Data protection is, and will remain, a key priority for regulated firms and regulators alike and is an even greater focus in Data Privacy Week. For companies subject to multiple overlapping global privacy regimes, there is a patchwork quilt of regulation and legislation covering the demands of government regulations regarding sensitive data and data protection, such as the EU General Data Protection Regulation (GDPR), the US Health Insurance Portability and Accountability Act (HIPAA), and the California Consumer Privacy Act (CCPA).  

Unified communication and collaboration (UCC) tools have cemented their place in the fabric of the workplace. The adoption of modern, effective and efficient means of communication has led to many benefits but it has also led to the potential for increasing amounts of personally identifiable information (PII), financial data, and electronic personal health information (ePHI) data to be shared in conversations. Firms must protect, manage, and oversee personal data appropriately no matter what the means used to capture, retain, search, supervise and delete the information. The point is reinforced by the prediction by Gartner that by the end of 2024, 75% of the world’s population will have its personal data covered under modern privacy regulations.

Data protection and privacy involve the relationship between data security, accessibility, the robust use of technology, the public expectation of privacy, together with the associated legal, regulatory and political issues. Given the volumes of all kinds of communications data, organizations will need to deploy appropriate technology to seek to ensure comprehensive data protection compliance. Indeed firms may wish to consider specific privacy-enhancing technologies (PETs). 

For 2024 there are a number of key privacy and data protection issues to consider when developing a strategy for managing UCC applications including:

1. Blindspots must be eliminated - UCC data is, by definition, dynamic and  organizations must be equipped to capture all the components of conversations on UCC platforms from chat, video, and voice to emojis, reactions, and GIFs. These elements provide crucial context about the interactions between employees, customers, and other third-parties and are often critical when reconstructing data when responding to data subject access requests (“DSARs”).    
   
   
2. Strong search is essential for DSARs responses - the ability to efficiently and effectively respond to DSARs is predicated on strong search.  The ability to search across any attribute of a data subject such as name, email address, phone number, or employee ID is critical for locating the relevant information requested.  Moreover, searches for emojis, reactions, GIFs and searches across data types like images or audio are essential for collecting complete and accurate information. Given that  74% of firms are facing challenges in searching and retrieving communications, considering search early and choosing platforms like Theta Lake, which provide all of these features in a unified interface, is key. 
   
   
3. Redaction and remediation are a must - firms must have the capability to redact any and all personal data or information such as credit card numbers, national insurance or social security numbers and dates of birth. Comprehensive redaction capabilities protect confidential or sensitive information from being accessed and enable swift remediation and removal of risky content across platforms. Moreover, the ability to easily remediate sensitive data in chats or elsewhere helps organizations reduce data exposure risk. Theta Lake provides quick and intuitive features to detect and remove information such as credit card numbers, account numbers, email addresses, or other sensitive personal or financial information directly from chats with a few clicks. Original chats are preserved to meet legal and regulatory requirements, while sensitive data is removed from circulation.
   
   
4. Proactive detection of data privacy risks - firms will need help with oversight. Comprehensive and unified communication records will enable institutions to undertake proactive data protection compliance and supervision and for that, given the sheer volume of the records, specifically trained AI can help firms detect and remediate risks at scale. For example, understanding if sensitive data is discussed on a phone call or disclosed over a screen share is essential given the data leakage ramifications.  These targeted detections use high quality expert sources and domain expertise, which means that the burden does not fall on individual organizations to train the AI models or verify the results.
   
   
5. Control over archived communications will have multiple data protection benefits - controlling your own data is essential.  From a firm being able to use its own encryption keys through to exporting their data at any time (with no additional costs) to their own storage. Retaining the ability to set specific retention periods depending on the nature of the data and applicable regulations means that customers retain full control over the retention and disposition of their information. Many firms make use of multiple capture tools and disparate voice and email archive storage which makes data management including search, even with third party tools, difficult. Unifying archives particularly combined with a strategic move to the cloud will deliver huge potential benefits and will enable the firms to keep pace with the data protection compliance expectations of the innovation, scale and performance that cloud UCC tools deliver and require.  
   
   
   

How Theta Lake can help

Backed by the investment arms of Cisco, RingCentral, Salesforce, and Zoom, Theta Lake’s multi-award winning product suite provides patented compliance and security for modern collaboration platforms, utilizing hundreds of frictionless partner integrations including RingCentral, Webex by Cisco, Microsoft 365 and Teams, Slack, Zoom, Movius, Box, Mural, Asana and more. 

Theta Lake empowers organizations to safely, compliantly, and cost-effectively expand their use of unified communication platforms by enabling capture, compliant archives, and acting as an archive connector for existing archives of record across video, voice, and chat collaboration systems. Customers benefit from:

• Searching instantly across participants, all modes of unified communication and collaboration tools, meshed conversations, and timelines in an easy to navigate search system that covers and provides full replay for voice, video, chat, email, images, emojis, files, whiteboards, and more.
  
  
• Patented AI & ML to detect, surface, and enable actual response for regulatory, privacy, and security risks in an AI assisted review workflow with remediation and patented UCC security control integrations for protection across what is shared, shown, spoken, and typed.
  
  
• The ability to ensure that all aspects of messaging can be preserved, and a full audit trail provided to supervisors and regulators. For example, chat messages can be viewed in their native format over the entire history of the conversation, with full context retained including images, GIFs, emojis and reactions.
  
  
• Theta Lake’s risk and compliance suite provides an advanced security and privacy architecture named STAR³ (Secure in Transit, Access, in Redaction, Remediation, and Removal), which is  SOC2 Type II certified with ISO 27001 mapping, PCI DSS certified, 17a-4 and audit trail attested, BAA supported, and undergoes regular penetration testing so our customers, partners, and regulators worldwide are confident in That Lake’s data and system security, integrity, and privacy. 
  
  

Ways to learn more

• Theta Lake’s Digital Communications Governance, Compliance and Security Report 2023/24 can be downloaded here
• Visit: ThetaLake.com | LinkedIn | X at @thetalake
• Join a bi-weekly 30-minute demo webinar here or request a bespoke demo today from the  friendly Theta Lake team here
• Keep up to date with regulatory perspectives from Theta Lake here