With the amount of data exploding by the day, new regulations on the way and breaches growing in frequency, the window of opportunity to get a watertight records data management policy in place is closing fast – and it may well be gone by 2020.
A secondary explosion is inevitable in the next five years – in a future where social media data is regarded as a record and the internet will leave everyone drowning in information.
But are businesses aware? A Crown Records Management survey of IT decision makers has unveiled worrying evidence to the contrary.
More than half (55%) said they do not have a policy in place for email data retention, and 58% didn’t audit their paper-based data regularly or destroy anything that’s no longer required.
Nearly two-thirds (60%) didn’t regularly review what data is stored in the cloud or on-site, 645 didn’t filter what goes in the cloud, and 76% did not have systems that enable them to differentiate between a record (that must be retained) and other data.
These results suggest businesses still aren’t wising up to the importance of basic common-or-garden records management principles, despite the high level of publicity for breaches at the likes of TalkTalk and Carphone Warehouse.
Businesses should know exactly what data they have and where it is. They’ll certainly need a retention policy in place to determine what information to keep or destroy.
In fact, data retention policies are going to be more important than ever because holding on to unnecessary data could end up costing a lot of money in the long-term.
The current generation, Generation Y, is just starting to realise how powerful their digital footprint can be, for good or bad. Already it can follow you for a very long time and have a huge effect on your life.
Inevitably they will become even more aware of this, getting savvy about the power of data, and they will want more control.
EU General Data Regulation will have a huge impact, providing EU citizens with a right to have their personal data altered or deleted as well as bringing in huge fines for data breaches.
Currently, people see the hare running to the left, then to the right, and think ‘I’ll be all right in the middle’. They don’t really understand the danger.
But there’s no doubt someone is going to find themselves with a heavy fine pretty soon after the new regulation comes in.
As data continues to grow, thanks to globalisation, social media feeds, and increased digital processes and interaction with customers, the task of managing data is only going to become more difficult. So act now to wrestle control. Consider appointing a records manager or data protection officer if you don’t already have one.
Don’t be overwhelmed by the problem – not knowing where to start is not an excuse not to start. Instead, approach the task in bite-sized chunks, document type by document type, or department by department.
Managing data effectively begins with knowing what data you have and then establishing a robust, compliant and well-implemented retention schedule. This is a good place to start.
Make the application of your information management schedule part of your employee induction programme and part of your disciplinary process. This will clearly state how important keeping data safe is to the company. Embed records management into your day-to-day business, ensuring there is board-level buy-in.
Conduct regular staff training and updates. A persistent reminder of the importance of data is an effective guard against human error.
Remember, a retention schedule is not a tick box or a static solution – it evolves and should be reviewed periodically to take into account changing legislation and court decisions. All data in whatever format should be subject to retention schedule review – today’s transactional data is tomorrow’s vital record.
With the EU General Data Protection Regulation on the way, pay particular attention to retention schedules for personal data. There will be an increasing need to know where personal data is, how you access it, how you can prove you can correct it or delete it, and have permission to use it for certain purposes.
Future-proof the line-of-business systems you have from an information management perspective. In the future, all data processes and data-related systems will need to have in-built privacy by design.
Consider how easy your data is to access. If you want to improve access to physical data (paper), one way of doing it is by scanning the hard copy and hosting it via an online application whereby users can access the data from any web-enabled device 24-7. This will become increasingly important as public demands to alter data become more prevalent.
Data retention is often viewed as being all about compliance, risk management and avoiding fines. But the real challenge is to look at data management not in terms of business cost or business risk, but as a business opportunity.
In the future, companies with a good record of handling personal data will be more attractive to consumers. It may well become one of the most important ways they compare businesses.
Al the evidence right now indicates there may be only a three-to-five-year window of opportunity remaining for businesses which are not looking after data or keeping too much of it.
At some point, records management, managing data retention and avoiding data breaches is going to get even tougher than it is already.
Businesses need to think now about protecting their brand, how data affects customer experience, and how data needs to be continuously monitored. Realising the value of data management in the modern world is what really matters.
Sourced from Mike Dunleavy, Crown Records Management