[Webinar Slides] Developing a Successful Data Retention Policy
•
2 likes•1,274 views
You can’t save everything for forever, but how do you find all the policies and regulations needed to factor into your policy plans? How do you decide and prioritize these competing requirements? Learn how to answer these questions and develop a successful data retention policy. Want to follow along with the webinar replay? Download it here for free: http://info.aiim.org/developing-your-information-management-policies
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (18)
Similar to [Webinar Slides] Developing a Successful Data Retention Policy
Similar to [Webinar Slides] Developing a Successful Data Retention Policy (20)
More from AIIM International
More from AIIM International (20)
Recently uploaded
Recently uploaded (20)
[Webinar Slides] Developing a Successful Data Retention Policy
- 4. Underwri(en by: Presented by: We’re pretty sure we are not providing all responsive data, since we don’t know what we don’t know! We really don’t even know what we have, let alone where it is! There is probably a lot of PII on our shared drives that we really need to purge. Could be devastating if we are ever breached. Our workforce is so mobile, we know our employees are saving stuff to unsanctioned cloud storage. This ‘shadow IT’ will sabotage our efforts at comprehensive disposition. I only have 24 hours to respond to a regulatory request, yet it will take me 4 times that amount of time to sift through all the garbage.
- 6. Underwri(en by: Presented by: Why Do We Care? § Compliance § Discovery Risk and Cost § Privacy § Efficiency § Storage Savings § Customer Service § Knowledge Management / IP
- 7. Underwri(en by: Presented by: The Path Forward Is Clear • Define Governance Requirements • Know Where Everything Is • Eliminate Unnecessary Data (ROT) • Unbury Treasures
- 8. Underwri(en by: Presented by: Organizational silos obstruct comprehensive approach …But LiTered with Obstacles ! ! No internal sponsor / champion ! Lack of budget & resources ! Communication gaps between Legal, IT and the business ! “Software-as-Savior” turns into “Software-as-Shelfware” ! Don’t know where the data is or what it contains ! Change management? ! Bleeding out
- 9. Underwri(en by: Presented by: Define What Governs Your Informa(on § RetenVon and disposiVon requirements § Privacy and security requirements § FRCP requirements (legal holds, etc.) § Intellectual property consideraVons § ISO standards § Business requirements
- 10. Underwri(en by: Presented by: Founda(onal Components for Defensibility § IG / RIM Policy § Purpose, scope, objecVves, accountabiliVes, responsibiliVes, standards and definiVons § Records RetenVon Schedule § Updated regulatory research § AcVonable, understandable § Comprehensive § Records, but what about everything else?
- 11. Underwri(en by: Presented by: Founda(onal Components for Defensibility § Privacy § PII / PHI / PCI handling requirements § RetenVon limitaVons § Cross border consideraVons § Privacy Shield § GDPR
- 12. Underwri(en by: Presented by: Founda(onal Components for Defensibility § InformaVon Security § Data ClassificaVon Standard § Data Mapping / Data Flows § Technologies § End-Point DetecVon, DLP, Access Controls, Virus DetecVon, Big Data Security AnalyVcs, Containment / IsolaVon Tools, Security TesVng, etc. § BYOD Policies
- 13. Underwri(en by: Presented by: Founda(onal Components for Defensibility § LiVgaVon Readiness § Legal Hold Policy / Procedure § eDiscovery Tools and Technologies § LiVgaVon Profile § Intellectual Property § Training (Change Management) § “But, we’ve always done it that way!”
