Digitization is both a blessing and a curse for company's regulatory compliance processes: Big data management tools such as automation help conserve valuable GRC resources, but storing vast amounts of unstructured data make it difficult to pinpoint information required for legal purposes.
Modern data management policies are complicated by the fact that just because the vast majority of relevant legal and regulatory compliance information is now generated digitally doesn't mean that paper records have gone completely by the wayside. This matters little when it comes to compliance management, however. Regulators only care whether compliance information is accurate, regardless of the format that the information was generated or ultimately stored, said Steve Weissman, founder of Holly Group.
"A litigator, a federal regulator or oversight board doesn't care whether it is a pdf, a piece of paper, a microfiche, or what have you," Weissman said in a recent SearchCompliance webcast titled Governance Strategies for Digitized Legal and Regulatory Compliance. "They want to know you are caring for that piece of information the way that it needs to be so the people that need it, have it, and have confidence in it."
These governance-centered legal and regulatory compliance challenges have become a universal issue influencing numerous industries, he added. With data generated and stored in numerous different formats, many companies don't even know what compliance information is available, never mind how to access it.
This questionable confidence in data quality exposes companies to potential lawsuits over data security, privacy and theft, Weissman said, adding that the problems go beyond compliance. Companies with an unfocused data governance approach often have accountability issues due to a lack of reliable records of who accessed or amended business information, for example. Data is often duplicated and isolated in these types of environments as well, making it difficult for employees to share information and collaborate, Weissman added.
"You've got to be able to know what you have, and be able to get to it, if there is going to be any value to [the information]," Weissman said. "If there is no value to it, it makes you wonder why did we capture this in the first place?"
To effectively govern data in the digital age, Weissman said companies must change how they think about the management of information as an asset. The goal should be what he calls the "big box" theory of data governance, where enterprise data is stored in one big box that is accessible to anyone with appropriate permissions.
"In truth, we are actually a long way from actually having a 'big box,' but the goal is to get it to behave that way," Weissman said.
In this webcast, Weissman provides data governance strategies to maintain regulatory and legal compliance in the digital age. He provides a five step action plan to help modernize information governance strategy, which he says requires commitment from the entire organization to develop new data management policies, assess risk and develop metrics to make sure the new processes are working properly.
"It all starts with commitment, from the boardroom to the mailroom," Weissman said. "That commitment has to be there, and it has to be understood that this is what we need to do to move on successfully into the future."