The challenges of the coronavirus emergency and economic crunch caused many organizations to go into survival mode. They created satellite offices, used shadow IT and unwittingly put information governance at risk.
Despite established restrictions on operations and some limits on how organizations interface with customers, basic information models changed. Many of these system adjustments came about because of social distancing rules and the use of a remote workforce. Now as processes reopen and return, organizations believe everything is returning to business as usual, but at what cost and which normal?
All organizations have to step back and reexamine what security and privacy vulnerabilities they created in terms of information governance (IG). The industries potentially most affected by information overexposure are in financial services, retail and e-commerce, defense contracting, utilities, and credit card issuing, which all have access to sensitive information. The list also includes any organization storing personally identifiable information (PII) such as Social Security numbers; which involves most organizations.
To guarantee the protection of information, companies must work closely with IT and security specialists to resolve data governance issues that emerged during the COVID-19 crisis.
Following Information Governance Rules
Information governance, which manages and covers the prevailing technical, tactical, and routine processes, is an emerging “super discipline” applied to electronic document and records management, email, social media, cloud and mobile computing, and the management of information organization-wide.
Rapidly evolving regulations create business challenges but privacy regulations are critical to data management today. Though no specific national privacy regulation currently exists, any nationwide or statewide rules would likely follow the European Union’s (EU) General Data Protection Regulation (GDPR) that took effect in 2018 and the California Consumer Privacy Act (CCPA), which took effect Jan. 1, 2020.
Many U.S. firms that do business within the EU now need to deal with the GDPR, which rules over data protection and privacy for all individuals. It addresses the export of personal data and ensures there is a single set of criteria to protect individuals and help companies understand compliance issues when it comes to PII.
The CCPA, the first comprehensive privacy law in the U.S. provides California consumers with a variety of rights, begins enforcement July 1, 2020. Companies that do not comply with the CCPA act will suffer a maximum penalty of $7,500 and a minimum of $2,500 for each event. Consumers also receive between $100 and $750 per person per event, and the financial effect increases exponentially.
Understanding data access controls requires providing the right levels of transparency and traceability for personal information. If a company collects consumer data, it is inevitable personal data will move across the organization. Tracking this personally identifiable information requires deep visibility, and to solve privacy challenges organizations must be able to track PII movement across all internal — and external — systems.
Shadow IT Casts Governance Doubt
Another data situation that creates chaos is the existence of shadow IT — also known as embedded IT, stealth IT, feral IT, or client IT — which uses hardware, software or cloud services by a department or individual outside the knowledge or security umbrella provided by an organization’s central IT group.
While shadow IT systems can help with innovation, the pervasiveness of shadow systems often results in a disjointed and application environment that forfeits reliability, security and governability to attain the required stage of business dexterity.
Research conducted by California-based Dimensional Research, which surveyed more than 1,000 business and IT stakeholders in the United States and Europe, spotlighted the rise of shadow IT to deal with the persistent shortage of software developers and inadequate budgeting.
91% considered it dangerous
The survey recognized a shared belief that a huge pipeline exists of unmet requests for IT solutions. Almost 80% agreed business efforts to go it alone or undertake shadow IT projects have greatly increased over the last five years but IT is strongly united in its fear that business professionals tackling application development on their own will create new support issues. To underscore their concerns, 91% considered it dangerous to build applications without understanding governance, data security, and infrastructure compatibility guardrails.
Bringing Information Governance to Your Data Table
Addressing the many regulations within many industries can intimidate many organizations. In the U.S., authorities include the Securities and Exchange Commission (SEC), the Federal Communications Commission (FCC), the Federal Trade Commission (FTC) and the Federal Financial Institutions Examination Council (FFIEC), a formal U.S. government interagency body composed of five banking regulators.
Information governance ensures capable and effectual usage of technology enabling an organization to achieve its goals.
Providing information governance tools, guidelines, and actions helps shape compliance into a methodical, practical, and tactical framework offering the resources to demonstrate an organization’s lawful and principled security and data protection.
Let’s get your organization organized with Information Governance now.
Alt + F0 provides the tools to help transform an information management model to a compliant information scheme. We can help build your information governance program with the right tools: framework, data analysis, compliance assessments and a change management plan. We can also identify your data environments and develop a data-centric economy by implementing data governance. Virtual data governance also applies the monitoring, the oversight based on any personal information data within, not just internally but also with external parties.
Alt + F0’s LOCK, helps organizations close information governance gaps and measures program maturity for audit readiness and compliance.
Disclaimer: The purpose of this article is to provide education on Information Governance topics. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.