One reason for the renewed attention to compliance is that many organizations are collecting new types of data. In schools and colleges, for example, videoconferencing platforms may capture video and audio, along with academic and personal information. Many organizations have managed remote work by expanding their use of cloud computing, which triggers encryption and security protocols for data at rest, in transit and in analysis.
Onsite, organizations are gathering data through technology solutions designed to facilitate safe interactions and maintain social distancing, such as thermal imaging for temperature screenings or video recordings and analytics for occupancy control and contact tracing. All this data must be properly managed and stored.
Remote Operations Yield New Ways to Leverage Data
Another major change in the compliance landscape is that some organizations are tracking remote employees’ activities to monitor productivity. For example, they may collect data related to emails, phones, calendars and software: how many emails employees send and receive, how many meetings they book, how much they log in, which applications they use and so on.
The ability to collect this type of data isn’t new, but organizations now have more reasons to understand employees’ at-home productivity. Not surprisingly, many organizations hope to use these insights to decide whether to maintain telework after the pandemic. In doing so, organizations need to understand exactly what they are tracking and storing. Recording the length of a phone call, for example, is different from recording actual content.
Another use case for this data is to evaluate the return on IT investments. Whether organizations purchased software and collaboration solutions before the pandemic or because of it, they need to know whether employees are using them — and if not, why — so they can address barriers to adoption.
Master Data Management Tools Simplify and Automate Remote Operations
As organizations review their security and privacy compliance, the first step is to understand what data they want to maintain and analyze. This informs the regulations they must follow, which may include the European Union’s General Data Protection Regulation. Often, organizations discover their lack of compliance through an audit, which then prompts deployment of a master data management solution.
These solutions track and build out a lineage map of the data an organization is pulling, where it is stored, who has access and how it is used. Smaller organizations may not need that much firepower, but many organizations expand so rapidly that data tracking can quickly become unmanageable. An automated process and a single, centralized repository can help.
Every organization’s data ecosystem is unique, but security and privacy compliance is nonnegotiable. Even when organizations aren’t subject to legal mandates, it is wise to maintain visibility into the same areas of concern — the what, where, who and how of data collection and analytics — to ensure that data remains an asset rather than a liability.