Data Protection Series: How Do New Data Privacy Laws Affect Records Managers?

By: In: Data Privacy & Protection On: Jan 25, 2016
Data Protection Series: How Do New Data Privacy Laws Affect Records Managers?

Data privacy laws are in the news a lot lately. The proliferation of data and the growing number of data hacks has put data privacy in the spotlight, with many organisations left wondering where they should go next with their current data privacy, protection and compliance plans. The following is information intended for records and information managers, who may be one of the least-addressed groups when it comes to this issue.

Ensure you have a voice in your organisation.

New data protection laws will directly affect the way you do business, and it’s imperative that your legal department or external law firm is complemented by your knowledge on day-to-day records management process. The general tendency for organisations is to dump all legal matters on external lawyers, but these lawyers won’t be looking at your business’ operational needs from an information governance perspective. The information governance stakeholder group should have privacy as part of its remit and the records manager should be a key player in that group.

Take a pragmatic approach.

Make sure to connect and get the input of individuals at your company who understand business operations and strategy. The information governance stakeholders that adopt privacy issues will be able to position solutions in a broader context that align to those strategic and operational needs.

Don’t forget about paper.

Paper and data privacy: you may be wondering exactly where I’m going with this. Most people talking about data protection aren’t focusing on physical assets; they’re focusing on digital data because of the high profile cyber-attacks happening nearly every week.

However, paper is important in the data privacy conversation precisely because it’s now so easy to ignore. This raises potential threats surrounding your records falling into the wrong hands. Though organisations are reducing their reliance on paper, nearly every organisation still uses it in some format. This disposable medium is posing an unseen risk. It’s all this blog would have been about 15 years ago, and we can’t forget about it now. That’s why secure information destruction is so important.

Paper also poses a risk in that it can be quite difficult to find once misplaced. If you don’t have the indexing and digitising plans in place to keep your information well-organised, you may find yourself in hot water when a disclosure or subject access request is submitted. For the eighth consecutive year, the average cost per lost or stolen record has risen. The figure rose from £95 in 2014 to £104 per record in 2015, according to Information Security Buzz. The longer paper sits without any plan, the bigger risk it becomes. After all, sometimes you don’t know what you’re missing until you need it.

Encourage information responsibility.

Getting control of your paper is just as important as protecting your digital data. And it’s your job as a record manager to make paper an equal priority. Learn how to encourage Information Responsibility in your organisation with our helpful guide.

← Data Protection Series: Are You Ready for the Zettabyte Apocalypse? (Part 1) Data Protection Series: To De-Duplicate or Not? (Part 2) →

Leave A Comment

About the author

Gavin Siggers

Gavin Siggers is an information governance and records management expert with over twenty years’ experience as both a practitioner and consultant. As the Director for Professional Services at Iron Mountain, he leads the information governance advisory practice for Europe. He is a board member for the UK Chapter of ARMA International and was previously the European Region Director. In addition, he is a mentor for the Information and Records Management Society. Gavin specialises in leading clients through the development of information management strategies and a usable governance framework for their information assets that takes account of business, legal and regulatory requirement. Gavin has worked across industry verticals throughout Europe and the USA, delivering strategic business side consultancy in information governance and system design, implementation and training.