Putting information governance back in the hands of the employee
It’s a common scenario we see all the time…
As part of the GDPR regulation, organisations implement information governance and data protection policies. Job done, they think. We’ve followed the rules and are protected.
The trouble is, getting your people to follow policies consistently is hard. You can invest in training, so everyone understands the importance of handling data in the correct way.
But how confident are you that everyone’s following every information governance policy every day? It is likely that people will cut corners in some way in the course of their working day. They just want to get on with the task in hand, fast.
The rise of the unintentional terrorist
In disregarding the company’s information governance policies, your employees are leaving your organisation vulnerable. But they’re not necessarily being malicious, actively going out of their way to expose your organisation and bring it to its knees.
Think about it…
Your people are busy doing their jobs. And in doing their job, they’re running reports and exporting data to spreadsheets, then editing it, emailing it to a colleague, and filing it away somewhere, never to be thought about again. They probably know they’ve broken a rule (or two!), but that’s because people inherently try to follow the path of least resistance, which usually means finding a way around the regulation because they want to get their job done. The trouble is, now that data is unstructured. There are multiple copies of it in people’s inboxes, on shared drives, on personal drives…
It’s not governed by the rigorous security of the systems it originated from. It’s lying around your data estate, and it’s leaving your organisation vulnerable.
When it comes to data security, one of the biggest challenges organisations face is that they don’t have a way to map behaviours in their organisation to what you’ve asked people to do. Therefore, they have no way of tracking when people are not implementing those information governance and data protection policies.
Reveal what’s hidden in your estate
Your policies are probably good enough – if only you could get people to follow them. Which is why we approach the problem from a different angle.
Imagine if you could unlock the data that’s been lost and forgotten in your company’s estate with ease and at scale.
Not only that, imagine you could run searches in all of your data, structured and unstructured, to reveal where your policies are not being followed by your people. And who is not following them.
With this level of transparency, you can identify whether you have a issue with people understanding information governance. Or whether there’s an inherent flaw in your process that needs addressing. In either case, now you have visibility to be certain about all the data that’s in your estate, the peace of mind that your policies are being adhered to, and the ability to continuously improve if/when you see issues arise.