultants to ensure they are operating within policies, regulations, and ethical standards. Additionally, it may be prudent to create a Chief Trust Officer role to ensure that the company acts with integrity and the highest ethical standards when it comes to corporate conduct in the digital environment.

Firms also need to implement a comprehensive risk management framework that allows them to break down risk silos across the organization and conduct regular risk assessments. Assessing and responding to evolving regulations and enforcement impacts on business models is an important part of this process. Many companies also need help developing data-driven, transformative risk framework models that can evolve rapidly at the pace of innovation.

As an example, businesses should seriously consider creating a comprehensive data privacy program (if they haven’t already). Read this blog post for four actionable steps tech companies can take to strengthen their data privacy programs. And finally, there has never been a better time to take advantage of new technologies that enable compliance with data-intensive and time-sensitive regulatory requirements.

For recommendations on how technology companies can act responsibly and take strategic actions during these uncertain times, read Finding Balance in an Age of Increased Regulation.

