Published On June 27, 2023Today’s data is being centralized and reused, which underpins that records and information management (RIM) professionals must dispose of and retain data appropriately. Although that’s nothing new, there are updates to consider.
More than 600 attendees joined our recent 2023 Education Series webinar, Data, Records, and Compliance, Oh My!, to hear from subject matter experts, Kelly McIsaac, AVP, Data Risk Policies and Standards at TD Bank, and Mike Meriton, Co-Founder and COO of EDM Council. We discussed how RIM professionals need to be more closely aligned to the components of data management, including its supply chain and architecture, to ensure compliance throughout the data lifecycle.
Historically, RIM professionals have been conflicted about their role in governing and managing data versus records. But with the immense amount of data being generated and its input in the creation of records as it moves through time, it’s critical for RIM professionals to be part of the discussion.
So what can practitioners do to be aware and get connected? Here are three approaches to consider.
Look beyond records to a data supply chain
Regulators are going beyond records and are more interested in the holistic data supply chain, that is, the full data lifecycle from creation to disposition with an understanding of how data may be used for different purposes when at rest. This requires an understanding of countries’ differing data privacy laws to ensure compliance.
Essential to the process of managing data is understanding use cases. Knowing the purpose data serves along each point of the data supply chain will ensure information is properly classified, retained, and disposed through archiving or destruction. It’s no longer about a piece of data being used for one specific purpose; it’s tracking data as it moves throughout the organization and taking a holistic approach to data supply chain management.
It’s also crucial to understand the data architecture—its source and flow—in order to manage it effectively and compliantly.
Protect data regardless of its location
As the course of digital transformation accelerates, organizations have lifted and shifted large data assets into the cloud, with the potential exposure of personally identifiable information (PII) if not within a security framework. It’s crucial to track and protect data’s residing place, whether onsite or in the cloud.
When disposing of data, consider the impact elsewhere and go beyond the final output. It’s crucial to know if data needs to be repurposed, copied, remade to a new version, or if it is being referenced on a master list.
Ensure data ownership and literacy
During conversations about data, most organizations fail to define ownership of data. Consider teaching data literacy across the organization so it’s not restricted to a small subset of technology staff. Data literacy helps inform decisions and shouldn’t be an afterthought.
Although record ownership can continue to be challenging, today we’re asking people to include data in a much broader scope, which can be more complicated. Increasingly, organizations are appointing data stewards within business lines to support how data is used and managed.
Strengthen data management through retention
Consider policies and standards that start to shift the conversation away from just records to data. Make sure retention is part of the data management process rather than a standalone practice, and develop thorough knowledge on data usage, retainment, and its end result. When building a data management framework, ensure it covers everything across the data lifecycle, from strategy to governance to architecture to data quality to analytics to model management.
Interested in learning more about this topic and others in the information governance space? Visit Iron Mountain 2023 Education Series to watch the on-demand recording of “Data, Records, and Compliance, Oh My!” and to register for upcoming webinars.