Google is, once again, under investigation for potential anti-trust violations and compliance concerns. This is not the first time Google has come under the scrutiny of the judicial department to determine whether or not their business practices comply with anti-trust laws; in 2013, as a much smaller company, they were closely examined. Ultimately, however, no anti-trust lawsuits were filed. In Europe, however, fines have been frequently imposed. Many experts are suggesting that, under this administration and with Google’s expansion, the company – and potentially other tech giants – should be concerned for what comes next.
While the clients that we work with at McNeil Advantage are generally not global monoliths like Google, we certainly do help companies monitor their compliance through audits and ensure that they don’t end up in a situation where they are either violating laws or exposing their business to unnecessary risks. Compliance audits are customized depending on the type of business and what sorts of regulations it may need to meet. For example:
Data Regulation
The GDPR law implementation in 2018 left many companies scrambling to modify and secure their online presence. The law was passed in the European Union, and while it technically only applies in the EU, it also applies to anyone who might be selling to or serving EU citizens. This ultimately means that any website which might be visited by someone from the European Union needs to be in compliance with this data regulation.
In essence, the law says that any collection of sensitive data needs to be an “opt-in” -- the user must specifically understand that their information is being used and accept that usage. For nonsensitive data collection, the user simply needs to be “unambiguously aware” that their data is being collected.
Another example is HIPAA (the Health Information Portability and Accessibility Act) and the companies that collect sensitive healthcare information. In the U.S., there are strict laws surrounding how HIPAA information can be stored and used; violations cause severe fines. We work with companies that collect medical data to ensure that they are HIPAA compliant and to make the necessary changes if they are not.
Google has already been significantly fined by the EU for violating GDPR.
External Audits
Conducting regular internal audits is a good way to make sure your company is living up to the internal processes it has set up to protect itself and ensure that it’s meeting regulatory standards.
But external compliance audits are also necessary. Sometimes a business can get so caught up in its day to day operation that it can be difficult to see potential violation areas. It’s easy to think “no one would ever do that” without realizing that a process needs to be in place to ensure that no one does ever do that.
Conducting external audits can help companies set up the right processes, which can then be maintained by internal audits.
Ultimately, until further investigation is complete, we won’t know whether or not Google has failed to comply with any state or federal regulations. Anti-trust investigations are generally complicated, and lawsuits can drag on for several years. But what will be interesting to watch is how compliance audits are conducted, what information turns up, and how that might inform how other businesses move forward.
Companies don’t need to be as big as Google to pay attention to their compliance. At every level of business operation, from your first business plan to your biggest expansion plans, keeping track of compliance will protect your business from risk down the road. It may seem like a lot of extra work, but there are auditing companies who can help you get it done. It’s worth your business’s security.