Navigating the challenges of privacy laws and security costs

8 Dec 2021

Tharishni Arumugam, Aon. Image: Connor McKenna/

Aon’s global privacy tech director spoke to about the evolving privacy landscape and why security costs so much.

While data is growing and transforming industries all the time, the privacy landscape is also changing. This means companies need to navigate the murky waters of being able to effectively use the data they have while also ensuring they adhere to varied privacy laws.

While data has no borders, privacy laws do, meaning one of the biggest challenges businesses face is having a solid understanding of the privacy regulations they are subject to.

Aon’s global privacy tech director, Tharishni Arumugam, recently spoke at the Analytics Summit 2021 in Dublin about these challenges.

“Cross-border transfer still remains one of the most contentious regulatory issues between different countries or different blocs like the EU,” she said.

“I think the other issue is emerging technology and the framework that needs to be in place in order to deal with emerging technology. It shouldn’t be a tick-box exercise, it doesn’t have to be that. It has to be every single person in that value chain understanding what we’re doing.”

For companies, Arumugam said it’s important to understand that privacy laws are not there as a form of hindrance to using data, but to ensure that it’s used in a way that positively impacts the individual.

“The laws don’t exist to just tell companies … ‘you’ve done it wrong’. But it’s really, ‘Hey, make sure that you’re thinking about everyone in the community and the impact of what you’re doing to individuals.’”

The value of cybersecurity

Data privacy often goes hand in hand with cybersecurity, an industry that has had a turbulent couple of years, with several major attacks taking place in 2021, including the ransomware attack on Ireland’s HSE.

With this in mind, security has become a major focus for leadership teams and will continue to be high on the agenda for many teams going into 2022.

Many experts have spoken about the importance of having security stretch into every area of a business instead of just having it exist in a silo in IT security.

Arumugam agrees, saying one of the biggest misconceptions that previously existed was that “the security guys have this covered” and leaders just had to put pressure on them to ensure all was as it should be.

‘Security gets a lot of flak that it costs a lot, but that’s because the bad guys are moving at a really fast pace’

“But leadership and executives really need to understand, what does cybersecurity mean? What kinds of data breaches exist [and what are] the different types of responses that are essential to a data breach?”

She added that it’s important leaders remember that cyberattacks are not always just some hacker breaking into a system.

“It could be an employee clicking on something, it could be a patch that’s not done in time, it could be an insider threat,” she said.

“It’s really important that executive leadership knows about it, understands it, understands that, ‘Hey, I might not understand all of the intricacies of technology or security but I know what everyone in the firm should be doing and I need to take a keen interest.’”

Arumugam also said there can be other roadblocks to security when it comes to funding. “I think security gets a lot of flak that it costs a lot, but that’s because the bad guys are moving at a really fast pace and are equally motivated by money, so you have to match the financial investment into your security infrastructure, your security people, so that you’re always almost outrunning or having the right defences in place when it comes to cybersecurity.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Jenny Darmody is the editor of Silicon Republic