- 14. Underwri(en by: Presented by: The Path Forward Is Clear • Define Governance Requirements • Know Where Everything Is • Eliminate Unnecessary Data • Unbury Treasure
- 15. Underwri(en by: Presented by: Preliminary Steps § IdenVfy and assess locaVons / repositories of unstructured content § CollaboraVon sites, shared drives, personal drives, document management systems, content management system, email, physical etc.) § FuncVonal requirements of content / records management system § IdenVfy “content placement strategy” § Is there clarity on how the retenVon schedule applies to electronic data? § Determine content assessment methodology
- 16. Underwri(en by: Presented by: Content Assessment § Manual § User-Dependent § Technology-Enabled § IT Tools § eDiscovery Technology § File Analysis Soeware § Content § Metadata
- 17. Underwri(en by: Presented by: What is File Analysis? Two Primary Levels of Analysis § File System Metadata § Includes informaVon about individual files § Examples include contextual metadata about associated servers, volumes, shares, folders, and idenVty related informaVon such as company / department / group / user permissions and ownership; as well as file specific metadata such as file owner, last author, author, file extension / item type, and create, last modified, and last accessed dates § File Content § Includes informaVon within individual files § Represents a much more granular level of detail, and subsequently a larger data footprint and supporVng set of infrastructure requirements § Repositories § Email, File Shares, ERM / EDM / ECM Systems, SharePoint, File sync and share sites such as Box.net or Dropbox, Data Archives, Business Intelligence (BI) / Data Warehouse Environments
- 18. Underwri(en by: Presented by: Representa(ve Vendors Primary Use Cases Supported by 2016 List Vendors • AcVve NavigaVon • Adlib Soeware • BeyondRecogniVon • Bloomberg • Controle • Cryptzone • Druva • Exterro • SailPoint • Titus • HPE • IBM • ZL Technologies • Capax Discovery • Data Global • Egnyte • Index Engines • Spirion • STEALTHbits • Varonis • Veritas Source: Gartner: Market Guide for File Analysis Soeware (19 September 2016) Gartner’s Note: Though most vendors support some elements of each use case, vendors are listed in the above diagram according to the major use case supported and what customers acquire the soluVon for. Governance/Policy Management Risk MiVgaVon AnalyVcs Efficiency/ OpVmizaVon • Kazoup • Condrey • Haystac
- 22. Underwri(en by: Presented by: How Do We BeTer Connect Legal Regula(ons and Opera(onal Requirements to Our Content? The first and last mile of retention The First Mile: Retention Considerations The Last Mile: Policy Execution Government regulations Industry specific regulations IT Operations Business Needs Email Cloud Desktop Physical Content SAP Structured Repositories Unstructured repositories File Shares Auto collection of laws Translate to retention rules Centralized policy Apply at scale Audit logs Connect
- 23. Underwri(en by: Presented by: Why Has Connec(ng the First and Last Mile of Reten(on Been So Difficult? Policy is not digitally connected to content Appeared complex, time consuming, costly & hard to maintain Origins of Records Management were paper not IT Demand was for commercial off-the-shelf solutions A lack of standards
- 25. Underwri(en by: Presented by: What Challenges Does GDPR Create? § Understand of the scope of PII § IdenVfy PII, determine format locate it within IT real estate § Isolate and classify PII § Appreciate the retenVon Vmes for personal data and contact informaVon § Obtain and retain explicit consent of data subjects § Limit access of PII based upon scope of consent § Facilitate the “right to erasure” of personal data
- 26. Underwri(en by: Presented by: Create a Data Map • Map both PII and Non-PII data sources • Establish relaVonships b/w data sources/owners with relevant Record Classes • Represent processing purposes consented to by data subjects • IdenVfy PII locaVons, create an e-discovery data map, and inform a coherent e-comms policy in a single project
- 27. Underwri(en by: Presented by: Retention Schedule, Organization Structure, Data Maps, etc. Enterprise Content Management Physical Content Email Unstructured repositories SAP Structured repositories File Shares Cloud Digitally Connect Policy to Content
- 28. Underwri(en by: Presented by: Mapping Report Compliance Get Consent Find Govern Classify Manage Data In Scope (Personal Data) Secure Personal Data Security Records Repository Informa(on Management & Governance Data Repositories • Data Security • Applica(on Security • Security Intelligence (Breach Detec(on)
- 29. Underwri(en by: Presented by: Complete GDPR Plaborm Analyse Record Repository Classify Data Repositories Messaging Email Files Read SharePoint Ac(on ApplicaVons Data Warehouses Document Management Data Archive Social Media Web Content Apply Store Eligible Records Declare Data Encryp(on Find Govern Apply Reten(on Rules Compliance, Legal Hold & Audit
- 30. Underwri(en by: Presented by: Methodology • Survey and confirm • Index metadata and content of documents • Extract named entities (SSN, emails, phones…) • « ROT » analysis • « Technical » analysis (size, type, age…) • Redundant • Obsolete • Trivial • Creation of Categories based on entities, metadata and/or content • Apply tags • Move • Secure • Archive • Review
- 31. Underwri(en by: Presented by: Content Manager Component Overview Ingested Policy Center data stays in Content Manager • Retention laws, jurisdictions and vertical industry information is mapped • Policy Center is polled for updates • Updates are ingested and managed permanently Content Manager is licensed perpetually • All components remain active • Annual support renewal • Connector that extracts and ingests Retention Requirements into Electronic Content Manager • Mapping of data • Classifications • Retention schedules HPE CM Policy Center Connector • Trained on existing content or BCS • Holding node prior to classification • Automatic folder creation • Linked security & retention HPE CM Auto- Classification Module • Information lifecycle management • Governance-based ECM • Access defined by authorized seats • Perpetual license + annual maintenance HPE Content Manager (ECM + Retention)