Data privacy regulations are evolving across jurisdictions and countries and increasing in their scope. At the same time, artificial intelligence (AI) is accelerating risk exposure. This can put organizations under pressure to not only protect their environments but also prove that they’re doing so. That requires more than just putting an “X” in your compliance checkbox.

Security, privacy and compliance concerns are operational realities. Regulatory frameworks like the EU AI Act, Digital Operational Reliance Act (DORA), EU GDPR, EU Data Act, Health Insurance Portability and Accountability Act (HIPAA) and the California Consumer Privacy Act (CCPA) require demonstrable compliance — and enforcement is escalating. A data breach today doesn’t only result in financial penalties; it could damage a company’s reputation and trigger customer flight in an era where switching providers is easier than ever.

As businesses look to scale securely and responsibly, several capabilities will be essential to running compliant operations. These include the ability to verify how vendors implement security controls and handle sensitive data, how AI models are trained and used, what safeguards are in place, what documentation is available for due diligence and the vendor’s approach to supporting its customers’ due diligence process.

This article explains why your organization needs user-friendly tools to help close the information gap in order to reduce risks with AI and strengthen compliance strategies.

Increasing Adoption of Directives and Regulations

Privacy is one of the two primary areas of the global regulatory environment. While the GDPR in the EU led the way in privacy regulations eight years ago, other regions and states are quickly catching up with their own privacy laws. This includes Australia, several countries in Asia and California.

Within the EU, several cloud providers have announced plans for EU Sovereign Cloud services. The Genesys Cloud platform is already available in 14 core regions and Genesys has announced plans to deploy Genesys Cloud on EU Sovereign Cloud, providing our customers with more deployment options to meet regulatory and preferred compliance requirements.

Because of such strict regulations and directives, the public is increasingly aware of privacy as it relates to their digital footprint and their rights to have it secured. On top of the directives and regulations around privacy are the evolving challenges of AI, the second primary area of global regulations.

Handling Data in the Era of AI

Public awareness of privacy rights extends to AI, and the knowledge that the information they input into an AI system could be used elsewhere. It’s not necessarily private and there aren’t necessarily “ring fenced” systems protecting it.

One of the purposes of the EU AI act is to categorize AI systems, how they can be used and their levels of risk. For example, scanning people’s faces in a public place is categorized as an unacceptable risk and is therefore prohibited.

Systems categorized as high and medium risk still have transparency and other obligations, and some seemingly low-risk AI systems could fall into a higher risk category under certain use cases. Details like these are causing businesses to look more closely at the controls they need around AI.

The complexity and speed of change can make it difficult to manage controls — especially for those with limited resources. As the enforcement dates of new regulations draw closer, so does the potential risk of heavy fines. If a company hasn’t kept on top of its training and education — or maybe isn’t aware of every new law coming out — there can be pressure to get up to speed quickly.

Larger corporate entities and certain vertical industries, such as healthcare or financial services, tend to be better prepared for these directives because they’re under more scrutiny by regulators for their management of sensitive data. But not all of them are fully prepared — and neither are many small and medium-size businesses. These smaller businesses might be going through impact assessments and trying to understand if their customer data is at risk. And if so, what do they need to do about it?

Manually Managing Compliance Opens the Door to Risks

Businesses are doing a lot of manual work to keep up with security, privacy and compliance regulations, especially with the increasing risks of noncompliance. In some cases, rather than mandating a data protection officer or a data privacy officer, which many businesses have, regulators are now pointing to C-level executives and board members as the liable parties if there’s a breach.

There’s also mandatory training for executives. At a minimum, executives must understand the framework of what’s being introduced, and that information must cascade down to the rest of the business.

In addition to the financial fines that can impact profitability, there’s also a massive risk to reputation. Nobody wants their data stored at a company known for a data breach.

The speed of negative news can translate into fast and massive cancellations of a company’s products and services. Month-to-month subscription models are common in consumer entertainment and other industries, making it very simple for customers to move on to your competitor. Once you’ve lost trust, it can be costly to regain.

Build Customer Trust with a Vendor You Can Trust  

Any business looking for assistance with their compliance and security issues, should look carefully at how vendor solutions use data and the guardrails around its use. It’s not enough to merely see on a vendor’s website that they have a specific certification and accept a claim as validation that the vendor is compliant.

This was the driver behind the Genesys Security, Privacy and Compliance (SPC) Portal, which provides up-to-date compliance documentation and certifications to our partners and direct customers — all in one central location. The portal includes attestations of compliance, penetration testing reports, Data Protection Impact Assessment (DPIA), Transfer Impact Assessment (TIA), AI model Cards (transparency reports) and best practices documentation. It also has in-depth details, including videos on topics like the encryption used by the Genesys Cloud platform, Genesys SDLC approach.

Beyond some of the use cases listed above, the SPC Portal includes a COE AI assistant to help improve efficiency and make search a better self-service experience, as it surfaces answers from multiple applicable managed sites and resources within Genesys.

Other trial tools in the Portal, available through a signed Free Trial Agreement, demonstrate how the Genesys Cloud APIs can be used to give you a deeper look into your own organization. For example, you might use the tools to:

  •   Build reports and trends for security risks.
  •   Audit and configure alerts for monitoring security, privacy and compliance risks related to your Genesys Cloud organization.
  •   Address data subject requests in an automated fashion.

Using APIs to create your own tools can help you integrate these tools within your existing compliance dashboards and portal, enabling you to simplify your regulatory compliance job.

Accessing AI Model Cards for Full Transparency

Genesys has a long history of building security into its product development, known as security by design, versus creating products and adding security to them as an after-thought or bolt-on feature. It’s how we do business. We also believe that, as a company, we shouldn’t have anything to hide about how we use AI in our products, and so we provide AI model cards.

These standardized documents explain details about how AI and data is used in our products. Genesys uses them to show how a model was built, what data it was trained on, what we do with that data, how bias is addressed within the model and what limitations or risks may apply. This helps us establish our own benchmark for transparency, and it’s another way to enable customers to keep up with changing regulations.

Using Genesys Cloud, these cards let you determine how your customers’ data is flowing through the platform and understand why your AI isn’t putting that data into a pool of publicly available information. Using the SPC Portal, you can download these documents for all our AI products.

Get Fast, On-Demand and Transparent Answers

Most of us consume information on-demand; we’re used to researching and getting the information we want on our own. Why not expect the same capability for more technical needs? The Genesys SPC Portal enables customers and partners to self-serve real-time certifications, AI feature documentation and even get AI-driven vulnerability insights.

It can save time so that you can progress faster in decision-making without an intermediate step with a rep, as well as help reduce the risk of human error in manually researching and sharing information. And when you need a deeper level of detail, you can still contact us.

Watch the video and see how Genesys Cloud customers can get fast answers to critical questions about security, privacy and compliance — unique to each environment.

 

Please note: The Security, Privacy and Compliance Portal is available to Genesys direct customers and partners with an existing non-disclosure agreement, while usage of some selective tools requires an additional trial agreement.