By: Linda Coniglio
What keeps your CEO up at night? According to the 2020 Gartner survey, risk management is high on that list. With a 39% increase in breach activity, risk management now appears on the top 10 list of CEO strategic business priorities.
High-profile data breaches and consumer privacy concerns fuel this increase. As our lives become more digital, personal information is becoming a commodity. Ever-increasing regulations require companies to rethink everything data related. This rethinking includes:
- How is data collected?
- How is data stored?
- What’s needed for litigation, audits, or investigations?
- What can be damaging to reputation if taken out of context?
- How long should it be retained?
- How is it accessed?
- Who is accessing it?
- How is it disposed?
- Is data provided to third-party vendors?
With so many questions to consider, it’s no wonder data risk keeps CEOs up at night. It really was so much easier when we could keep everything indefinitely, but now there’s so much risk.
Now risky data and non-compliance may keep you up at night. What to do?
Turning to your organization’s information governance (IG) and privacy programs is the place to start. These two programs are typically developed side-by-side as they have many similarities. Through policies, these programs provide answers to the above list of questions. Both programs promote fairness and transparency around what data is being collected, why it is being collected, how it is processed and how long it is retained. IG and privacy programs conduct audits to report on risk reduction successes and where additional mitigation is needed.
WOW, you say! That’s a lot. Perhaps your organization hasn’t put an IG or privacy program in place yet, or it is new.
Information governance experts believe the strongest approach starts with data clean-up to rid your organization of redundant, outdated, and trivial (ROT) content. Using the right technology is paramount to a quick and effective data clean-up project and assures that valuable data is properly maintained and protected. Effective communication and change management is also key.
Beginning your IG and privacy programs is also an ideal time to create a data map. As you begin to manage and secure content, a data map solidifies your findings. This piece is crucial to exposing corporate risk because it provides the following insights:
- Identify, track, and analyze the flow of data across an organization
- Understand the “what” and “why” of data processing within the company
- How you can report on processing activities
- Privacy management of Data Subject Access Requests (DSAR) and Data Protection Impact Assessments (DPIA)
- Third party risk management
- Data retention requirements
- eDiscovery preservation
- Security gap analysis
The right data mapping tool makes operationalizing regulations such as the GDPR and CCPA efficient. You won’t be able to meet requirements if you don’t know where your data is and who has access to it.
Risk management starts with taming the wild-wild west of data management and privacy regulations! When your Information Governance and Privacy houses are in order, everyone sleeps better.