Why emerging data sources need to be governance, risk and compliance priorities
Enterprises today are managing an average of 400 data sources and more than 20 per cent are juggling data from 1,000 or more sources, according to a recent survey from Matillion and IDG Research. Worldwide, the corporate data footprint is expanding exponentially in size, the variety of sources and complexity.
Much of the ‘emerging’ technology has been around for more than a decade, but now, following the past year’s rapid shift in workplace practices and technology infrastructure, IT, legal, compliance and security teams are grappling more than ever before with responding to a vast landscape of related risks and vulnerabilities. Specifically, the prevalence and growth of emerging data sources are creating challenges across IT infrastructure, storage, compliance, records management, data protection and document discovery for legal and regulatory matters. As organisations look to strengthen their position for the future of work, they must understand and address the impact of emerging data sources across several areas.
E-discovery for legal, regulatory and investigatory matters
The massive proliferation of apps, collaboration tools and cloud services within corporate environments has become a more prominent piece in scope in electronic discovery matters for litigation and investigations. Legal, compliance and IT teams are realising that not only are these emerging data sources now considered as discoverable evidence, but they are inherently complicated to access, collect and format for legal review.
Rendering messages and files into a format compatible with e-discovery that can be analysed and reviewed outside of its source application is tricky. For example, examining the content of a single chat message in isolation doesn’t offer context or relevance to a broader matter. At the same time, individually reviewing tens of thousands of messages in a collaboration channel is a disproportionate use of time, budget and resources. Similarly, gathering evidence from video and audio recordings or transcripts or applying analytics to non-textual communications (e.g., emojis and GIFs) involves complex and nuanced processes. When these and other emerging data sources are in scope for a legal matter, organisations will need to work with experts who understand how to build processes and workarounds to establish what’s relevant from an evidentiary standpoint, maintain efficiency and ensure an accurate and reliable review.
Permissions, linked content and version control
Cloud-based productivity suites and collaboration tools have turned a vast population of business records and documents into infinite spiderwebs of versions, dynamic access controls and interconnected linked content. These records, which may one day be needed for legal, regulatory or other business purposes, have become so varied and fluid that it’s become very difficult to quickly identify which iteration is the relevant one or who had access to it along the way.
They may also be shared as links rather than attachments, which begins to further muddy both version control and insight into who interacted with the document at various stages. Organisations need to be aware of the challenges involved with determining version and access history but can also find ways to tap into version, link and access history to extract insights from a user’s or document’s journey.
Data privacy and compliance
Companies have never faced greater risk concerning their data, and inadequate governance can extend to significant legal, regulatory, security and financial exposure. Across the globe, stringent data protection laws have emerged in the wake of GDPR, and numerous US states have enacted or are in the process of implementing legislation that regulates how governments and businesses are permitted to handle personal data.
With information flowing freely between hundreds of data sources and disparate employees, it’s increasingly difficult to ensure data privacy, governance and compliance policies are consistently followed. Policy refreshes to account for emerging data sources, consistent data privacy impact assessments on new tools implemented and robust data mapping will help align the growing footprint of emerging data sources with regulatory requirements.
Protecting critical information
Just as emerging data sources can impact the protection of sensitive personal information, they can also expose IP and trade secrets if the proper controls are not put in place. Organisations should carefully consider preventative and monitoring actions to ensure they maintain control and visibility of critical IP that may be created, stored or shared within emerging data sources. It’s important to remember that not all data is equal, and different kinds of data and different data sources will require right-sized protections to adequately address the varying levels of risk.
While this shifting data landscape comes with a new set of challenges, it also brings opportunity. When handled with good governance, emerging data sources can enrich an organisation’s understanding of its information universe and unlock transparency, efficiency, risk mitigation and greater overall insights.
For more information about how FTI Technology helps organisations with their emerging data sources, visit ftitechnology.com
by Tim Anderson, Managing Director, FTI Technology