Got Data Compliance?
In our “all things Internet” world, coupled with increasing laws and regulations, how do companies successfully fulfill their obligation to preserve the growing amounts of digital data?
No matter the size of your business, it’s good practice to have a game plan that will address this challenge and a process for communicating it to your employees.
I believe people are basically good. I believe people want to do the right thing. And I believe that truth and justice ultimately win out. I’ll be even more specific. I think my employees have my back and will do the right thing if there is a legal dispute.
Now… am I ready to bet my whole business on trust? Bet my bottom dollar in the face of pending litigation?
I’d want to be confident that my team knows what to do. According to a recent survey, 76 percent of us trust our custodians if we have an automated system in place for instigating litigation holds. Using a manual system? Confidence levels drop quite a bit.
The legal arena has become less tolerant of spoliation; the same survey says that 1 in 3 have had to defend their legal hold process. We’ve had judges hand down some tough sanctions if it is suspected that we didn’t do all we could to produce the required data.
At the same time, I don’t want to preserve terabytes of information, but rather would prefer to preserve data in place in case I need it later. Again, this goes back to intelligent preservation that is defensible if needed.
9 Strategic Steps
Creating this culture of compliance that lets me sleep at night takes time. Here are some helpful tools that can help you get a better night’s sleep:
- Lead from the top: Executives must not only understand the importance of compliance policies, but also model behaviors. Be responsive when information is requested and be positive about why this is necessary. If you are grumpy, what do you think your employees will do?
- Create retention guidelines: While saving important information is necessary, what isn’t necessary is saving everything your company produces for all time. Work with IT to have some reasonable guidelines for how long to keep e-mails or particular types of files. Then publish those guidelines and follow them.
- Formulate employee policies: Contemplate what you want employees to do when something comes up—and then write it into your corporate policies. Then if someone doesn’t hold up his or her end of the bargain, you have grounds on which to act.
- Implement a preservation process: When a legal duty to preserve is triggered, have a process in place to hold on to information. It could be a letter, filing, or the opening of a regulatory investigation. Once underway, communicate to your employees what they must save, be diligent about getting them to acknowledge their responsibility to do so, and follow up with routine reminders.
- Follow through with training and orientation: Make legal and compliance training part of regular training programs and new employee orientation.
- Create a policy for personal devices: Let everyone know what it means when they use personal smartphones, tablets, or laptops for work, including your right and obligation to get the work information from those devices.
- Collect information from departing employees: Many companies stumble by not saving information of employees who leave. When someone leaves the organization, have a process for collecting information from their computer and other work devices. Also, know if they stored information elsewhere, such as DropBox. Have an exit process in place.
- Get a lay of the data land: Know what you have, where it’s located, and how long it sticks around. Data is amorphous, so knowing that security cameras overwrite files every 24 hours can be critical if, for example, an employee is injured on the job.
- Conduct regular audits: Success over the long run is required. Take some time to assess how the organization is doing. If you find one of the steps is not being followed diligently, take steps immediately to fix it.
These are not new ideas, but we need to make sure we are adapting to our new circumstances. While we are all benefiting from the amazing power of communication and data gathering, it does not come for free. Understanding the challenges and having employees ready to comply when asked helps avoid lengthy and expensive problems.
Here are a few things to ask yourself as you create your digital data strategy:
- What should we save?
- How do we save it?
- Who needs to save it?
- How do we quickly access the information when we need it?
- How do we create systems within a company to handle it appropriately?
Monica Enand, CEO and founder of Zapproved, has grown Zapproved into a leading software provider with a compliance platform making it easier and more economical for businesses facing increasing rules and regulations. Prior to founding Zapproved, Enand spent more than 15 years with blue-chip companies such as Intel and IBM. She holds an MBA from University of Portland and a B.S. in Computer Engineering from Carnegie Mellon University. Enand is a speaker and active member in the entrepreneurial community in Portland. She was appointed in 2014 to serve on the Oregon Growth Board and sits on the board of the Technology Association of Oregon.