In a world that is becoming ever more digitally connected, ensuring robust data protection has become more important than ever.
In a recent post by Theta Lake, the company highlighted the importance of data protection and some of the key concerns surrounding it.
Theta said, “Data protection is now more important than ever. Given the new ways of working and communicating there are increasing amounts of personally identifiable information (PII) and personal health information (PHI) data shared across communication platforms and firms are expected to be able to capture and retain safely as well as retrieve and delete personal data.”
Data protection and privacy include the relationship between data security, accessibility, the use of technology, the public expectation of privacy together with the associated legal and political issues.
The issues are seen as so fundamentally important that data protection legislation has proliferated around the world and must be complied with by regardless of sector, Theta stated.
In the company’s fourth annual report on Modern Communications Compliance and Security, a wide range of data protection issues surrounding security and privacy were highlighted, with respondents commonly citing the risk of content being hacked, leaked or externally shared.
A key concern shared by a compliance director included confidential information that is shared between meetings potentially being breached through staff taking pictures or screen shots of information that is shared.
Theta Lake said, “The focus on concerns around data security show that for firms and regulators alike a crackdown on data protection and non-compliant communications is a continuing priority.
“To add to those concerns, the report found that the greatest risks to compliance, security and data privacy were seen to involve either the deliberate or inadvertent transfer of files via chat, the ability to share links in chat or on screen and the risks associated with screenshare. These concerns are driven by the ease of sharing files (of any size) and links which could contain confidential, sensitive or proprietary information.”
Another key concern was utilising all features of a communication source without suffering a data breach.
In the report, companies were found to have adopted a range of approaches, including 52% who said they found it easy to retrieve emails but difficult to search and retrieve content with chat, video, whiteboards and other modern communications.
Up to 33% needed significant manual resources to search multiple systems and modes of communication with 15% comfortable that they were able to retrieve all types of communications with ease.
The company added, “With 85% of all businesses in the survey report facing difficulties in retrieving information and the number one challenge with existing archiving tools (cited by 41% of professionals) being finding and extracting data, firms should reconsider legacy solutions.
“Meticulous record-keeping plays a pivotal role in enabling businesses to demonstrate data protection compliance. As a matter of course, organizations must be able to provide comprehensive records and evidence to not only respond to data subject access requests but also requests from investigators, regulators and auditors, all in a timely manner.”
What are some of steps that can be taken to address any gaps in current data and protection and coverage?
According to Theta, firstly, firms should ensure policies reflect the working reality and are understood by staff. This includes data security training and guidance, record keeping requirements and acceptable use of channels.
Spot checks, internal audits, reviews and updates of existing policies should also be part of the mix. Firms should ensure that accountability and tone from the top reflects the importance of data protection and compliance.
Secondly, companies should undertake a risk assessment of all communications channels to determine potential gaps in data protection, record keeping, oversight or information security.
They should also check that all new communications modes like in-meeting chat, video, mobile, WhatsApp, file links, images and more are not only captured but also search and retrievable.
In addition, organisations should ensure effective security ratings are in place on your meeting platform as well as taking an incremental, risk-based approach.
Theta concluded that firms should also adopt UC platforms that have the capabilities end users want but that also support protection and compliance capabilities through robust APIs and integration partnerships.
Read the full post here.
Copyright © 2023 RegTech Analyst
Copyright © 2018 RegTech Analyst