(This blog post was written by Jeff Whited, senior manager of education development at ARMA International.)
By leveraging big data as an asset, organizations are tapping new business efficiencies and revenue streams. Credit card companies, for instance, sell data on customers’ buying habits. Healthcare systems aggregate data on treatment regimens and outcomes in an effort to trim costs. Urban planners and other constituencies use government information to advance their goals.
But organizations that allow their data stores to grow into “big data” — which Gartner Inc. defines as “high-volume, high-velocity and high-variety information assets that demand cost-effective, innovative forms of information processing for enhanced insight and decision making” — must be vigilant in protecting that data against the privacy concerns of customers, patients and the public at large.
Every few months the headlines scream about a massive data breach— the Home Depot, Target, Anthem and Sony incidents come easily to mind. While it’s tough to account for the reputational damage of such breaches, the actual dollar costs are often graspable. According to an October 2014 article by Brian Nichols of The Motley Fool, Target’s stock fell 7.5% in the first year after the breach was made public. In the first six months, Target’s costs related directly to the security breach hit $378 million.
By retaining vast quantities of data– including so-called dark data, which Gartner defines as “information assets that organizations collect, process and store in the course of their regular business activity, but generally fail to use for other purposes”–organizations are increasing the opportunities for personally identifiable information (PII) to be exposed.
So, it becomes a matter of balancing the risk of retaining big data vs. the reward of monetizing it.
According to the Nichols article, Target has spent at least $100 million to protect itself from future attacks by investing in a new technology infrastructure with enhanced security measures.
Such a step is reasonable, of course. But the best tools and technologies are worth little if they’re not part of a carefully planned initiative. The smartest way to address these security issues is to implement an enterprise-wide information governance (IG) program that is aligned with the organization’s mission, goals and culture. Such a strategic initiative brings together senior stakeholders to make sure the organization’s data is governed in a manner that increases business efficiencies and complies with all laws and regulations.
At the heart of good IG is good recordkeeping, and therefore the senior records manager must be a key player in the IG initiative. Also vital to the program are compliance officers to help ensure the recordkeeping practices are satisfying the demands of such laws as Sarbanes-Oxley for the financial industry and the Health Insurance Portability and Accountability Act; IT executives to provide the right tools and to help effect proper protection policies; legal counsel to help assure the defensibility of the program; and senior managers from the business units to provide realistic guidance on how the information is created and used.
Organizations wishing to monetize their big data should work to mitigate the security risks by implementing an IG program that treats records as the strategic assets they really are. Such a program will help identify gaps in the business processes, minimize legal and compliance risk, and potentially save enormous sums of money in discovery and litigation.
Jeff Whited is senior manager of education development at ARMA International, a not-for-profit professional association and authority on governing information as a strategic asset.