Technology for translating regulations into reality
With data emerging as the new currency in digital economy, the focus now shifts to effective management of data flowing across the wide network of people, processes and machines.
By Sumeet Tandure
India was recently ranked among 60 countries in the Digital Evolution Index 2017 jointly launched by the Fletcher School at Tufts University in the U.S. and Mastercard. All thanks to the 46 million internet users, the digital revolution in India has raised India’s status as a prospective investment destination now and in future. In tandem, the Digital India mission is in full swing, with an ambitious target to facilitate inclusive growth through the effective use of digital technologies. With data emerging as the new currency in digital economy, the focus now shifts to effective management of data flowing across the wide network of people, processes and machines. Addressing the data management challenge thus becomes the priority for all those involved in the digital transformation journey.
Cracking the data conundrum
Over the last decade, businesses have witnessed an exponential growth in the volume of data generated and accessed. The uncontrolled flow of data has brought immense regulatory challenges in risk management and reporting. Data governance and security have become critical concerns, demanding stricter global and local policies. New global legislation, such as the Markets in Financial Instruments Drive (MiFID2), Dodd-Frank and, looking ahead to 2018, the General Data Protection Regulation (GDPR) further extends the influence and power of regulators to require corporations to comply. India has also implemented powerful data protection laws, mandatory for both native and foreign entities doing business in India. Violation to any of these policies could trigger civil or criminal liabilities. For example, the Section 43-A of the IT Act primarily deals with “compensation for negligence in implementing and maintaining reasonable security practices and procedures in relation to sensitive personal data or information (SPDI)”, while Section 72-A of the IT Act mandates “punishment for disclosure of personal information in breach of lawful contract or without the information provider’s consent.
India also has a number of regulatory guidelines which enforce data preservation rules across industry verticals such as Financial Services, Healthcare, Manufacturing, Pharmaceuticals, IT services etc. Some examples are the GST norms, KYC, AML, BCSBI, IRDA’s Product Filing Procedures, Factories Act etc. Many of the Indian organizations in export sector and global markets also have to adhere to International norms of maintaining digital records, like SOX, GDPR, HIPAA, GCP etc.
Technology for data management
A number of technology solutions are being developed to address the concerns associated with data management. By identifying the right technology and integrating them into your processes, you can get rid of the worries associated with data compliance. With effective implementation, you can achieve the following results: Proper data capture and management; Ensuring data protection, data integrity, and more, while adhering to compliance; Responsible retention and disposal; importance of data capture and management.
The complexity of data captured from different sources has created concerns among businesses, especially in the context of accounting and auditing. Anomalies in financial data could result in hefty regulatory fines and serious consequences, including shareholder concerns leading to enforcement actions by respective exchanges. With effective data capture and management, they can be free from the regulatory hurdles associated with storage and retrieval of data. Automated data management helps you archive and classify data intelligently, based on granular policies so that it can be retrieved and analyzed for any audits in the future.
Typically, document management strategy should address the different aspects of information access and usage. Authentication of data is a key consideration, as it will decide who has access to documents, contracts, agreements, and other confidential documents shared across the company’s networks. Similarly, maintenance of records is important in order to ensure easy and accurate access to records. The document should be searchable and accessible in the desired format. Finally, there must be strict protocols for document retention and destruction, in adherence to the data compliance measures adopted by the organization.
Addressing the pain points in data integrity
In the wake of growing security breaches across the globe, India has implemented strict data protection laws to safeguard the integrity of data. The challenge for organizations is to comply with these regulations while also leveraging the power of the “new currency” to identify new business opportunities. For example, a telecom service provider in India needs to have a clear understanding of the boundaries and legal implications of using thecustomer data for promoting their new products or services. Similarly, organizations that forge third-party data sharing partnership to build new business opportunities must comply with the clauses and privacy policy. The Social- Mobile- Cloud culture has made data compliance even more complex. For organizations which have implemented Bring Your Own Device (BYOD) strategy, these regulations have become double-edged sword. On one hand, the compliance policies allow them to secure their organizational data through proper monitoring and encryption methods while on the other side, it could violate the privacy concerns of their employees. Keeping the integrity of both organizational and employee data becomes a tough challenge.
Thanks to the evolving technologies, organizations today are able to integrate “a proactive compliance” into their data management strategies. With multilayer access rights and permissions, data authentication and governance becomes easier. The advanced encryption capabilities allow organizations to encrypt all data and metadata stored in the repository, ensuring data security at all instances, even when it is stolen or lost. With encryption and firewall capabilities, privacy and integrity can be maintained across all endpoints.
Data retention and disposal
Considering the sensitive nature of data, governments have enacted strict rules for data retention and disposal. In India, the law specifies that financial records need to be retained for a minimum of 8 years (Company Act 2013). Further, the law mandates that the data must be accessible anytime, in the event of a regulatory or legal proceeding. Some of the recent incidents like thescandal perpetrated by Bernie Madoff confirm that such data retention rules are vital for investor protection. Organizations are therefore required to implement a robust data retention policy to avoid inadvertent and deliberate deletion of records. Retention can be set on an individual object-by-object basis if required or by selecting related retention policies under different modes. For example, in compliance mode, objects under retention may not be deleted through any mechanism while in enterprise mode such objects may be deleted by authorized users alone.
Electronic records are considered legal assets, so disposal of datais important considering the legal implications involved in unauthorized access to sensitive data. With rising number of personal storage devices and their careless disposal, organizations are aware of the importance of implementing the right data disposal strategy at their end. Education alone won’t serve the purpose in most cases. With strict enforcement of data access and disposal policy, this can be achieved to a great extent. Today’s mobility-driven business environment demands an automated data deletion and modification strategy that can ensure that no traces are left after disposal. For example, the digital shredding method is widely accepted as a compliance technique for data disposal. The technique helps overwrite deleted files in a random pattern. This technique can be applied to specific and selective data in response to changing circumstances. With effective controls, deletion can be monitored and verified.
New Age storage techniques ensure immutability, authentication, and chain of custody to meet data retention compliance and produce the digital records with confidence in a court of law in case of litigation.
Belling the wildcat
Information security is one of the biggest challenges faced by every nation, organization and individual. It is the combined responsibility of all parties involved in the transaction to comply with the policies and regulations set by the respective authorities from time to time. Any violation to this code could invite severe financial loss to those involved in the breach. Hence it is important to devise the right data management strategy at the right time.
The writer is Regional Manager, Platforms and Solutions, Hitachi Vantara India.