Discovering how best to use the vast amount of data your organisation creates and collects is one of the key tenets of any organisation’s strategy.
By Iwona Sikora, senior vice-president and GM: records management Europe & South Africa at Iron Mountain
Although the importance of effective use of data is now far better understood than ever before, centric to effectively converting data to actionable insights is an organisation-wide information lifecycle management framework. One that is failproof and comprehensive across how information is collected, used, stored and then safely disposed.
With the volume of worldwide data expected to reach 175 zettabytes by 2025, and substantial penalties for data and information breaches, knowing how to properly manage and protect your records and data is more critical and mandatory than ever before.
Outlined her are the implications of the five biggest trends in information management for 2023.
Hybrid working necessitates the re-invention of information access and management policies and procedures
The hybrid model is here to stay, notwithstanding the fence sitters and the last few corporate holdouts. As digital transformation continues to accelerate at a rapid pace, “mobile” employees working from flexible locations (including offices, hot-desking spaces, homes, local cafes or hotels etc.) create an inherent information leakage and data security risk, in most cases, unintentionally.
Organisations must not merely tighten, but completely redesign their policies and procedures around secure access to information across all access points and devices. Most managed to scamper through the last 2 years of pandemic induced chaos with a patchwork of quick fixes, which will simply not survive the back-to-business volumes in 2023.
The diversity of content formats being managed is also growing exponentially. The boom in collaborative tools, applications and video-conferencing software is adding to the weighty volume of data generated alongside existing physical and digital records.
The number of stakeholders in charge of this field has multiplied (CIO, CDO, CTO, business leaders, records manager, data protection officer, compliance officer, office manager etc) and they must all operate from one information security framework that ensures compliance, protection and interoperability.
They must also seek to better understand how to collaborate within the constantly changing confines of a hybrid working model, whilst taking a risk management first approach to all processes. Awareness of the potential of breakdowns in handling data and information is integral to ensuring zero breaches and failures.
Employees, wherever they are working from, must also be considered an integral part of the organisation’s defences against data breaches. Ensuring that employees are educated and engaged in proper data management processes is more critical than ever.
Focus data remediation initiatives on ESG and privacy regulations
Data protection has been at the core of the regulatory and legislative information management agenda in many countries over the last decade.
As the pace of technology enabled transformation has continued, climate conscious geo-political and corporate mandates are compelling organisations to report their emissions output and track their environmental progress. This will only intensify on the back of more regulatory change expected in 2023.
Data remediation initiatives emphasising ESG and privacy laws will be crucial to respond to new legislation and demonstrate information resiliency. From a compliance perspective, businesses need to be careful about the type of data they collect. Storing data without consent or legitimate business purposes can raise compliance issues.
Here again, data remediation is a necessary step, as it can help businesses improve compliance by getting rid of duplicate, unnecessary or unused data. All of this makes data remediation a critical tool for sanitising data management and ensuring data network security within an organisation.
Knowing how data travels through your organisation will enable you to access it for reporting to regulators. Effective preparation for these new changes will ensure organisational compliance and an ability to focus on business as usual.
Data residency will take centre stage with the continued acceleration of cloud & AI in the hybrid workplace
In response to the demands of the hybrid workplace, cloud-based services are naturally increasing, but in a multi-cloud environment it can be difficult to keep track of the tentacles of the information spread.
Knowledge around data residency, including what information you should hold, where it is stored, which regulatory framework(s) it is governed by and who within your organisation has access to it is critical to data security and privacy. In most parts of the world, businesses operate under local data regulations that dictate how the data of a nation’s citizens or residents must be collected, cleaned, processed and stored within its borders.
The primary reason enterprises choose to store data in different locations is often related to regulations, data policies and taxes. However, companies are allowed to transfer data after complying with local data protection and privacy laws. In this scenario, businesses must notify users and get their consent before obtaining and using their information.
AI can be used to aggregate, analyse, present data clearly and extract the most relevant information, so that businesses can make the right decisions around data sovereignty. Subsequently, AI can also be applied for content search and redaction – whereby personal identifiable information is hidden in documents from unauthorised access – and better integrate systems and overcome silos.
From an information lifecycle viewpoint, AI can be used to identify and delete unnecessary data, as well as to support compliance and governance.
Keep your foot on the pedal – continued focus on data quality and stewardship
Businesses continue to build vast newer streams of data sitting in databases and on applications – with little idea of what to do with it. Fortunately, many organisations are becoming aware of this knowledge gap and increasingly investing in formal governance programmes, with a renewed emphasis on data privacy.
The role of the ‘data steward’ or ‘data broker’ as a prime participant in technology and business initiatives is taking centre stage. This concerted effort to increase the awareness and prioritisation of data handling principles and standards within the organisation is a welcome development following years of data breaches resulting in reputational damage and falling customer trust.
This increased focus on the value and quality of data is leading to increased vigilance in ensuring data sets are accurate, valid, complete and up to date, with AI being used to detect incomplete, inconsistent or out of date data. Data minimisation efforts such as these can lead to cost-savings when obsolete data no longer needs to be stored.
Do not ignore physical information assets in the modern ‘phy-gital’ office space
In the post-pandemic working world, as offices reopened following two years of downsizing of real estate, many businesses realised the space taken up by obsolete IT equipment and discarded digital assets. While information has a lifecycle, so too do physical assets used for information management.
With an increased focus on the circular economy and meeting carbon neutral pledges, choosing an Asset Lifecycle Management (ALM) partner is crucial to ensuring that disposing of old IT assets and phy-gital records is done with data security and compliance in mind. Understanding what records, assets and information your organisation has, what needs to be digitised and what can be automated is now an essential element of the modern office environment.
Ultimately, businesses should look to 2023 with an intention to elevate and prioritise their information and data security, management and destruction practices. Data, records and information management has long been an overlooked and underinvested area, with little certainty about who has ultimate corporate ownership. If organisations do not develop processes, assign dedicated functional ownership and invest in technology, they will struggle to ensure compliance, value recovery and security of their information assets.