08:55, December 05 275 0

2017-12-05 08:55:08
The 60 second interview: Compliance should watch uncontrolled data growth

FTI Consulting’s European Information Governance leader Sonia Cheng talks to The Lawyer about using Information Governance as a proactive tool as well as the main challenges companies face when implementing their governance framework, ahead of her session at Managing Risk and Litigation today.

Many corporations, particularly those in regulated industries, often struggle to comply with increasing regulation coupled with uncontrolled data growth.

This is exacerbated by the prevalence of dark or unknown data, often stored in less controlled areas, like file shares. In some cases, businesses are not even able to estimate their potential risk exposure.

This is often because companies don’t have a handle on their data, particularly those who have acquired or merged with other firms. With the GDPR on the horizon, a forgotten back up tape or file share which has personal data on it may result in the firm being subject to the 4 per cent of annual turnover penalty.

Research carried out by NCC Group suggest that the fines from the Information Commissioner’s Office (ICO) against British companies for data breaches in 2016 could have been £69m rather than £880,500 if maximum fines under the pending GDPR had been applied.

Organisations need to implement defensible disposal and information governance (IG) programmes in order to stem or control the information growth curve and proactively mitigate risk.

   1. Funding: Companies often struggle to make an effective business case. In the current economic climate, executives are forced to do more with less. To undertake proactive efforts,  companies must get creative about how they budget and plan programmes.

For instance, there may be high profile matters they may be able to leverage to help to start data mapping efforts or implementing technologies that can assist with compliance in other areas.   2. Scope: Rather than trying to solve 50 problems, stay focused or two or three top problems, start small, show wins, and use it to help secure funding for subsequent phases of remediation. Don’t let perfection be the enemy of good.

3. Change management is probably one of the hardest things for organisations and individuals to deal with. Knowing how to roll out new processes requires a deep understanding of a company’s culture on a global and local level and often requires a combination of top-down and bottom up change.

At some firms, IG compliance is aligned with performance objectives (e.g. performance ratings, bonus) to ensure appropriate prioritisation and focus.