Taming Data Chaos to Meet Compliance and Security Requirements

Security and privacy are increasing in importance and becoming more political; a challenging situation that has been compounded by frequent news of data breaches from high-profile companies such as Equifax, where the information of more than 145 million Americans was compromised.

In today’s compliance-driven environment, requirements are getting tougher. The healthcare sector must comply with HIPAA legislation that provides data privacy and security provisions for safeguarding medical information. Banks are facing fundamental reform initiatives for some aspects of Basel III, which introduces new capital and liquidity standards to strengthen the regulation, supervision, and risk management of the banking and finance sector. There is also the advent of more stringent legislation such as the General Data Protection Regulation (GDPR), which will impact any and every business that transacts with the EU. GDPR brings hefty penalties for non-compliance — the maximum fine is €20 million (roughly $23 million) or 4 percent of yearly revenue. This makes data protection and the ability to meet ever-changing compliance requirements of the utmost importance within organizations.

Despite this, in its white paper¹ “Information Capture: Cornerstone of Digital Transformation,” IDC stated that security continues to be a challenge for organizations across multiple domains. And, while governance has been a key concern for the last decade, the findings of a recent AIIM² report suggest that businesses are still not fully addressing the problem or are not keeping up with the latest requirements.

Around a quarter (24 percent) of respondents reported that Information Governance (IG) and data security is high on the agenda for senior management, with 27 percent reporting they have plans in place to investigate and audit their information ecosystems. Alarmingly, almost two-fifths (38 percent) cited their biggest challenges are getting anyone to be interested and getting senior management endorsement (35 percent). The study also points to the fact that regulatory compliance, security and privacy remain significant risk factors. Just three percent of respondents cited their IG policies as being “outstanding” and almost half (48 percent) rated the maturity level of their companies’ IG policies as “poor” or “extremely poor.”

Data chaos 

The amount of data flowing into and out of organizations continues to grow exponentially, so much that volume is now measured in zettabytes (one zettabyte equals 1 trillion gigabytes). With both the volume and complexity of inbound and outbound information showing no signs of slowing down, organizations are facing increasing pressure to securely and intelligently manage all the data they hold, to ensure regulatory compliance, as well as protect against the very real reputational (and financial) risk that data loss or breach presents.

The ever-increasing flood of data and how we manage it is one of the greatest opportunities and challenges facing businesses (and government) in the 21st century. In today’s era of data chaos, as much importance should be placed on tightening up information security and applying strict controls right at the beginning of the information management process as there is on ensuring its integrity once it resides within the business’ systems.

Data is ubiquitous. It is embedded in countless repositories and enters organizations in multiple formats including email, email attachments, voice, image and video files. Traditional records management is often focused on paper or “traditional” business inputs, which means organizations now need to account for other forms of information capture alongside traditional documents.

Key challenges include the fact that current data governance directives are only partly effective. They are limited to traditional data streams and are not keeping up with changing processes and new data channels.

In addition, there is the problem of dark data, as well as identifying who has overall ownership of an organization’s data, which is often fragmented between business teams and functions. Furthermore, business investment in solutions is often made without involving IT. A recent survey by IT industry association CompTIA³ found 27 percent of final decisions are now made by someone other than the IT department.

AIIM asked respondents to share how much the perception of information governance has progressed from management of declared records to management of all electronically stored information for access, privacy, security, compliance and e-discovery. Nearly one-quarter said they have been looking at things this way for more than three years, and just 19 percent have plans in place to move in this direction within the next 12 to 18 months.

A disconnect between IT and business is also an issue. A recent PwC⁴ study suggests this is stalling digital transformation efforts. Thirty-five percent of executives surveyed said a lack of collaboration between business and IT is an existing or emerging obstacle to achieving expected results from their digital technology initiatives.

The human factor is also an inhibitor to success. Best practice guidelines and processes are not always adhered to, individuals often find workarounds; e.g., using file shares that are not approved by IT, and training can be insufficient or ineffective in some cases. In fact, 10 percent of respondents to the AIIM study reported that data loss in the past 12 months was due to staff negligence or bad practices.

Cybersecurity — a major IT concern  

Today’s mobile and digital world has significantly increased the number of ways in which data can be put at risk. The cyberattack surface area continues to increase as information is created, retrieved, stored and shared across multiple platforms — in the cloud, on premise and mobile.

