Senior Director, FTI Consulting
After more than a year of social distancing, most of us are ready for a safe return to normalcy in our personal and professional lives—and just in time, the world is beginning to open back up. Still, even after offices are fully reopened, most work environments will maintain flexible, hybrid models wherein many employees continue to work from home. As a result, organisations will need to pay continued attention to how they evolve, maintain and enforce their information governance and data privacy programmes.
Given the sudden pivot organisations were forced to make to enable remote work, many may not have had time to fully address or mitigate the data risks that came along with widespread, disparate use of collaboration and cloud-based tools. The adoption of whatever tools were necessary to maintain business continuity created an unprecedented explosion of data volumes, types and risks overnight. In effect, while employees did what was necessary to work while social distancing, company data became increasingly chaotic and co-mingled. The ripple effects of this continue to be felt across nearly every organisation.
FTI Consulting’s 2021 Resilience Barometer® found that nearly one-third of companies have dealt with the loss of customer or patient data, phishing, loss of IP or loss of third-party information over the last year, and nearly 70% are facing investigation on third-party data privacy (for some it has already happened, and is currently happening or is expected to happen in next 12 months among others).
It's essential for organisations to simultaneously gain control over the data management gaps that emerged during the pandemic and bring their practices up to standard for a future, long-term hybrid or remote work environment. Beyond GDPR’s data privacy drivers, other countries have applied rules that organisations prohibit employees from using software that generates but does not appropriately retain business communications—such as the U.S. Department Of Justice Foreign Corrupt Practices Act (FCPA) Corporate Enforcement Policy guidelines for the use of instant and ephemeral messaging.
Taking a proactive approach to IG will support compliance whether employees are working remotely or in person at a central office. It can also strengthen an organisation’s ability to quickly and efficiently respond to time-sensitive data requests for internal investigations, litigation, regulatory inquiries and data subject access requests. Critical steps for proactively resetting and improving governance include:
The silver lining of these new data challenges is that they have increased awareness of the importance of IG. Governance initiatives now have a seat at the table, with recognition from executives that data issues can make or break nearly every critical area of the business from privacy, to legal obligations, to compliance, to customer trust.