It would be nice if we could create laws before the situations they address present themselves, but the law rarely works that way. Here is how to provide digital policy guidance in an ever-changing landscape
The costs relating to any digital risk can be material, and most organizations do not calculate the risk of such exposure. It is the job of the CFO to ensure that the business appropriately reflects those risks in the 10-Q and 10-K filings.
Organizations have historically relied on IT for technical systems execution and, with the rise of websites and associated digital operations, that norm continued. So why can't IT own digital policies?