How seriously do you and your colleagues take data management? Is it viewed simply as an operational necessity that you, perhaps, offload to the IT team or is the innovative use of data far more exciting for it to be treated like this? Either way, new legislation and standards are going to increasingly shape our attitudes towards the management of data that see us all taking it far more seriously.
For many, the introduction of GDPR was a worrying data management wake-up call. The mixed response to it by business was an indication as to the lack of focus data management had previously been afforded. Another example of this, almost, blasé attitude towards data, is the rise in data breaches that are coming to court. For example, the UK retailer, Morrisons, recently lost its challenge to a High Court ruling that it is liable for a data breach that saw thousands of its employees’ details posted online. This week, Facebook was fined £500,000 by the UK Information Commissioners Office (ICO) for a “serious breach” of the law and failed to keep the personal information of its users secure.
The obvious outcome of these types of data breaches is regulatory punishment, increasingly high fines, but the damage to an organisation’s reputation could be longer-term and, potentially, much more expensive!
So what’s the problem? Is data management too hard or have our attitudes towards it simply not kept up with the growing importance and value of data? I’d suggest that when the business opportunities that are presented by a more innovative approach to data are recognised, along with a wider realisation that its effective management simply can’t be ignored, then data will be seen and treated like any other valuable business asset.
In an increasingly data-centric, knowledge-based world, how do organisations both unlock the value of data, whilst ensuring it is safe and secure, and not being misused? Unlike gold, for example, the true value of data is only realised if it can be easily stored, accessed, analysed and shared.
Firstly, data needs to be taken seriously by everyone. Secondly, data management can’t be technology-led. Gone are the days when individuals or departments could unilaterally use standalone solutions with little if any regard to their impact on data management. Senior management need to take a more unified, policy-driven approach to data management that does away with fragmented data environments made up of ad-hoc standards and solutions.
A policy-driven data management approach must make sure that all data can only be accessed by the right people, in the right ways and from the right places – where is it, who can access it and what can they do with it. This should then be backed up with routine checks on the audit trail to quickly identify rogue behaviour.
Such an approach can be characterised as a Unified Data Access & Protection Strategy (UDAPS). UDAPS seeks to provide decision-makers with a straightforward means of developing a strategy for the data in their organisations that is practical and proportionate, and focused on management imperatives not technology.
This approach enables decision-makers to see the imperatives and how best to develop a single strategy for how best to manage their data, where it is, who has access and how, and what are the right mechanisms to protect this key asset.
The innovative use of data is rarely achieved when technology ‘wags the policy dog’. UDAPS represents a consistent and coordinated approach to data that puts policy at the centre and provides a unified environment that supports and enables data innovation.
Simon Lofthouse, CCO, Flexiion
Please note all comments need to be approved before appearing on the page. Please respect others when posting.