For the past several years, one of the biggest challenges many organizations have faced is transitioning to a digital workplace. It’s daunting to switch from paper-based processes to cloud- and software-based processes with critical information stored on laptops and mobile devices. For most organizations, this transition continues today. Add in direct interactions and/or transactions with customers online, and the amount of information that must be accounted for is staggering.
Information technology departments have done yeoman’s work getting digital workplaces to run smoothly, but they remain busy performing upgrades and maintenance. IT professionals need assistance with the verification and compliance aspects of data protection. This is why information governance (IG) as a holistic concept is so important.
Collaboration Is Key
Legislation like GDPR and constant news of data breeches have kept people’s focus on data security. Organizations must respond with strict compliance processes. This is where IG can support and work with IT to ensure compliance with data protection requirements. IG is a collaborative program that combines expertise from all departments within the organization to address data security and compliance with measurable policies and procedures.
IT contributes technological solutions for data protection, from firewalls to virus protection, while IG professionals contribute their knowledge of the stored data and its location — which is vital for compliance with these new privacy laws.
This collaboration should, for instance, address encryption and storage duration. I am one of those people who believe everyone will be hacked at some point. And most hackers will bypass an encrypted data store to seek the lower-hanging fruit of unencrypted data elsewhere. Encrypting data throughout the transmission process and at rest is a smart data protection strategy.
The storage duration issue is trickier. One of the standard privacy legislation rules is to dispose of transactional data when it is no longer needed. Many organizations struggle to understand exactly which data needs to be maintained and which should be disposed of. Too many organizations keep everything by default, which can cause them legal trouble. As part of an IG program, it is crucial to remove the personally identifiable information (PII) from this transactional data once transactions are complete.
These are just two examples of what IG must handle on a daily basis. As you can see, these are multifaceted issues that no single department can effectively address on its own, nor should it be expected to. Organizations need IG programs to avoid the new legal penalties that may be imposed for compliance failures. Organizations should combine talent from different departments to create an effective IG program that will help them succeed in the digital workplace.