One of my colleagues just sent me a PDF on likely costs to the U.S. cloud services industry from European nervousness about doing business with companies primarily subject to U.S. law. The loss estimates are big — from $22 to $35 billion over the next three years. All because of a handful of poor policy decisions.
Obviously, this paper begs the question — Will at least some European companies start looking to cancel deals with American talent management, HR, CRM and ERP cloud providers? If so, the losses might be substantially higher.
Might there be a bit of a move back toward on-premise license or company-specific private cloud sales? See here for a much higher loss estimate that factors in some of the likely American company buying behavior changes.
Might some U.S. provider companies split themselves into two or more stand-alone entities in order to avoid the jurisdiction issues currently coming to the fore?
We’ve written on this topic before (here and here) and we don’t claim to have a crystal ball. However, it does seem that the issues aren’t likely to go away, at least not quietly.
A few weeks ago, I wrote an article for the Inside Learning Technologies magazine on the role of learning systems in compliance training (“Is your LMS compliance friendly?”) Compliance is one of those topics that rarely get enough attention as one of the key drivers in our industry.
However, a recent survey by the Brandon Hall Group found out that regulatory and company compliance combined constitute the most important learning program for organizations’ business strategy today. In addition:
– Over 65% of organizations find it critically important or very important to demonstrate learning compliance to some external regulatory agency.
– At the same time companies understand that compliance is now impacting more on their workforces with over 60% of organizations claiming that compliance requirements involve more than three quarters of employees.
Compliance requirements for employees and organizations place new demands on learning systems that more traditional, developmental requirements do not. Our industry nowadays seems flooded with learning and talent management systems. But for such systems to succeed in a compliance-related role, they must be able to readily adapt to changing needs, operate at enterprise software level, and offer the requisite functionality around auditing, reporting, and security.
It is important that L&D and HR departments are up-to-date with the compliance requirements specific to their business. Here are a few suggestions to make this easier:
Talk to your legal team and to your compliance officer to better understand who in the organization is responsible for what.
Define clear requirements and objectives for training and the technology implementation.
Question your vendor and demand a software validation for the learning or talent management system. For the technical parts, don’t be afraid to ask your IT team to participate.
Make compliance an ongoing part of your business via well-defined workflows, checks & balances, and actionable reporting.
When it comes to training, reinforce formal compliance learning with recurring programs. These initiatives may include informal collaborations (such as forums to discuss ongoing compliance issues), on-the-job assessments (to better evaluate the effectiveness of the compliance training), and performance support (to provide easy access to compliance-related materials at the point of need).
I have to say, recently I feel like anything but the life of the party. Security, data privacy, due care and related legal requirements — these are not fun issues. HR executives sometimes go to extraordinary lengths to avoid even talking about these things. Eyes glaze over. Subjects change. Comments like, “Let IT handle it,” or “The risk management folks will sort it out,” get bandied about.
People in the HR world generally don’t want to get up to speed on security competencies. But with LinkedIn getting hacked, things have changed. We all need to be paying attention.
Patrick Baillie, CloudSigma CEO, recently wrote a primer in Forbes magazine on EU vs. US data privacy and disclosure requirements. You can read his article, Can European Firms Legally Use U.S. Clouds To Store Data,here.
His main point is that the two systems’ divergent claims on SaaS providers cannot be mediated — in short, Baillie says that if you work with a US provider or even a US data center physically located in the EU, you may have put yourself and your company at considerable risk under EU regulations.
He may or may not be right, at least about the data center part. I would think (I would hope) that EU physical presence means that local jurisdiction trumps foreign government claims via US-based group companies.
The jury’s still out on this issue. Right or wrong however, the article is worth reading.