Among the very visible consequences of a global pandemic is that businesses — like communities and institutions worldwide — are being forced into new ways of doing things.
Not out of expedience or convenience; these changes are basic to survival.
The sheer human tragedy of the pandemic outweighs other considerations, of course, but enterprises must soldier on for the sake of employees, stakeholders, and the customers they serve. They must confront business risks in new ways, and throw aside outmoded practices.
One of the most significant challenges with which they are confronted is how to maintain governance rigor in a work-from-home world. Approaches, methodologies and processes that have been part of business-as-usual for decades are suddenly not fit for purpose and cannot be adapted without a new mindset.
How to manage "smart data" — the data that is only absolutely necessary for business purposes, and which have been thoroughly vetted to ensure compliance with regulation — in this remapped environment will be even more of a challenge than it was pre-pandemic.
Under scrutiny are all of the processes for collecting, collating, storing, and otherwise managing only data that is most relevant and, in the eyes of regulators, permissible for the organization.
Keeping compliant becomes more complex when one considers some of the operational changes wrought by the outbreak on most enterprises.
To maintain compliance continuity in the months and years ahead, change is absolutely necessary.
Three Key Impacts
Even before COVID-19, there were compelling reasons to find better means of managing smart data.
The risk this data can pose to the organization when it is unnecessary, irrelevant, or simply incorrect is obvious. Then there’s the matter of ensuring a data subject is aware of the purpose for which their data is being used, and of respecting their other rights and protections.
Finally and, again fairly obviously, by removing extraneous data, managing what’s left becomes intrinsically more efficient.
To manage smart data in a post-coronavirus environment, an enterprise must acknowledge and address three impacts the pandemic has had on the business landscape.
Each of these impacts was inevitable; the pandemic has merely hastened us toward change.
Paper is Finally Dead
Surely, nobody still uses paper as a mission-critical workflow platform any more!
Sorry, having been in the electronic document and content management industry for almost 30 years, I couldn’t resist.
I do now, though, truly believe this is the final nail in the coffin for paper in any serious business of scale. Paper, and paper-reliant processes, are now defunct.
If an organization continues to rely on them to manage data and stay compliant, it, too, will soon be defunct.
In the context of work-from-home, any process where data is committed to paper becomes a risk. This is fundamental: Personally Identifiable Information (PII) or other mission-critical information doesn’t belong on paper. It’s nearly impossible to track, prone to getting lost or misfiled, is very difficult to secure and, as most painfully seen in recent weeks, cannot be in more than one place at the same time.
Beyond that, the inherent slowness, inefficiency and opaqueness of paper-based processes is now an albatross for business when remote collaboration is in order.
At the urging of both risk and compliance officers and operations leaders, companies are already increasingly turning to automated solutions for workplace processes, especially since the new “workplace” is now a distributed network of work-from-home nodes.
Through strict adherence to automation, the access to and movement of information can be controlled, tracked and audited with dashboard-based operational oversight eliminating the paper-oriented risk.
Automating Policy and Procedures Management
When the lockdowns began, there was an immediate need for quick policy and procedures changes at most companies.
Many of these are related to the handling of data.
Developing, implementing and communicating these revisions, and capturing attestation to them from employees or others affected, is a nightmarishly difficult scenario in a work-from-home environment.
Multiply that by the fact that the situation has become uncommonly fluid, as new pandemic-driven circumstances arise continually, and policy management using traditional means becomes very nearly impossible...and impossibly costly.
Here, too, is where automated systems can step in by dramatically streamlining the management of data handling policies and procedures. Using an automated tool, both administrators and employees have an easier go of it; policies can be expeditiously revamped, reviewed, approved and communicated to impacted employees, who are immediately aware of what rules they should follow.
Policies that are specific to certain employees can be delivered only to those parties, and attestation for anyone becomes as simple as making a few clicks, as does tracking, auditing, and reporting.
An HR, compliance or operational manager can gain real-time visibility into the policy compliance status of the entire workforce, regardless of their locations.
With automated reminders removing the need for that manager to personally follow up with laggards and test or knowledge assessments ensuring the required level of understanding, swift and comprehensive updates of policy changes can be ensured in real time no matter how frequently they are needed.
Adherence to Regulatory Compliance
The third area where we’ll see significant change for companies reliant on smart data?
It’s quite obviously in regulatory compliance.
The advent of COVID-19 has not caused regulators to suddenly throw up their hands and shout “moratorium!” Nobody in the California Attorney General’s office has, for instance, elected to delay CCPA implementation; that’s been made clear.
The same is true for GDPR compliance and countess other data privacy or governance regulations around the world.
While regulators may have been somewhat forgiving in the past as these obligations were being introduced, and provided “grace periods” for companies to find their footing under data privacy and information security guidelines, now, even in this extraordinary operational climate, they are continuing to maintain — or even stiffen — enforcement.
In a remote work situation, where customer or employee data must often be accessed by scattered personnel, the increased risk is apparent. Emails with sensitive attachments are flying about and workers are downloading files and documents to at-home or personal devices not to be, in any way, malicious, but simply to get their jobs done.
In a situation like this, an enforced information governance framework is absolutely essential to meeting data privacy and general confidentiality requirements.
Two fundamental building blocks of data governance are required. The first is a centralized digital repository, created to house and control/audit access to PII or other mission critical or sensitive information.
The second is a comprehensive inventory of all data assets that sit, for a range of operational reasons, outside that central repository.
The most significant of these are the plethora of End User Computing (EUC) spreadsheets and other data assets which are pervasive throughout an organization, but that lie outside of IT’s direct control.
Ensuring the completeness of this inventory can be largely automated through electronic discovery of those assets, far outstripping the capabilities of manual management.
These two components provide an organization and its employees with a single source of truth for all run-the-business information while also enforcing the visibility and control needed to meet various regulatory requirements for collection, storage, and expiry of that data.
Compliance Continuity Demands New Technologies
For better or worse, there’s no way back to “the way it was before” for both business operations or culture in the aftermath of COVID-19.
Companies simply cannot afford to not implement digital, automated solutions to the challenges they’ve been presented with, especially if they wish to continue to leverage smart data; the pandemic has merely accelerated the need to deal with those risks.