An ERP Privacy Cost Analysis: Data Value vs Data Liability

AN ERP privacy cost analysis- data value Vs Data liability.jpg

By Sean Martin

Privacy has taken center stage in the world of cybersecurity, especially with the enforcement of GDPR. According to my guests, studies show that companies spent an average of several millions of dollars and, despite that the first few months have been a bit chaotic with many voluntarily disclosures, this is just the beginning of big changes to come.

With this, three big questions need to be answered:

  1. How have companies been affected by privacy thus far?

  2. How has it impacted the way consumers provide and control their personal information?

  3. What is the cost of addressing the issues related to privacy and keeping personal information; is the cost related to compliance more than the value of the data itself?

In today’s episode, I connect with Larry Harrington, Global Chairman of The IIA and Chief Audit Executive (CAE) for Raytheon Company (retired), and Juan Perez-Etchegoyen (“JP”), CTO of Onapsis.

We met during the recent RSA Conference in San Francisco to talk about these points and more. We also covered a topic that took center stage at the conference as new regulations loom for California, New York and beyond.

In addition to reviewing the ongoing changes in the laws, regulations and related business requirements, we also take a deeper dive into how, and where, data is managed; we find that many organizations often miss the mark when it comes to information collected, stored, and managed in their massive ERP systems.

Bottom line: this is not an IT issue, this is a business issue — an issue where the customers have the upper hand in many cases. Because of this, privacy also extends beyond pure business operations and into the world of ethics and morals … and it’s time to treat this issue in its entirety.

There’s a lot packed into this chat. Listen in and enjoy!

About Larry Harrington


Larry Harrington is global chairman of The IIA, and chief audit executive (CAE) for Raytheon Company (retired), which specializes in defense, civil government, and cybersecurity markets throughout the world. Prior to joining Raytheon in 2004, he led the internal audit function for several Fortune 100 companies, where he also served in other areas, including finance, human resources, and operations. Committed to corporate diversity, Harrington has been a member of Raytheon’s Executive Diversity Leadership Team since 2010, guiding the company’s strategy to advance its culture of diversity and inclusion. Further, he was a key driver in the development of a diversity strategy for The IIA during his service on the North American Board of Directors.

Find Larry on LinkedIn


About Juan Perez-Etchegoyen ("JP")


JP is the CTO of Onapsis, leading the Research & Development teams that keep the company on the cutting-edge of the ERP security industry. Juan is responsible for the design, research, and development of the innovative Onapsis software solutions Onapsis X1 and Onapsis IPS, as well as the company's future products.

Being the founder of the Onapsis Research Labs, JP is actively involved in the coordination and research of critical security vulnerabilities in ERP systems and business-critical applications, such as SAP, Oracle and JD Edwards. He is also credited for being the first to present on advanced threats to Oracle's JD Edwards applications, having discovered numerous critical vulnerabilities in this platform.

As a result of his innovative research work, JP has been invited to lecture trainings and presentations at some of the most renowned security conferences in the world, such as BlackHat, OWASP, and HackInTheBox, as well as to host private trainings for Global Fortune-100 organizations.

Find JP on LinkedIn and Twitter