There is no denying we are living in the information age. Information is an asset with value, information is at the heart of every organisation, and information is at the centre of everyone’s lives. The volume of information is increasing daily. At the same time because information has a tangible value it can be exploited by the unscrupulous, so governments impose legislation and regulation to restrict how information can be used, and individuals demand that they have control over their own information.
At times, it seems like organisations are up against a mountain they just cannot climb. On the one hand, they need to continue with their everyday functions, and they want to exploit the information they have to achieve the maximum benefits for themselves and/or their customers. On the other hand, they have to keep putting in more and more resources to ensure that they are compliant with the latest laws, regulations and standards, many of which can be conflicting and require people to do some assessment. This means taking the workforce away from their primary function to deal with compliance and hoping that they get it right, or bringing in specialists to deal with specific issues at a substantial additional cost, which leads to a very reactive approach to compliance.
The logical solution is therefore to automate the process, by getting a “machine” to do all the work such that there will be a standard approach, consistent results. This saves time and money and allows the workforce to proceed with their primary function.
Is it that simple?
Many software vendors believe it is and, to an extent, they are correct. Some industries have been applying automated compliance for a while. Take for example the highly regulated Banking sector, who invest heavily in having dedicated compliance departments. Automated compliance can help them to become more effective, by improving security, transparency and by making the process of internal auditing easier, whilst also being very efficient and therefore more cost effective.
So the compliance precedent is there and is appealing but will this work for information compliance?
Information assets have increasing amounts of legislation and regulation applied, for example when the recently implemented General Data Protection Regulation (GDPR) and the Data Protection Act 2018. This legislation can be complex; the interpretation of what is compliant, and what is not, still has to be fully tested. However, by stripping the compliance down to the basics and looking at the following questions it is possible to begin to see how automated compliance may lead to efficiencies and more effective control over information assets:
- What personal data does the organisation hold?
- Can the organisation find all the information relating to a specific individual?
- Is the organisation disposing of redundant information?
To answer these questions and keep that answer up to date and accurate manually is extremely time consuming and expensive, and more often than not things will be missed; humans make mistakes. These are not intentional, but it does happen results in more time, effort and cost to resolve them. However, by implementing automated systems to capture information, manage the lifecycle of information and bring back accurate answers to searches quickly, it is possible to reduce the burden of compliance on an organisation.
Utilising workflows to automate such aspects as applying retention to documents will not only ensure that the process is carried out but will eliminated the burden on the workforce by removing the need to review each file. Implementing effective metadata will mean that all records containing personal data can be identified, using powerful search engines can pull back information in a fraction of the time it would take an individual to do the search manually. Implementing automatic security to certain records will ensure protection. Using workflow technology, it is possible to automate retention and disposal of redundant information.
To be able to have end-to-end automated compliance requires removal of the human from the equation totally. This is still some way off, especially as there is mistrust by many of the power of automated technology. By looking at business processes and the information that supports them it is possible to identify those that can be automated effectively providing far greater efficiency and control.