05 Jan Data Residency Part II: Five Best Practices for Compliance
Data Residency Part II: Five Best Practices for Compliance
05 January 2021 · 5 min read
This is part II of our Data Residency series. Read Part I on Data Residency: What is it and why should your organization care?
Data residency, otherwise known as “data sovereignty” or “data localization,” is a hot topic amongst organizations that work with sensitive data. These laws are sets of practices designed to regulate the location of data and metadata, its movements across jurisdictions and geographies, and protection against unauthorized access.
In essence, data residency follows previous laws from the paper record era where companies had to ensure their records did not leave their country of origin. But in an increasingly globalized economy, where data needs to flow freely to ensure successful delivery of services, such laws are difficult to enforce and may even have negative repercussions.
Implementing strict data residency laws could stifle innovation by adopting cutting-edge cloud computing, machine learning, and other technologies that increase organizational efficiency and reduce costs. Instead of such laws, countries can build trust and accountability mechanisms with other countries, improve data protection laws, and develop policies that promote technological innovation.
But until such measures can be implemented, organizations have to work around restrictive data residency laws.
Here are five best practices on what your organization can do to balance compliance and efficiency.
Assemble a Governance Team
Increasing laws and regulations concerning privacy, cybersecurity, and data residency add to the challenge of compliance for any organization. Attempting to implement processes with built-in compliance becomes too difficult without the proper expertise. That is why having a specifically appointed governance team from all business lines is helpful.
Your governance team should include key representatives from legal, IT, security, compliance, etc. This team will coordinate and implement strategic and operational processes across geographies and jurisdictions to ensure business runs as usual with the added compliance feature built into it.
Build a Robust Governance Program
Your appointed governance team should also be responsible for developing a robust governance program. Any global or multinational organization should define all processes around managing and governing sensitive data throughout its entire lifecycle. Organizations and their employees should be aware of what happens to data for projects, engagements, matters – whatever you may call them – from inception to completion.
Processes regarding data management and governance should include understanding where data is located, determining who needs to have access to different projects, folders, and documents, how long data should be kept for, and more.
Organizations that do not have such processes for a successful governance program will be at risk for non-compliance with data residency, privacy, and cybersecurity requirements.
Ensure Proper Metadata Management
Data residency laws include rules about where data and metadata should be kept. Naturally, your organization’s governance plan should include measures to ensure proper metadata management.
Your governance team should engage in creating a complete data map or information model that includes all data and metadata for any collaboration system that the organization uses. This map or model will allow you to determine where data is located at all times and catalog it based on sensitivity.
Understanding data location and context based on available metadata helps your organization’s risk management team apply appropriate access management and disposition policies, ensuring that you comply with data residency and privacy & cybersecurity regulations.
Generate Regular Compliance Reports
Simply having a governance program with processes to ensure data and metadata management is not enough. Your organization should actively monitor compliance and data flow to determine risk and compliance with data residency laws and other policies.
Ensure that your organization is generating regular compliance reports to understand how data is flowing from one jurisdiction to the other, how much data resides in each country, what type of access each employee or third-party has, and more. These reports will help you identify and address any potential shortcomings and demonstrate that you have taken the necessary measures to protect sensitive data.
Automation is Key
Your governance team can work night and day to ensure sensitive data is appropriately managed and governed. Still, if the governance program is manually executed, it will lead to inefficiencies and human error.
Humans are a large factor of error and risk in organizations. An organization’s inability to control for human behavior can lead to mistakes and non-compliance with data residency, privacy, and cybersecurity laws. The optimal course of action is to pair humans and automation technology.
Automating your governance program will lead to more efficient and compliant actions. Instead of a person having to manually go into each system, project, and document to update metadata, security, and disposition policies, technology could help you do it in less time and with more accuracy.
How Prosperoware Helps
Prosperoware CAM is a SaaS enterprise platform that enables organizations to leverage their collaboration systems for digital transformation while improving governance. CAM allows organizations to enhance processes around management of office documents, improve adoption, and reduce risks related to privacy & cybersecurity.
Our unique approach relies on adding context by applying rich metadata to identify projects, matters, engagements, etc., to workspaces, Teams, Channels, and folders in systems. This approach benefits end-users and the risk management team. Users can leverage critical metadata to easily locate content, while risk professionals can focus on the security and disposition of data instead of trying to determine its context.
CAM integrates with a variety of collaboration systems, including Office 365 (Microsoft Teams, SharePoint Online, OneDrive, Planner, OneNote), File Shares, iManage, NetDocuments, HighQ, and more to come.
Key CAM features for data residency include:
- Unified directory to locate data across collaboration systems
- Automatic provisioning of workspaces, Teams, Channels, and folders from Project Portfolio Management, CRM etc., or through a human workflow using templates
- Unlimited rich custom metadata for project or document context
- Automatic provisioning of internal & external users and access management
- Data Loss Prevention including activity monitoring, reporting, and bulk security & metadata changes
- Data disposition policies and litigation hold