USE CASES OF INFORMATION ARCHIVING
Digitalization and Regulation
In our last blog post we gave an overview of the drivers and most common use cases of information archiving:
- Compliance with Regulatory Requirements – some industries are heavily regulated so that organizations are required to retain and preserve electronic information to meet government and/or industry regulatory requirements.
- Litigation – during internal and external legal proceedings, organizations will need to efficiently search, discover, and retrieve all pertinent information.
- Internal Corporate Policies – due to increasingly large amounts of electronic content that needs to be managed and disposed of according to internal corporate policies by organizations.
- Leveraging Information through Content Analytics – organizations are increasingly using information archiving solutions to provide valuable insight into their stored data.
- Data and Information Security – information archiving solutions help secure information in a long-term repository – here content can be easily restored in the event of a disaster or during any planned or unplanned downtime.
Read below for more details on each use case.
Compliance with Regulatory Requirements
Organizations in most industries have some sort of regulatory requirements – imposed by either government or industry – regarding the retention and preservation of information.
Analysts from both academia and industry largely agree that regulation derived compliance requirements are the main driver for market growth. This is due to huge fines for failing to comply even in singular instances. Further there often are several regulatory requirements from different sources have different sometimes opposing requirements, increasing complexity and confusing the regulated parties. Hence, corporations have become concerned about compliance because of increasingly stringent and complex legal requirements. According to the technology research firm Gartner, 41% of corporations in the United States had a designated Chief Compliance Officer in 2010.
The ability to manage data governance at scale to support e-discovery and legal compliance is a critical business requirement due to regulations such as SEC17a-4, CCPA (California), HIPAA, FINRA, EU-DSGVO (EU), GoBD/GDPR, and other guidelines for data privacy.
Compliant archives help meet the guidelines for document retention, accuracy, and auditability. To be compliant with any of the above–mentioned rules and regulations, archives need to be secured with an immutable storage. Current solutions revolve around WORM (write once read many times) – often archaic – storage.
Data breach lawsuits are highly public. Not a day goes by where a company, large or small, is not dealing with some level of privacy concern or public relations challenge that could be – or already is – a data breach. News headlines, and newly enacted regulations and statutes, show a clear and continuing trend, and individuals and regulators alike insist on the protection of personal, health, financial and identity information.
In these ways, legal exposure has been exponentially broadened for every business and organization. Businesses must develop processes and safeguards to improve data security and mitigate exposure for damages.
This requires organizations to efficiently search, discover and retrieve all pertinent information.
It includes not only the availability of the information but also to prove beyond a reasonable doubt that they haven’t been tampered with; meaning the original.
Prime examples are the crashes of Tesla cars in 2016 and 2018. After the death of a man, involving a self-driving car, questions have arisen about the safety of the car’s crash-avoidance Autopilot system. Tesla told Senate investigators that a “technical failure” of the automatic braking system played a role but maintains that Autopilot was not at fault. Following these incidents were lawsuits placing the blame on Tesla. As Tesla brought their data log to court many questioned whether the data has been tampered with to tip the trial in their favor.
“Efforts to hide the crash record will impede progress in achieving whatever safety benefits advanced driver-assistance systems might ultimately bring.”
R.A. Whitfield, Director of Quality Control Systems Corp. and Expert in Statistic
Regarding litigation the retrieved and provided information must be trustworthy hence proof its authenticity and provenance.
Internal Corporate Policies
Organizations are tasked with providing proper risk prevention practices and effective internal controls for operations, finance, HR, strategy, and legal to ensure all corporate compliance obligations are met. To greatly improve organizational compliance from the front line to the executive ranks, internal controls should be standardized and automated with workflow management systems.
An internal control a process for consistently meeting organizational goals for operational effectiveness and efficiency, accurate reporting, and compliance with laws, regulations and policies. While often referred to in a financial setting, internal controls are used across all horizontals within an organization from finance to IT to marketing.
Internal controls can be built around any procedures that present potential risk like capital expenditure approvals, hiring, quarterly financial report development, sales discount approvals, etc.
Leveraging Information through Contest Analytics
A growing number of organizations are taking their predictive or advanced analytics strategy to a higher level. They have settled on proof of concept and started to execute on a model designed to predict future targets that can help them either create value or identify loss.
In a hypercompetitive business environment, predictive analytics is fast becoming a way for organizations to gain the edge over competitors and allocate budgets more effectively. However, challenges arise even for these organizations with highly sophisticated predictive analytics programs.
“Predictive analytics is quickly changing the way businesses effectively allocate their budgets and gain their edge over competitors. However, even companies with highly sophisticated predictive analytics programs still often run into challenges.”
Kris Hutton, Director of Product Management at global enterprise governance SaaS provider ACL
One issue is the necessary consideration of competencies like moving or processing data which is compiled every day as it might interfere with regulations such as GDPR or CCPA. This issue is especially important for large multi-regional companies with highly sophisticated analytics tools and processes.
Another problem that might arise is model bias, which is a serious enterprise risk, particularly in the financial services sector. Financial services firms should use model risk management to apply governance rigor to their models to ensure they are making accurate assumptions.
Data and Information Security
Information archiving solutions help secure information in a long-term repository, where content can be easily restored in the event of a disaster or during any planned or unplanned downtime.
Threats to information security come in many different forms. Some of the most common threats today are software attacks, theft of intellectual property, identity theft, theft of equipment or information, sabotage, and information extortion. Most people have experienced software attacks of some sort. Viruses, worms, phishing attacks and Trojan horses are a few common examples of software attacks. Hence data and information security typically respond to security breaches in one or more of the following ways:
- reduce/mitigate – implement safeguards and countermeasures to eliminate vulnerabilities or block threats
- assign/transfer – place the cost of the threat onto another entity or organization such as purchasing insurance or outsourcing
- accept – evaluate if the cost of the countermeasure outweighs the possible cost of loss due to the threat
Learn more details about each use case in the white paper “Compliant Information Archiving” here.