Increasingly complex and overlapping regulatory demands are stretching governance and compliance in organizations as they adopt digital technology.
This, in turn, is making it harder for businesses to manage risk, and to roll out new technologies such as AI.
According to the Organizational Digital Governance Report 2024, from the International Association of Privacy Professionals (IAPP), organizations face an “alphabet soup of digital governance regulation.”
This is putting pressure on their governance and compliance structures. Executives and departments are seeing their responsibilities grow, but businesses face gaps in governance.
The report found that organizations faced “digital entropy,” with overlapping and sometimes contradictory rules and regulations.
The IAPP uncovered a “complex matrix” of digital governance and compliance obligations. These include cybersecurity, AI governance, online safety, and privacy and data protection.
These governance pressures extend to national security and law enforcement, intellectual property, and areas such as competition and antitrust regulation, accessibility and content moderation.
This is leading to pressure on security and privacy teams to do more, including operating in areas that might lie outside their expertise. Without a coherent approach to digital regulation, this leaves organizations exposed to compliance risks.
According to the IAPP, 69% of chief privacy officers now also have responsibility for AI governance, as well as data governance and data ethics. In addition, more than a third (37%) have responsibility for cybersecurity regulatory compliance.
Furthermore, four out of five privacy teams now have responsibilities outside privacy.
IAPP Urges Adoption of Organizational Digital Governance
The IAPP is calling on organizations to respond by updating their governance structures to deal with digital regulation and risk and to move towards what it calls “organizational digital governance.” This includes cybersecurity and privacy, as well as emerging areas such as AI ethics.
Organizations should be looking for greater clarity over digital strategy and compliance, more transparent decision making and improved coordination across digital business.
“There is massive disorder and a lack of structure in both the private and public responses to the litany of emerging digital risks and requirements,” said IAPP President and CEO, J Trevor Hughes.
“Organizations have recognized the growing gaps in governance and now must prioritize appointing leadership to steer their response.”