A survey from Gartner published in August 2021 revealed that since 2019, there has been a 44% rise in the use of collaboration tools in the workforce. Remarkable as this recent leap forward in digital transformation has undeniably been, from an eDiscovery perspective, it has given rise to a whole new set of issues.
Since undergoing a rapid process of digital transformation in 2020, countless organisations are still struggling to get a handle on their endlessly expanding data, which continues to spread across an increasingly complex mix of different channels, devices and formats.
If hybrid working is to prove itself as a feasible long-term solution, decision-makers must find a way to plug the gaps in their data management practices and ensure their information stays secure and under control, no matter how people choose to work.
For teams that use collaboration tools, and wish to get their remote operations and data under control, here are 3 key processes to help deal with data proliferation.
Unfortunately, there is no special technology or software solution out there that can fix your data management problems. More than anything, it’s a case of committing to effective policymaking within your organisation. Then, once you have the right policies, it’s about working to ensure that those policies are firmly embedded into the fabric of your organisational culture.
1) Governance guidelines
The first way to do this is to establish a simple set of governance guidelines for employees to abide by.
The word to focus on here is simple. You have to remember that the more detailed and specific your guidelines, the harder they will be to follow. This goes for communicating any rule or message. The wider you spread it, and the more you want it to be heard, the simpler it needs to be. Ironically though, keeping it simple is the difficult part. Essentially, you need to strike the balance of establishing guidelines that cover all the necessary bases, while keeping them simple enough for your staff to understand, remember, and stick to.
So what should your governance guidelines consist of?
Firstly, you need to clarify what key terms mean, for example, "Cloud Collaboration" is a phrase that can often mean different things to people. You need to ensure that there’s no room for misinterpretation. Whether it’s a Zoom meeting, a thumbs up emoji in Slack or a quick follow-up message in a WhatsApp group. It all counts, and your staff need to know that with 100% certainty.
Then, outline which platforms employees should use, and for what purpose. This becomes much more important for larger organisations, where Marketing will have a different set of tools, needs and objectives compared to Finance etc.
2) Approval processes for new tools
One of the biggest tradeoffs of the rise of remote working has been the rise of ‘shadow IT’.
To the uninitiated, shadow IT refers to the use of any IT system, service, software, app or device that hasn’t been approved by the relevant authority within your organisation. The problem with the proliferation of unauthorised apps and data is that employees rarely contribute to it knowingly, or with ill intent.
It might be that they needed certain software capabilities to achieve a particular task, and without the immediate physical support of their team, set up a free version of something they found online. Or perhaps they needed to contact a senior colleague in a moment of urgency and used their personal mobile phone without thinking.
These are all understandable situations, but if they continue to happen without any measures in place to control them, fragmented data will continue to spread across your business. The end result of this is an increased risk of sensitive information slipping through the cracks, going undetected, and compromising your ability to remain compliant.
If you want to prevent the proliferation of shadow IT, establish an internal approval process for employees when installing new apps or software.
Without some way of vetting this, your staff will continue to adopt new tools that add to the number of unauthorised, unknown and unaccounted for silos of data within your organisation.
3) A strict data retention policy
A data retention policy is essentially a set of rules specifying how your data should be managed, archived, or disposed of based on its data classification.
Just like with the governance guidelines, less is more here. The more complicated your data retention policy, the harder it will be to implement. It can feel gung-ho, but sometimes the best policies are those that are ruthless in their simplicity.
Those that look to reduce as much data stored in the most appropriate and compliant way possible, using a few basic ground rules. After all, routinely deleting data that’s not being used, and only retaining data that’s an absolute necessity isn’t exactly a bad thing, is it?
Create slide decks or documents for employees that break down how data should be classified, and your data retention lifecycle.
What is the document lifecycle?
The phrase document lifecycle refers to the process of data being created, stored, used, archived, and then eventually, deleted. Look to include information on the following as a minimum:-
-
- Where data is stored
- What devices or systems are used for storage
- How long data is stored
- What happens when data is no longer needed
- How to ensure compliance with appropriate rules and regulations.
What do you mean by ‘classifying’ data?
Classifying or codifying data refers to the process whereby you judge how certain data should be managed, based on what kind of data it is and its purpose. Data classification should look to answer questions such as:-
-
- What type of data is it? Is it for public use, or internal? Is it confidential, or should it be restricted in some way?
-
- How long should the data be retained?
-
- Where should the data be stored? And are there any additional security considerations?”
-
- Which members of staff are authorised to move, modify or delete the data?
Want more guidance on how you can deal with data proliferation in your organisation? Speak to one of the Altlaw team today. We’re always happy to help.
