Data is king: Corporations hoover up the stuff to build new business lines. Hackers, meanwhile, steal it for their own revenue-seeking purposes. And regulators are increasingly worried about keeping both—companies and miscreants—in check, in the interest of protecting people’s privacy.
This dynamic between industry, government, and consumers was a subject of much discussion among the executives in attendance at Fortune’s Global Forum in Toronto on Tuesday. “Regulators always move too slow,” said Ken Xie, CEO, chairman, and founder of Fortinet, a cybersecurity firm, speaking on a panel about data stewardship. “It takes months or years to get anything done, but in the security space attackers take minutes.”
Regulators “are always behind,” Xie said.
Adam Lashinsky, Fortune’s executive editor and the panel’s moderator, acknowledged that government action tends to trail the pace of technology developments in the private sector. “On the other hand,” he said, government “plays an important role sometimes in driving this, whether or not industry likes it.”
Lashinsky cited the European Union data privacy law known as GDPR, or the General Data Protection Regulation, which went into effect in May, as an example of regulators exhibiting leadership.
Xie agreed GDPR “is going to help” consumers. He cited other examples of regulations designed to protect consumers and their data, including the Health Insurance Portability and Accountability Act, or HIPAA, a piece of U.S. regulation designed to strengthen the way businesses handle people’s health care information.
“But on the other side, the standards are really at a minimum,” Xie said, referring to HIPAA and similar laws. “They are way not enough to protect your data.”
Sherry Shannon-Vanstone, founder and president of Profound Impact Corp., an Ontario-based startup, who also spoke on the panel, praised Canada’s approach to data privacy law. She said the country is planning to tweak its own regulations in the wake of GDPR.
“Consumers have the right to know what data is being collected on them and how it’s being stored,” said Shannon-Vanstone, who was formerly the chairman and CEO of Trustpoint Innovation, an IT company acquired last year by a Canadian subsidiary of ETAS, a German automotive software-maker.
David Kenny, who heads IBM’s artificial intelligence unit, said IBM supported the passage of GDPR. He further urged industry and government to cooperate on a federal, if not global, level, saying that “the more consistent things run, the easier it is to solve them.”
Most regulators “describe what needs to happen. They’re not so good on the how,” Kenny said. “The software guys need to come together to solve the how.”
