From retailer system hacks and cars that can be manipulated remotely to the internal systems of some of the biggest technology providers in the world, cybersecurity is one of the hottest topics for just about anyone who operates machinery, uses phones or turns on a computer. It was also the theme of a discussion I recently had with Mary Ellen Callahan, partner, Jenner & Block and former chief privacy officer of the US Department of Homeland Security, at the ACG InterGrowth conference on April 25.
There are entire conferences dedicated to this topic that are much more comprehensive than our one-hour talk, but we addressed some key themes for those engaged in merger and acquisition activity, who do business with European nations or who are looking for new investment opportunities.
Balancing Security, Privacy and Compliance
Hopefully by now, any company using any level of technology is thinking hard about how they are balancing privacy and security to best meet the demands of their business and their customers. This should involve a highly integrated way of thinking about privacy, security and compliance, with room for innovation as circumstances evolve.
One example Mary Ellen shared was with the early years of body scanners at airports. At first, these scanners took very detailed images of people through their clothes. These images were so advanced that you could actually identify the individual – and they were being stored. A thorough approach to airport safety, but also very invasive. Ultimately, the technology and thinking evolved into a system that provides travelers with discretion (generic forms, obscured faces) that still supports security (technology that identifies non-human elements on the body) – and no storage of the images. It’s not perfect, but it meets the needs of all parties with diminished risk and an acceptable level of privacy. Ultimately, this is about looking at risk, customer demands and execution – and deciding what’s right for your company.
Cybersecurity and Due Diligence
The second takeaway was the importance of including cybersecurity in any due diligence process. While asking questions will expose risks and mitigating factors in any transaction, it’s going to be vital when exploring opportunities that involve countries under the European Union’s General Data Protection Regulation (GDPR) as it comes online next year. This regulation is designed to strengthen data protection for individuals in the EU. If your company isn’t compliant, you are facing significant penalties – up to four percent of global revenues. That’s a hit no one wants to take. You need to know if your potential target or partner has it figured out, and, if not, what has to happen to be compliant.
Finally, with innovation and proliferation of technology within business processes and across our whole lives through “Internet of Things” – we have to be sure that those things are safe and protected, and for companies who provide security technology, this is an opportunity to extend their footprint and to help address more needs for security and safety
Cybersecurity is a concern that will never go away – and there’s enormous space to make your mark. It’s certainly a top priority across Merrill as we not only operate globally, but also help companies around the world successfully navigate the secure sharing of their most sensitive content. From ISO/IEC 27001 certifications, myriad industry-specific expectations and our recently completed SOC II, Type 2 audit, we are constantly watching, measuring and raising our standards to keep ourselves and the thousands of companies we work with safe.
Listen to my full conversation with Mary Ellen Callahan.