Evolving Digital Risks: The Case for Integrated Risk Management

The recent settlement agreement between General Motors (GM) and the Federal Trade Commission (FTC) over privacy concerns related to the now-discontinued Smart Driver program underscores the complex and evolving nature of digital risks. While GM has taken significant steps to address the situation, this incident highlights a broader issue: the rollout of new technologies and services without adequate risk assessment and control mechanisms. As organizations innovate, they must simultaneously mitigate the digital risks inherent in connected products. Integrated Risk Management (IRM) can play a vital role in achieving this balance.

The Risks of Innovation Without Safeguards

The Smart Driver program was designed to promote safer driving behaviors by collecting and analyzing data from connected vehicles. However, GM faced significant backlash due to privacy concerns, leading to the program's termination and regulatory scrutiny. The case reveals a critical challenge for businesses in the digital age: the tension between innovation and customer trust.

Key risks highlighted by this case include:

1. Data Privacy Concerns: Consumers are increasingly wary of how their personal information is collected, stored, and used. Without robust privacy safeguards, companies risk regulatory penalties and reputational damage.

2. Third-Party Vendor Risks: GM's partnerships with telematics providers LexisNexis and Verisk demonstrate how third-party relationships can introduce vulnerabilities. Organizations must vet and manage their vendors carefully.

3. Regulatory Compliance Challenges: As regulations like GDPR, CCPA, and FTC consent orders expand, companies must navigate a growing and complex compliance landscape.

When these risks are not addressed proactively, they can lead to costly settlements, operational disruptions, and erosion of customer trust.

The Role of Integrated Risk Management

Integrated Risk Management (IRM) offers a structured approach to identifying, assessing, and mitigating risks across an organization’s ecosystem. Unlike traditional siloed approaches, IRM provides a holistic view of risk, enabling organizations to align their risk management strategies with business objectives.

Here’s how IRM can address the challenges illustrated by the GM case:

1. Proactive Risk Assessments: IRM frameworks encourage organizations to evaluate risks during the product development lifecycle. By embedding privacy impact assessments and cybersecurity controls early, companies can identify potential issues before launch.

2. Enhanced Vendor Management: IRM tools can centralize and streamline third-party risk management, ensuring vendors comply with data protection standards and contractual obligations.

3. Regulatory Alignment: IRM solutions provide real-time insights into regulatory changes and compliance requirements, helping organizations adapt quickly and avoid penalties.

4. Transparency and Accountability: By integrating data governance practices, IRM ensures that organizations maintain transparency with customers regarding data collection and usage.

A Roadmap for Managing Technology Risks in 2025

As part of Wheelhouse Advisors’ 2025 Integrated Risk Roadmap, we are placing a significant focus on technology risk management in the first quarter of this year. The GM settlement is a timely reminder of why this emphasis is critical. To thrive in an increasingly digital and interconnected world, organizations must adopt forward-looking risk management strategies.

Companies rolling out connected products and services must prioritize the following:

• Embedding Risk Management in Innovation: Make IRM an integral part of product development to address potential risks proactively.

• Building Consumer Trust: Establish clear and accessible policies around data privacy and actively communicate these to customers.

• Leveraging Technology for Risk Insights: Use IRM solutions to monitor, assess, and mitigate risks in real time.

A Cautionary Tale for Businesses Operating in the Digital Age

The GM Smart Driver case is a cautionary tale for businesses operating in the digital age. It underscores the importance of striking a balance between innovation and risk management. By adopting Integrated Risk Management, organizations can not only mitigate risks but also create a competitive advantage by building trust and resilience. Stay tuned for more insights as we continue to explore the evolving landscape of digital risks and the role of IRM in future-proofing businesses.

This article is part of RiskTech Journal’s quarterly focus on Technology Risk Management under the 2025 Integrated Risk Roadmap. For further insights, visit the RiskTech Journal archives or explore the IRM Navigator™ Report Series for actionable guidance on managing emerging risks in healthcare and beyond.