The advent of cloud technologies has made it possible for companies across industries to find a good balance when reducing the costs of keeping data, while at the same time ensuring top security of their sensitive information.
However, the development of cutting-edge technologies has also resulted in an increasingly stringent regulatory landscape. Especially in highly regulated industries, such as healthcare, education, finance, or the public sector, companies need to comply with numerous regulations when it comes to preserving business data.
From invoices and communication with suppliers to customer data and user analytics to corporate social media presence, it’s been challenging to keep up with the revamped nature of compliance: today, it’s a team effort, that should under no circumstances be left solely to compliance officers and legal teams.
Instead, it requires everyone on the team to have foresight about how data is handled at every single point of interaction within the company and outside its boundaries. Here’s a look at the most common pitfalls that companies face en route to data compliance.
Lack of Data Strategy
The absence of a company-wide data strategy could by far be the most common mistake when it comes to data non-compliance. Regardless of the size of the company, its industry, the global market that’s fiercely competitive requires companies to stay prepared and requires them to reinvent themselves quarter after quarter.
To be able to move fast in such an environment, companies often need to act first, think second. And this is where most of them take the wrong step. In a world where every corporate move is under fierce scrutiny, companies can’t afford to make blunders: and this is where a data strategy comes in.
So what does a data strategy bring? While its scope and level of details may vary, it should document the following information:
- Which data company collects and preserves and how (through which tools)
- In which format is the data collected
- Who has access to data and on which account
- Which communication channels and tools the company uses to talk business
- How long this data should be kept
- How is this data disclosed in case of legal proceedings
This is just the minimum information. Of course, in more complex systems that store terabytes of data, data strategy will be an ever-changing document that needs to be vetted by the top management and compliance teams, and be widely used by everyone who handles data, ie pretty much everyone within the company.
Unmonitored Communication Channels
One particularly important point that stems from data strategies is the selection and use of tools for corporate communication.
Under regulations, including FERPA, HIPAA, FOIA, or FINRA rules, companies need to preserve the entirety of business records. And this means any communication (from Facebook posts, internal chats, GIFs, images, videos, voice calls, or instant messaging content) that is in one way or the other related to business.
If two colleagues talk about a client or some aspect of business operations, even through private channels, that communication is considered as business records, and could prove useful in a potential dispute or ediscovery case.
However, a lot of companies don’t pay close attention to these channels. Some for fear of appearing as intrusive and prying on personal employee communication, others for the lack of awareness of the requirements dictated by record retention laws.
To preempt non-compliance, companies could first clearly identify the appropriate communication channels where business information should be communicated and should work to encourage only the use of those channels.
As a rule of thumb, highly regulated industries already use tools to retain and preserve all business communication and keep it in line with prescribed retention periods. But on the other hand, this sort of attention could benefit even the less regulated industries. In a market where data is essential, keeping an archive of corporate records can prove a deal saver in legal disputes.
Unstructured Data Is (No) Good?
Unstructured data occupies a big portion of today’s business communication and is a real treasure trove of consumer insights. But coupled with the rate at which this data is generated, an average company might have a lot of trouble dissecting unstructured information into formats ready for later use or disclosure.
Capturing and preserving unstructured data should go hand in hand with indexing, and trying to map out the information can make all the difference in responding to data retrieval requests.
Typically, companies are required to disclose only the information relating to a particular ediscovery case, but that sometimes means redacting a good chunk of information to ensure intact privacy of all the parties not concerned by a particular request. This can only be done with adequate practices and tools in place, which relates to the sound data management strategy.