Insights on risk management and governance, data collection and use, and privacy
Explore here insights on Data and Cybersecurity from the KPMG report Ten key regulatory challenges of 2023.
Regulators are looking to strengthen data risk management, especially in areas such as governance incident reporting, vulnerability management, and identity/access management. Companies should look to build practical and defensible frameworks for scoping their programs that consider both regulatory requirements and expectations as well as business needs.
Regulatory scrutiny around data risk governance will include:
Other aspects of data risk that regulators will also consider include:
Regulators have shown increasing interest in, and scrutiny of, companies’ practices around data collection, utilization, sharing, and monetization. They are seeking to understand and set parameters around the ways data is collected and used as well as how it is protected from misuse. Ongoing areas of focus include:
Regulators will be reviewing practices related to data risk management and consumer protection including:
Regulators are evaluating companies' privacy practices related to the consumer and customer data they collect and use. Examples of privacy-related legislative and regulatory developments to watch for in 2023 include:
Increasingly, data privacy issues, and privacy-related legislative and regulatory developments, reflect elements, or “standards of care,” intended to facilitate transparency and consumer data rights. These may include:
"Privacy and Data Security will continue to be a growing compliance and regulatory concern that will challenge organizations with finding innovative ways to safeguard customer, clients, and employees’ sensitive and personal identifiable information. The very nature of our business, and our economy, is being transformed by technological advancements and social-economic trends. Technology-enabled innovations have emerged to offer simpler products and streamlined customer experience. This evolution will present challenges, with sophisticated Cyberattacks, that will continue to challenge market participants, legislators, and regulators alike, with developing the necessary controls, safeguards, and accountability in the way organizations secure and manage customer data."
—Michael Blackshear, SVP Chief Compliance & Privacy Officer | Head of Diversity, Equity, & Inclusion, Ryan Specialty
☑ Build a practical and defensible framework for scoping these programs that considers regulatory obligations and the organization’s business needs
☑ Share a common view of what data and information assets are critical to the organization
☑ Coordinate efforts on how best to manage associated risks
☑ Measure and report upon the effectiveness of these programs and residual risk exposure for the organization in a consistent and integrated way
Ten Key Regulatory Challenges of 2023
Read our report for client perspectives, regulatory recaps, and actionable steps to help mitigate risk.Download PDF