Data protection is now more important than ever. Given the new ways of working and communicating there are increasing amounts of personally identifiable information (PII) and personal health information (PHI) data shared across communication platforms and firms are expected to be able to capture and retain safely as well as retrieve and delete personal data. Critical issues that should take center stage in data privacy week.
Data protection and privacy involve the relationship between data security, accessibility, the use of technology, the public expectation of privacy, together with the associated legal and political issues. Indeed, the issues are seen as so fundamentally important that data protection legislation has proliferated around the world and must be complied with by firms regardless of sector.
The fourth annual report from the experts at Theta Lake on Modern Communications Compliance and Security shared insights from over 500 compliance and security professionals across global financial services, healthcare, insurance and government sectors. A vast array of data protection issues surrounding security and privacy were highlighted, with respondents repeatedly citing the risk of content being hacked, leaked or shared externally.
Q. What is your number one concern relating to capturing and monitoring modern communications?
The focus on concerns around data security show that for firms and regulators alike a crackdown on data protection and non-compliant communications is a continuing priority. To add to those concerns, the report found that the greatest risks to compliance, security and data privacy were seen to involve either the deliberate or inadvertent transfer of files via chat, the ability to share links in chat or on screen and the risks associated with screenshare. These concerns are driven by the ease of sharing files (of any size) and links which could contain confidential, sensitive or proprietary information.
Finding and extracting records
Data security is not the only aspect of data protection, the ability to find and extract records is also critical for compliance with FOIA, GDPR/privacy, investigations and complaints handling requirements. Firms were found to have adopted a range of approaches with:
- 52% finding it easy to retrieve emails but difficult to search and retrieve content with chat, whiteboards, video and other modern communications
- 33% needed significant manual resources to search multiple systems and modes of communication, and
- a significant minority of only 15% comfortable that they were able to retrieve all types of communication with ease
With 85% of all businesses in the survey report facing difficulties in retrieving information and the number one challenge with existing archiving tools (cited by 41% of professionals) being finding and extracting data, firms should reconsider legacy solutions. Meticulous record-keeping plays a pivotal role in enabling businesses to demonstrate data protection compliance. As a matter of course, organizations must be able to provide comprehensive records and evidence to not only respond to data subject access requests but also requests from investigators, regulators and auditors, all in a timely manner.
There are a range of practical, incremental steps which can be taken to address any gaps in current data protection coverage and capabilities, steps to get started include:
- Ensure policies reflect the new working reality and are understood by staff. That includes training and guidance on data security, record keeping requirements and acceptable use of channels. Spot checks, internal audits, reviews and updates of existing policies should also be part of the mix. Ensure that accountability and tone from the top reflects the importance of data protection and compliance.
- Undertake a risk assessment of all communications channels to determine potential gaps in data protection, record keeping, oversight or information security. Check that all new communications modes like in-meeting chat, video, mobile, WhatsApp, file links, images and more are not only captured but also search and retrievable.
- Ensure effective security settings are in place on your meeting platforms.
- Take an incremental, risk-based approach. Start with addressing capture, archiving and supervision gaps in areas where the data protection and other risks are highest, such as SMS, WhatsApp and other consumer messaging apps under regulatory scrutiny.
- Adopt UC platforms that have the capabilities end users want but that also support data protection and compliance capabilities through robust APIs and integration partnerships.
How Theta Lake can help
Addressing data protection compliance and security concerns requires a distinct set of organizational controls and support due to the complexity and volume of information being shared across collaboration platforms every day. The use of advanced artificial intelligence, machine learning and natural language processing technologies facilitate more efficient and effective compliance, risk and data security management through:
- Powerful, granular search across all unified collaboration content and modalities.
- Automatic detection of security, data loss and compliance risks in what’s spoken, typed, shown or shared.
- Prioritization of communications and content requiring review or intervention, whilst maintaining an audit trail of action taken.
- Swift remediation and removal of any risky content across platforms.
- Complete flexibility to set retention periods.
- Encouraging compliant behaviors through real time interactive feedback on potentially risky actions like screen sharing and enabling web cams.
- Comprehensive redaction capabilities to protect confidential or sensitive information from being accessed more widely.
- Rapid identification, and consistent legal hold, of relevant communications, content and images across platforms to support investigations, regulatory review, audits or complaints.
If you’d like to see how Theta Lake can help, request a demo today from our friendly team.