With cybercriminals constantly looking for new ways to steal information, companies are well versed in ensuring their networks, wired and wireless, are shored up to prevent new security gaps opening; however, a dependence on paper also leaves an organization vulnerable to security threats and compliance issues.

The problem with paper 

Digitized documents are inherently more secure than information held on paper. The more a business lets a customer’s personal data remain in analog form such as paper, the more risk individuals and organizations are exposed to as that paper moves around (or even outside of) the organization, before it is digitized and safely stored within the line of business systems.

Respondents to the IDC study reported improved regulatory compliance since deploying technology related to digitizing, automating, and optimizing document workflows. Fifty-five percent said they had improved their record in meeting regulatory guidelines and seen a reduction of risk for non-compliance, while 48 percent reported better compliance with mandated security and privacy regulations within their industry.

Digitizing paper documents and capturing information at the point of origin, and then processing the data once it’s inside the document management system, makes information much more secure.

Making sure the right person is capturing the right information and putting it into the right business process is in itself a form of securing documents. Securing information closer to the source reduces the risk of loss, leakage or destruction, helping businesses meet compliance legislation around data protection and secure data management.

Significant security concerns related to cloud-based solutions and repositories abound; however, there are solutions that address these issues. Centralized management of document capture using cloud-driven technology solutions helps maintain tight controls necessary to ensure compliance. Scanning and capture profiles can be set up and monitored by central IT, and data entry errors and manual rework caused by complicated, difficult user interfaces can be reduced. Documents can be digitally monitored throughout the organization and companies can take further steps to secure information by setting up access rights and establishing a complete chain of custody with end-to-end monitoring.

Secure information capture solutions 

IDC said that inefficient workflows contribute to security challenges. They are less trackable and auditable and it is difficult to protect document ownership, access, modification and chain of custody. As businesses move toward digitizing work to boost productivity, they should be looking for sophisticated and secure information capture solutions that encompass document scanning and data extraction, enabling data to be classified, stored and managed electronically.

For example, a new generation of scanning solutions support industry standard enterprise security protocols HTTPS, WPA Enterprise and TLS Encryption for scanning over networks. These models also offer the ability to pull document images and metadata into a transactional business process in a distributed environment at the point of transaction, which helps with securely attaching documents to business transactional systems, eliminating errors caused by batch processing. It’s also possible to process scanned data exclusively through volatile memory, which protects sensitive information by erasing image data when the device is turned off.

Turning data chaos into business opportunity 

An information capture ecosystem, designed to remove complexity, plays an integral part in enabling organizations to address regulatory compliance requirements as well as privacy and security concerns. One good example of an ecosystem approach is the way ISV COMPU-DATA International (CDI) delivers end-to-end solutions to help solve business challenges and enable digital transformation for companies at any scale. Customers’ data is protected from the moment it’s captured through delivery, regardless of its location. With CDI’s Virtual FileRoom, originally designed for U.S. government classified data, customers can easily store, search and retrieve files on-demand with a customized interface that’s modular, scalable and cloud-based for added convenience. All files created and stored in the Virtual FileRoom benefit from added security to protect users’ data.  Furthermore, files are always encrypted and remain encrypted at rest, in-transit and even in use. Access to files is transparent to the end-user with no changes to the way they work with files as long as the device they are using is authorized.

According to IDC⁵, over the next three to four years, digital transformation efforts will no longer be “projects,” “initiatives” or “special business units” for most enterprises. They will become the core of what industry leaders do and how they operate. A significant portion of business workflows are still paper-based which poses several issues, not least of which is the threat of hardcopy documents being leaked. This is one of the key drivers for digital transformation, which begins with information capture, and presents an opportunity for security and compliance issues to be addressed at the outset.   

¹ IDC White Paper, sponsored by Kodak Alaris, Information Capture: Cornerstone of Digital Transformation, July 31, 2017

² AIIM Governance and Compliance in 2017:  A Real World View http://www.aiim.org/Resources/Research/Industry-Watches/2017/2017_Aug_Governance-and-Compliance

³ CompTIA, Considering the new IT Buyer, 2017

⁴ PWC, 2017 Global Digital IQ Survey, 2017  https://www.pwc.com/us/en/advisory-services/digital-iq/assets/pwc-digital-iq-report.pdf

⁵  IDC FutureScape:  Worldwide IT Industry 2017 Predictions, November 2016

This article originally appeared in the November 2017 issue of Workflow