Buridan’s tale of a donkey who would let himself starve for he could not choose between the food and the water that were both placed at an equal distance from him, satirizes paradoxical situations. In many aspects, it illustrates the situation in which compliance and IT teams find themselves today while trying to implement compliance policies that are valid across states or even countries.
No choice but to be at risk?
The tale very much resonates with the (little) choices left for the IT and compliance teams to make: whether they should retain data, delete data, hold in vault, or simply just ignore it. Whether it is the PCI DSS standards which requires to remove any sensitive data and HIPAA which requires long data retention – up to 7 years, or MIFID II with 5 years. Retention is not the only concern: “who” to alert in case of data breach, and “when” are also variables depending on which industry you belong, what types of data you process, and other criterions.
Most professionals would tell you that the best is to seek to comply with the most stringent regulations. Yet, stringent can be interpreted to mean different things: is it the most costly for your organization? Or the most protective of your customers?
At the end of the day, it seems that even the most dedicated teams will have to find themselves, like the donkey in the tale, either thirsty or hungry, or in our case, at risk.
Can’t we have the two stacks at once?
The main proponents of the illustration would almost always put forward the fact that, unlike the donkey, humans can rely on their rationality and would not remain still. Rather, they would choose to eat or drink, but not to let themselves starve, unable to make a move.
Of course, in our compliance world, best practices are in place, and boards across the globe are investing in solutions that would strengthen their compliance practices. As complex eco systems require innovation, one could assume that in today’s environment, the donkey of the tale could simply have virtually projected himself closer to the water while eating and avoided death by inertia.
In the compliance world, I wouldn’t recommend that you put on your virtual specs while trying to decide the best way to be GDPR compliant, but I would recommend that you leverage existing technologies for the purpose of the task at hand. In other words, you can enjoy the two stacks, if you know how to invest in and use the appropriate technologies around you: with dedicated analytics, real time alerts, advanced connectivity and dedicated compliance KPIs (Key Performance Indicators), you don’t have to be the donkey.
The right course of action
The deadlock in which your organization may find itself when it comes to establishing clear compliance procedures can be broken thanks to dedicated solutions.
What had the donkey confused was the idea that both courses were equal. By introducing objective metrics and contextual understanding of the potential violations and risks, the right course of action becomes a function of the regulatory environment, as much as it is a function of your organization’s principles. As “no one size fits all” policy can give you the right answers when it comes to defining your path in the regulatory environment, compliance solutions need to empower users to perform adequate actions on an ad hoc basis and according to their preferences and principles.
At NICE, this is what we are bringing to the contact center compliance eco system, with our compliance center offering which brings together the abilities to analyze and act upon the whole compliance lifecycle of your organization, and leverages innovative solutions to empower all users of the contact center. Making sure that agents, IT and compliance officers alike can promptly be guided and act upon any potential risk.
If you are still hungry or thirsty to learn about our compliance center solution, feel free to click here