Peter Baumann is Tom Fox’s guest on this week’s episode of the Innovation in Compliance Podcast. He is the founder of ActiveNav, a company that helps its customers reduce data risk, make better management decisions and comply with privacy regulations. He has been in the information governance field for 30 years both as a publisher and as a content creator. Peter joins Tom to talk about how the disciplines of information governance, and the data industry, relate to a variety of compliance issues.
How Information Governance Has Changed
The most significant change in information governance, Peter tells Tom, has been its explosion of growth. Companies used to only operate from a singular network, and via a single machine. There was well-managed control, and no one else was able to have access to the information filtered through those single networks and machines. That is no longer the case. With the rise of the internet and connecting corporate networks with each other, the control has collapsed and sensitive data has become more accessible.
Being Compliant Through Data Retention Policies
Peter iterates that companies need to have a map of their data and what’s actually in it. “Until you get there, you’re always gonna fall short of meeting any of these privacy regulations because you can’t actually say what you’ve got, where it is, and whether you should have it,” he adds. Companies need a top and bottom approach to their data mapping, which lets companies know how to approach these issues strategically. Peter also stresses that senior management needs to treat their data as if it’s the best asset in their organizations. “Only when those things become a kind of de facto position will organizations start to manage and govern their data appropriately,” he tells Tom.
Unstructured Data & Eradicating Dark Data
Peter explains that unstructured data is data that sits outside of a database environment. The very idea of a database is based on the concept of structure, so any data existing outside of it is unstructured. To get rid of dark data, companies need to have an understanding of what data they have, its nature, size, and where it is stored. That is the first step. The second step is minimization, that is, doing a system cleanup of redundant files or records that are beyond their natural retention policies. The final step would then be to find your sensitive data, understand what it is, then either encrypt or delete it, or move it somewhere else. This will get you to your government’s baseline.
The Impact of COVID-19 & Looking To The Future
The pandemic has changed how companies approach data as content has become more fragmented now. “The biggest change I’d say is the shift in both commercial, private, and government towards more collaborative based tools,” Peter remarks. He gives examples of Microsoft Teams and Slack. The downside of these tools, however, is that they don’t have the appropriate mechanisms built into their platforms to ensure that they are complying with governance. With respect to the future, companies should expect to see penalties and fines start to drift down to mid-market and eventually smaller businesses. “Ignorance and the lack of policy systems and preemptive planning won’t be tolerated as an excuse by the courts,” Peter warns. The tools and the experience are out there to ensure that companies are aware of what data they have so they will be expected to comply with regulations and face the consequences if they don’t.