Data Governance Best Practices: How to Oversee Your Content

Reprinted with permission of the Association of Corporate Counsel as it originally appeared on ACCDocket.com: “Data Governance Best Practices: How to Oversee Your Content” May 30, 2019. © 2019, the Association of Corporate Counsel. All rights reserved. If you are interested in joining ACC, please visit www.acc.com, call 202.293.4103, ext. 360, or email membership@acc.com.

Data Governance Best Practices: How to Oversee Your Content

What is good data governance? It is ensuring the quality, availability, security, and usability of data within an organization. The MDM Institute defines data governance as “the formal orchestration of people, processes, and technology, to enable an organization to leverage data as an enterprise asset.”

Regulations like the General Data Protection Regulations (GDPR), Markets in Financial Instruments Directive II (MiFID II), Sarbanes-Oxley Act, Basel III, Dodd-Frank Wall Street Reform and Consumer Protection Act, and others require that organizations monitor their business practices and comply with rules set forth.

How do you establish good data governance? It is critical to have a strategic approach to comply with the regulations and manage the risk. 

For a brief overview of this complex subject, consider adopting these smart practices to achieve effective data governance:

Take a holistic approach

Getting the right stakeholders and information owners involved at your company will help you create the most effective governance policies. Start with the right players and get them involved. Also, people and culture play a critical role. Include team members from your compliance, marketing, legal, HR, and/or IT departments. Then move on to address data governance and as well as technology processes. 

Capture your organization’s communication channels

As employees use more channels to communicate with clients and each other, compliance challenges grow as well. The technology vendor should support different communication channels with direct source capture, meaning it is captured in its native format, and in full conversational context, with message threading to show messages in their original context.

If your company’s rules include supervision and retention of email, but they overlook the fact that your employees prefer to reach out to customers via text messaging or social media, it can cause big problems. Consider what customers demand and what your company culture dictates when designing rules so nothing falls through the cracks. Ultimately, you’ll want to develop a system that can accommodate future methods of communication.

Create internal policies for security and compliance

Implement a framework to ensure strategic objectives and tactical goals. Gather feedback from your employees and peers who regularly use new technology. Your policies should reflect today’s evolving digital communications landscape.

Policies designed for email may need re-inspection to reflect specific ways these new channels can be used by employees. The technology solutions should be delivered with top-tier security, management, and operational controls.

All data should be encrypted in transit and at rest, with stringent access controls, and stored in an unalterable, compliant format to meet regulatory requirements. Engage employees since new channels frequently emerge, which means that training should also be ongoing to keep pace with the latest technology. 

Meet content control needs

All organizations need to identify sensitive information that is not being properly managed. This can include proprietary data, trade secrets, material non-public information, or other content that could cause harm to the company if leaked externally.

They should take steps to insure against accidental loss, destruction, or damage. Technology allows organizations to leverage supervisory features to inspect content for potential policy violations and direct follow-up by compliance, security, or legal staff to remediate that information risk.

Organizations must be increasingly diligent in ensuring their technology is equipped to address privacy demands. Furthermore, they must evaluate which technology providers embrace privacy by design versus those that approach privacy as an afterthought.

Technology solutions should also come with real-time moderation and pre-review capabilities that can be added for specific channels. Clients can proactively monitor communications with control, including alerts, message blocking, ethical walls, and disclaimers to prevent compliance issues before they happen.

Manage the compliance and reputational risk

Risk is pervasive and ongoing. Focus on the most vulnerable and important areas of your business to implement effective information governance. For example, Tweets can contain non-public information violating SEC rules, and LinkedIn posts can violate data privacy laws. Partner with a technology vendor that can provide efficient and effective tools to monitor the risks and demonstrate compliance.

Governing content is critical, or you may face regulatory fines and reputational risk. To best handle this, technology supervision capabilities should include an advanced supervision workflow, multi-tier review queues and visual dashboards, action panels, roles reporting, escalation, customizable policies, and more to ensure you meet your compliance obligations. Policies and analytics tools surface your business risks and drive proactive decision-making. 

Conclusion

Legal departments should take all possible steps to oversee their company’s data. In the current environment of social media, mobile, chat, and other electronic communication channels, that means being proactive and having a tactical strategy.

With the help of technology, organizations can efficiently strengthen their compliance, recordkeeping, and eDiscovery initiatives. Our records can be part of our best defense strategy, but they can also provide early warnings of potential violations.

Remember: Risk is pervasive and ongoing! Compliance should not be a burden, but an opportunity to achieve competitive advantage and good data governance practices.  

 

Share this post!

Marianna Shafir Esq.

Marianna Shafir Esq.

Corporate Counsel, Regulatory Advisor at Smarsh
Marianna Shafir is Corporate Counsel and Regulatory Advisor at Smarsh, where she’s responsible for legal and regulatory affairs worldwide. With her expertise in financial services industry, compliance and eDiscovery, Marianna counsels Smarsh clients on meeting regulatory obligations, leveraging technology and guidance on best practices related to electronic communications supervision. Prior to joining Smarsh, Marianna worked for BNY Mellon and Invesco where she was an instrumental member on compliance teams.Marianna has also served as an adjunct professor at New York Career Institute where she taught Law Office Management and Real Estate Law. She earned her Juris Doctorate from Nova Southeastern University. She is a frequent speaker at industry conferences and a contributor to various online publications.
Marianna Shafir Esq.

Get a Quote

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Contact Us

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.