Image by: Phil Ashley, ©2016 Getty Images
According to Gemalto, a leader in digital security, more than one billion data records were breached in 2014, and 60 Minutes correspondent Bill Whitaker went so far as to deem 2014 “the year of the data breach.” It’s safe to say that over the past decade, information governance (IG) and compliance have taken a front seat as data breaches and threats continue to rise.
A 2015 AIIM report on IG found that it is now a main priority for executives. In fact, it is high on the senior management agenda for 28% of organizations and 53% have new IG initiatives. Similarly, 45% of respondents agree that the lack of IG leaves their organization wide open to litigation and data protection risks. In order to protect an organization from new threats, businesses need to look at the full picture to safeguard their clients and protect their brand integrity.
Every department in every industry holds a considerable amount of personally identifiable information (PII) that is sensitive. Human resources (HR) manages and keeps employee contact information; hospitals and healthcare providers track patient services and insurance information; and financial institutions, like banks, collect and store customer information, including social security numbers, account numbers and transaction history.
With the abundance of PII in an organization, there have been major advancements in compliance regulations around keeping and protecting an organization's documents and records. For example, HIPAA (healthcare), SEC/FINRA and Dodd-Frank (financial services) and 21 CFR Part 11 (pharmaceutical) are regulatory guidelines evolving to protect consumer data that exists in and on a variety of forms, including paper, email and mobile devices.
A one angle approach won’t work
A recent Forbes article by Bernard Marr states that “the data volumes are exploding, more data has been created in the past two years than in the entire previous history of the human race.” Not only is the volume of information exploding, but information and content are coming into and being shared throughout an organization in a variety of mediums. This means that organizations need to look at every angle to make sure they are protected and compliant.
- Paper: Many organizations are still using paper throughout their processes, and customers are still submitting confidential information to organizations via hard copy. Companies must take the necessary protocol to protect that information. A good line of defense is automating processes and digitizing documents. AIIM’s IG report found 60% of respondents agree that automation is the only way to keep up with the increasing volumes of content.
- Email: Since most communication in an organization happens via email, managing emails as records has become more necessary. However, there is still a big gap between theory and practice in the governance and management of email documents. In that same report, AIIM also found that 47% of respondents feel their email governance wouldn’t stand up to any kind of scrutiny or inquiry. Ensuring your business implements email archiving and deletion policies is critical.
- Mobile: Business-critical content and information is increasingly sent and accessed via mobile devices. This is growing the demand for improved mobile security and protection, and guaranteeing employees have a secure way to access and send information is the first step in safeguarding mobile content.
AIIM’s IG report found 34% of respondents feel automation is more consistent than manual work by humans; therefore, investing in technology can be essential to meeting today’s ever-changing compliance guidelines.
Enterprise content management (ECM) technology can help employees manage content chaos, automate and digitize data and processes and improve security. Key features of ECM tools that enhance business operations and help an organization meet compliance protocols include:
- Automation
- Auto tagging and indexing
- Secure capture
- Life cycle management
- Audit preparation
Organizations and management may already understand how tools can help them meet compliance requirements; however, finding and deploying them is another challenge. One person cannot properly handle and manage this task—it takes a team. As a first step, it’s important for a company to develop a committee representing multiple business units and including everyone from compliance officers, data security, managers, information technology (IT) and records management.
Since every department has different compliance regulations and processes, this diversity is important. It’s also essential that the committee is brought into every part of the process—from research and testing to implementation and maintenance—that way they are invested in the tool and its success. After implementation, this committee should continue to operate and hone the solution to meet employee needs. That means regularly checking in with employees to ensure it is being used correctly and improving and simplifying everyday processes.
Day-to-day steps by employees are the key to adhering to an IG policy. After developing a team to lead the charge, providing employees with the comprehensive training should be the next priority. Proper training allows the staff to completely understand the features of the solution and how they fit into the company’s processes. Continually auditing employee workflows to ensure they are complying with procedures is the best line of defense for companies.
While compliance policies and regulations may be daunting, they don’t have to be. Ensuring there is a foolproof plan in place and that everyone at the organization is meeting regulations is critical to business success. By auditing and tracking how information is coming in and investing in tools to help automate and manage business-critical data, compliance practices in an organization can be a lot easier.
Andy Jones is vice president of workflow automation of large enterprise operations (LEO) at Xerox. He is a part of the LEO global senior leadership team, which is responsible for Xerox’s Worldwide Document Outsourcing business. Contact him at Andy.Jones@Xerox.com or follow him on Twitter @AndyJonesXerox.