X


    X


      VIEW OUR TECHNOLOGY PARTNERS

      INDUSTRY INSIGHTS

      INDUSTRY INSIGHTS

      Information Officers, SRRs and POPPIA

      If your business is like most businesses, 80% of the data you store is unstructured. This unstructured data comprises files, documents and emails. This ‘digital debris’ is the inevitable by-product of the majority of business operations and business change.

      It is a matter of record that being able to find what you are looking for provides numerous business productivity benefits1. That is why search is a big thing. Big for global technology titans but also a real differentiator for businesses if they implement enterprise search platforms2.

      But in terms of subject rights requests (SRRs), where do information officers (and their deputies) stand when it comes to finding what they are looking for?

      Consider that a colleague, supplier, customer (or anyone) requests legitimately that your organisation delete all the personal information that your business holds about them. Could you do it? If so, to what time-scales and cost?3 What is your level of confidence that the information you have provided is complete?

      How could you validate your answers to these questions objectively? Just because you have a report (or the files themselves) does not mean you have them all.

      Testing your organisation’s readiness

      One way to test your organisation’s readiness is to collate 100 (±50) personal documents for five separate people. ‘Seed’ these in emails, file shares, SharePoint and any other repositories used by the business and then submit 5 test SRRs and see how many of the documents were found. Crucially, parties should not know how many documents there are actually in circulation. You can source synthetic data from a variety of sources4 so you do not need to rely on what you can lay your hands on internally.

      Even as a thought exercise, this has the potential to cause a little apprehension. In the right circumstances however it needn’t.

      Where does the responsibility lie?

      As information officers, is it your responsibility to ensure that information is stored (and able to be retrieved) effectively? Ideally, efficiently and economically too. No it is not. This responsibility sits with the business areas, process owners and departments which are creating, storing and processing the data.

      While the duty for overall POPIA compliance sits with the information officer (and any appointed deputies), responsibility to create, process and safely store data must sit with the business. There is a risk here however of simply kicking the can down the road. Making it the business’s responsibility doesn’t itself contribute towards POPIA compliance.

      So consider a test activity of the sort described above. Challenge business stakeholders to deliver. At the same time, explore the business benefits of simply being able to quickly find and retrieve files and documents.

      A necessary investment

      The only way to make sure that you can consistently retrieve the relevant files and documents in response to an SRR is to ensure all your files and documents are pre-indexed with a technology solution designed specifically for the purpose. That means all files and documents within the scope of an SRR request can be reliably and economically retrieved. You will also be able to provide evidence and assurance in regard to your activities.

      If you already have an enterprise search solution – make sure it is indexing all your unstructured storage repositories. If you do not have an enterprise search solution, consider the business case for getting one. DocAuthority provides solutions for business which cover a wide variety of information governance workloads including SRRs. There is a cost model here which will help you explore the costs and saving of using DocAuthority to help with your business’s SRRs. You can also find more information here on Subject Rights Requests and how DocAuthority can help.


      1.https://computhink.com/wp-content/uploads/2015/10/IDC20on20The20High20Cost20Of20Not20Finding20Information.pdf
      2.http://pages.coveo.com/rs/coveo/images/IDC-Coveo-white-paper-248821.pdf
      3.https://guardum.com/wp-content/uploads/2020/05/PowerPoint-Guardum-DPOs-Guardum-branded-2-1.pdf
      4.https://www.tonic.ai/


      Contact Patrick Devine for more information regarding DocAuthority at patrick@solid8.co.za

      Latest News

      Facts about POPIA

      Read More

      ITWeb Security Summit 2021 in partnership with AVA Security

      Read More

      South Africa’s Fireside Chat Roundtable with IronNet Security

      Read More

      How to mature your cybersecurity program with Skybox Security

      Read More

      Information Officers, SRRs and POPPIA

      Read More

      A human-centric approach to protect against cyber security threats

      Read More

      Breach and Attack Simulation vs Pen Testing

      How easy is it for a malicious actor to get into your network? Cyber attacks are growing steadily in number, strength, and variety. In parallel, even the most sophisticated adversaries are using surprisingly unsophisticated means to wreak damage. Top-notch hackers can mimic legitimate user actions and go under the radar of protective measures. They can move laterally from hole to hole and reach what matters most to you – your crown jewels.

      Read More

      Remote workforce security solution ensuring business continuity

      As businesses send their employees to work from home, it’s imperative for security professionals to provide guidance so remote workers can do their part to help you keep your organization secure and protected from breaches. With Ava Reveal, organizations get visibility of their data and endpoints outside of the office.

      Read More

      BECOME A PARTNER

      TECHNOLOGY RESELLERS AND SYSTEMS INTEGRATORS

      AltronBCXBlue TurtleClyroforDatacentrix
      DIMENSION DATA SECURITYDRSINFORMATION SECURITY ARCHITECTSNexioPERFORMANTA
      REDBRIDGE