What if there is more than one needle and one haystack in your information landscape?

Having the ability to understand where data is being created, by who and for what purpose is a critical first step in being able to address privacy requirements.

Virginia has now become the second US state to enact data privacy legislation like the General Data Protection Requirement within the European Union and the California Consumer Privacy Act. As is the case with GDPR, the Virginia Consumer Data Protection Act (CDPA) requires organizations to keep data “only for purposes reasonably necessary or compatible with the purposes disclosed in the business’s privacy policy.”  

Consumers in Virginia will soon (in 2023) have the right to know whether a business is processing their personal information as well as the right to access their personal information, obtain a copy of it in a readily usable format or the exact nature of how and why the organization is using their information. Going further, they will be able to request that inaccuracies in their personal information be corrected.  

Well, that doesn’t sound too difficult to manage, does it?  

If you agree with this sentiment, you are in for a very rude awakening!  

To be compliant in Virginia or anywhere else where stringent new privacy laws are enacted, the real challenge is the requirement to be able to find and analyze consumer information from all over the enterprise. With data volumes exploding in repositories that are distributed and disconnected, this requirement is, in many ways, the compliance and IT challenge of a lifetime. Making the Virginia CDPA and GDPR even more daunting is the requirement to formally determine why they have the data they do. Virginia CDPA also requires organizations to know when they received data and to make decisions about how long they can legally store it.  

And what about data stored in third party locations?

Think about how much personal information is stored in file shares, Teams, and content repositories strewn across the enterprise. Think again where this data may have come from – via acquisition, reports from structured systems, financial systems. This is the ultimate find the needle in the haystack challenge. Very few organizations who do business in Virginia, California, Canada, the UK or EU are natively equipped with the capability to discover, analyze and manage data throughout its lifecycle let alone in accordance with these privacy laws.

The good news is that there is emerging technology that can automate the discovery, analysis, and management of data completely through its lifecycle. Having the ability to understand where data is being created, by who and for what purpose is a critical first step in being able to address privacy requirements. At EncompaaS, we leverage people, process, and technology to solve the information management challenges organizations are facing today, without the legacy thinking. We offer a highly efficient AND cost-effective platform for discovering, classifying, managing and protecting corporate information while allowing employees to work the way they want to work. EncompaaS leverages policy, machine learning and AI to discover and connect the dots between the information work that is done through multiple applications, including Teams, to other applications and repositories, providing holistic and consistent governance while enhancing productivity at the same time. 

One additional thought about privacy laws. Yes, the Virginia Consumer Data Protection Act, the CCPA and GDPR all weigh in enforcement with a heavy fine schedule. However, is compliance with these laws about fine avoidance or is it something much larger, more important to the organizational mission? My argument is that while fine avoidance is a noble tactic, the real reason for taking action is brand reputation. The impact of poor information management and governance poses a very real threat to the most sacred of business relationships between an organization and its customers. If you can’t assure customers that your organization has the right tools and process methodologies in place to protect information and use it appropriately, the custodial responsibility you have for data protection is clearly at risk. It is not a risk worth taking. Paying fines pale in comparison to the loss of customers because you cannot respond to their requests in a timely manner, or they do not trust you with their information.  We can all agree that every organization in the world at the board and C-Level have brand reputation at the top of their list to protect and nurture. The challenge for compliance, information governance and legal managers is to adopt new solutions to solve these very real issues of risk while not interfering or constricting employees from doing their work.

I encourage you to find out how EncompaaS can help your organization move compliance and data value programs forward in lockstep with the productivity solutions that are changing the way we work, collaborate, and communicate 24 hours a day, seven days a week.