Compliance by Design

How an effective compliance department can strengthen client relationships.


If marketing is seen as an open space where creative minds run free, compliance can resemble a cage. No one likes to feel as if they’re being reined in, yet we all recognize that there are times when it’s important to colour between the lines. If you find that disheartening, then you’re missing the point.

Whether you’re developing an imaginative campaign or working with organizations to directly engage customers, compliance seldom tops the list of things marketers concern themselves with — but it should. If you involve your compliance department early on then it shouldn’t hinder the creative process. It will, however, save your organization from wasting time and resources pursuing ideas and initiatives that should have been struck from the whiteboard.

Plus, it beats the alternative. A compliance breach has the potential to do significant damage, possibly destroying reputations that may have taken decades to cultivate. And yet, while risk mitigation is critical, from a client relationship perspective it’s arguably not even the most important reason why organizations should desire a robust and engaged compliance department. The main benefit is that it builds trust. Now more than ever customers, partners and other leaders need to feel they can rely on your work, especially when it involves sharing sensitive information.

To earn that trust, organizations need to demonstrate they have the safeguards in place to ensure privacy, battle-tested systems to provide security and the doggedness to mitigate risk. There are four core organizational pillars that need to be in place to make this happen:

  • The commitment from executive leadership
  • Staff who are informed on the latest legislation and best practices
  • Regular training programs to keep compliance top of mind
  • Dedicated teams to hardwire compliance directly into everything your organization does

These are the principles Environics Analytics (EA) embraces in its compliance framework. If you’re looking to turn your compliance department into an asset, here is a quick guide to help you get started.

Strong Leadership

Developing a successful compliance program starts with your organization’s executive leadership. This sets the tone for the entire organization.

Still it can be a hard sell. Since compliance departments do not generate revenue, it can be tempting to dismiss compliance as a back-office drain on costs. All the more reason why organizations need strong leaders who recognize long-term damage is far more costly than devoting the necessary resources to fund and operate an effective compliance program.

Define your compliance policy

Compliance is a bit of a catch-all term that covers myriad business interests, ranging from software development and securing technology to monitoring privacy and being aware of anything that might threaten the organization. For most marketers, guarding client privacy is one of the most sensitive issues they need to be mindful of.Locking A Virtual Lock In A Lineup Of Open Locks

Privacy is a shared duty. At EA, while the main responsibility for privacy compliance falls on the Corporate Privacy Office, our Data Governance department also plays a critical role by overseeing data inventory.

Organizations need to know:

  • Was personal identifying information collected?
  • What personal information elements were collected?
  • Where does it reside?
  • Who has access?
  • How is it stored?
  • How long does it need to be retained?
  • Where are the backups kept?
  • When will the information be destroyed and by what process?

Keeping an inventory of these answers isn’t just common sense, it’s required by audit.

Compliance should be second nature

There should be no ambiguity amongst your staff around your organization’s compliance policy. Organizations need to develop clear and continuous communications about their compliance programs and their goals. Asking staff to review the documented policies, processes, standards and guidelines is simply not effective enough. Following up with regular audits to make sure staff adhere to those polices is critical.

Organizations need to take every opportunity to reinforce this message. In addition to the standard annual all-staff mandatory privacy and security awareness presentations, employee orientation sessions, regular departmental training sessions and newsletters should all be enlisted to reinforce the importance of compliance. At EA, we take this a step further by mandating all our staff to take part in refresher webinars and follow up with quizzes to test retention.

Build compliance into everything you do

There is no better way to ensure that compliance runs smoothly than to hardwire compliance principles directly into the DNA of everything your organization does. Project management teams especially need to adopt this mindset. It will not only help organizations track whether projects are being done on time, it will keep them under budget and help them utilize resources more effectively.

While the best practices outlined above will help your business, it will mean little if they aren’t backed by an independent audit. At EA we conduct several audits throughout the year, including those required to meet Service Organization’s Control (SOC) 1, SOC 2 and HIPAA (Health Insurance Portability Accountability Act). It’s an investment and it can pay for itself by helping to attract new clients and increasing operational efficiencies.

Failing to invest in any one of these pillars will not only undermine the effectiveness of your compliance department, it will weaken your ability to build trust with your clients. Implementing and enforcing security and privacy safeguards is a strategic requirement at EA that goes over and above regulations. It’s what clients expect and EA has the policies in place to meet those demands. We hope all organizations will follow our lead.


James Smith is the chief compliance and privacy officer at Environics Analytics.