Data Sovereignty and the GDPR; Do You Know Where Your Data Is?

Bill Tolson Archiving, CCPA, GDPR

Blog02142019As more companies move their data to the cloud, the question of data sovereignty is becoming a hotter topic. Data sovereignty is the requirement that digital data is subject to the laws of the country in which it is collected or processed. Many countries have requirements that data collected in a particular country must stay in that country. They argue that it’s in the Government’s interest to protect their citizen’s personal information against any misuse. Continue reading

Advertisements

The Right to be Forgotten Versus The Need to Backup

Bill Tolson Archiving, CCPA, GDPR, Information Governance, privacy , ,

Blog02072019A great deal has been written about the GDPR and CCPA privacy laws, both of which includes a “right to be forgotten.” The right to be forgotten is an idea that was put into practice in the European Union (EU) in May 2018 with the General Data Privacy Regulation (GDPR). Continue reading

Dammit Jim, I’m a Doctor, not an AI – Healthcare and Machine Learning

Bill Tolson Uncategorized

PBlog09042018Healthcare costs continue to skyrocket. In 2016, healthcare costs in the US were estimated to be almost 18 percent of GDP. The healthcare industry is seeing an unprecedented and accelerating growth of ESI. This avalanche of data is being generated from the digitization of healthcare information, EHR systems, precision and personalized medicine, health information exchanges, new imaging technologies (DICOM), new regulations, IoMT (Internet of Medical Things), and other major technology developments. Continue reading

My Healthcare Data is Where?

Bill Tolson Uncategorized

Blog 11292017_v3According to IDC, healthcare data is one of the fastest growing segments of the digital universe – growing from 153 exabytes in 2013 to an estimated 2,314 exabytes in 2020, a 48% annual growth rate. So where will the healthcare industry put all of this critical and sensitive data and how long must it be held?

Continue reading

Do You Have A “Leaver” Data Problem?

Bill Tolson Archiving , , ,

Everyone leaves the company eventually. Better opportunities, reduction in workforce actions, termination, or your manager has the IQ of un-popped popcorn…, no matter the reason, everyone eventually leaves. In the UK, these people are referred to as “leavers.” In the U.S. they’re called departing employees or ex-employees, and depending on the circumstances, more colorful names. However, the way company handles these departing employees can mean the difference between business as usual or major customer satisfaction issues, project delays, higher eDiscovery costs, and higher costs.

When an employee is terminated or informs the company they are leaving, the HR organization usually has a checklist of things to do before the employee departs. This includes (but is not limited to):

  1. Return credit cards
  2. Turn in all expense reports
  3. Turn in laptop
  4. Turn in external hard disks
  5. Turn in cell phone
  6. Returning building and office keys and access cards
  7. Removing access/User ID to all electronic systems

Pretty standard stuff to ensure the employee does not walk off with company equipment or confidential information. However, this process does not address the most valuable company asset…information.

Is Departing Employee Data Valuable?

At its base level, companies employ people to create, process, and utilize information. What happens to the GBs of data the employees create and store over their time at the company? True, much of that information is stored on the employee’s laptop but how long do those laptops sit around before they’re re-imaged and re-tasked? In a blog last month, I touched on this specific problem

“Not long ago I received a call from an obviously panicked ex-coworker from a company that I had left 6 months prior. They were looking for the pricing/ROI calculator that I had developed more than a year prior. A large deal was dependent on them producing a believable ROI by the next morning. I told the ex-coworker that it and all of my content should be on my laptop and even suggested a couple of keywords to search on. Later that day, the same person called back and told me that the company’s standard process for departing employee’s laptops was to re-image the hard disk after 30 days and distribute it to incoming employees – the ROI model I had spent over a man-month developing was lost forever.”

Now consider the numerous other places an employee can store data; file shares, cloud storage accounts (OneDrive, Dropbox), cell phones, SharePoint, One Note, PSTs, etc. Now also consider how you would find a specific file containing a customer presentation in a short period of time…

If not managed as a valuable company asset, much if not all of that expensive employee data is, if not lost, is extremely difficult if not impossible to find when needed.

Chaotic Data Management Makes You a Target

Let’s address another problem associated with ex-employee data… eDiscovery.

You’re a General Counsel at a medium sized company and you receive an eDiscovery request one afternoon asking for all responsive data around a specific vendor contract between Feb 4, 2009 and last month. Several ex-employees are named as targets of the discovery.

This is a common scenario many companies face. The issue is this; when responding to discovery, you must look for potentially responsive data in all possible locations, unless you can prove that data could not exist due to existing processes. The legal bottom line is this: if you don’t know for sure that data doesn’t exist somewhere, then you must search for it, no matter the cost. Opposing Counsel have become very adept at finding the opposing parties weakness, especially around data handling, and exploiting it to force you to send more money so that you will settle early.

Discovery response also carries with it a time constraint. This time required to respond has caused many companies to spend huge amounts of money to bring in high priced discovery consultants to ensure discovery is finished in time.

Both of these issues can be readily addressed with new processes and technology.

Process Change and Technology

Worthless data can be extremely valuable when you can’t find it. Most companies I have worked for were very good about the employee exit process. But so far I have never had an HR (or other) person ask me specifically for all of the locations my data could be residing.

The laptop and cell phone are turned in and quickly re-imaged (losing all data), file shares with work files and PSTs are eventually cleaned up destroying data, and email accounts are closed. Very quickly, all of that employee data (intellectual property and know-how) is lost.

In reality, all it takes to solve this problem is first to develop an exit process that ensures the company knows where all employee data is before they leave, and second, migrate all of that ex-employee data to a central repository for long term management. Many companies are finding that a low cost “cool” cloud archive is the best and lowest cost answer.

Leavers2.jpg

Just because an employee has departed doesn’t mean their intellectual property has to as well. Keep that ex-employee information available for business use, litigation, and regulatory compliance well into the future.

The Industry’s First “Leaver” Archive

Microsoft Azure is that low cost cool data repository.   Archive360’s Archive2Azure provides the management layer for Azure to allow this departing employee data to be migrated into Azure, encrypted, retention/disposition applied, and custom indexing processes enabled to provide centralized ultra-low-cost cool storage so that grey, low touch, ex-employee data can be managed and searched quickly.