Organizations are facing a multitude of modern digital challenges. From the complexities of cybersecurity, data management, and information governance to ever-evolving legal, regulatory, and compliance requirements, companies can become overwhelmed by what they can and can’t do in the course of business.
Although companies can’t predict the future, they can become better prepared for what may come next. A solid data preservation and collection plan can mean the difference between being prepared for an audit or litigation and scrambling at the last minute to get all the pieces of data together for eDiscovery or compliance purposes.
Given that, here’s how you can develop this kind of plan, all while keeping your team in mind throughout the process.
Cybersecurity and information governance go hand in hand.
The first step in your cybersecurity plan is a robust information governance plan. This is an organization’s processes, controls, policies, strategies, and technologies used to anticipate and thwart cyberattacks if and when they happen. Information governance and cybersecurity have a strong relationship because you can’t have one without the other.
How to make this plan: Knowing your data is key to preventing and/or surviving a future security attack. Work with your team members in all departments, from IT to the corporate suite, to determine the sets of risks and priorities in each department. One department will need to be in charge of implementation, while the other departments will hold an advisory role. Then, you’ll create and revise policies and protocol as cybersecurity issues change and become more sophisticated.
The best data management is continuous.
Pulling an all-nighter before a big test was never a good idea, and it’s the same with data management. A compliance audit or litigation can strike at any time, in which the firm or opposing counsel will request your data. You don’t want to be backing up data or even looking for data you didn’t realize you had when someone is requesting it ASAP. You’ll want to understand what you have and implement a system for managing it as it grows and changes.
How to make this plan: Preserving and collecting data, especially from your website, means accounting for every aspect of web technology on a regular basis. You must collect and preserve this data in its native format should opposing counsel request it in this form during litigation. You’ll also want to capture the Javascript-enabled aspects of your website, and the following items that are beyond websites: emails, voicemails, tools, and social media. You may also need to preserve communication methods hosted on your website in different ways. As an example, web-based communication platforms connected to social media, like Slack, must capture not only the original message, but also images, embedded files, and external links.
Understand what to keep and what to toss.
They say you can’t take it all with you, and that’s especially true with data preservation and collection. Though your knee-jerk reaction may be to keep every piece of data that’s ever passed through your company, the reality is you need to keep only what’s required by law and via compliance regulations. That way, you have what you need and none of what you don’t.
How to make this plan: Take stock of your data, and then consult the laws and compliance rules according to your industry so you can be sure you’re on track.
Having a trusted partner while creating your plan can also go a long way to keeping you compliant and knowledgeable about your company’s data. If you’d like to learn more about how to make your own data preservation and collection plan, visit our resource center.
