Data management for regulatory compliance
Data management must be at the core of any organisation’s governance, risk, and compliance strategy. It is impossible to gain insights into performance, threats, or culture without understanding your entity’s data. Failing to get to grips with your data creates a whole new set of complexities and risks.
Big data: big risk or big opportunity?
The volumes of data are exploding. The IDC’s study – “The Digital Universe in 2020” predicted that there would be 40 trillion gigabytes of data (40 zettabytes) by 2020. A zettabyte is so large it is hard to wrap your head around. Just imagine, if every gigabyte in a zettabyte were a meter, it would span the distance of the Amazon River (the world’s longest river at 6,992 kilometers) more than 150,000 times.
The rate at which data is being produced is rising exponentially too. Although it took more than 40 years to produce a zettabyte of data, current projections estimate annual internet traffic will pass 2.3 zettabytes within the next 4 years.1 IBM estimates that 90% of the world’s data had been created in the previous 2 years2 so those numbers are set to keep on rising.
The IDC’s Digital Universe Report estimated that in 2012 only 0.5% of data was analysed and 3% was tagged. Estimates of ‘usable’ data (ie potential for analysis) have jumped to 37% in 2020 but that is still 63% of data not creating value and exposing organisations to potential risks.
Unstructured data and organisations
Unstructured data accounts for up to 90% of the mind-boggling volume of data created. This creates an additional challenge for organisations trying to get to grips with their data holdings.
Unstructured data is typically in a variety of files and formats and is difficult for organisations to search and analyse. Very common examples of unstructured data include:
- Emails
- Instant messenger files
- Photos
- Audio files
- Call center transcripts/recordings
- Open-ended survey responses
- Text/presentation files
- Webpages
- Social media sites
- Digitised forms of hardcopy documents
For organisations operating in highly regulated industries such as finance, energy, or health compliance issues can be expensive, time-consuming, and may cause reputational damage. Effective data management means getting to grips with your unstructured data and staying on top of your regulatory affairs.
Data compliance for organisations
Data compliance requires ensuring your data is organised and managed in such a way as to comply with the laws and regulations that govern the activities of your organisation. Data compliance is essential to organisations subject to standards including:
- Australian Privacy Principles (APO)
- Consumer Data Rights (CDR)
- Design and Distribution Obligations (DDO)
- Payment Card Industry Data Security Standard (PCI DSS).
- General Data Privacy Regulations (GDPR)
- California Consumers Privacy Act (CCPA)
Good data management practices are the foundations of ensuring your organisation satisfies its data compliance obligations.
Data management for regulatory responses
Good data management practices also ensure that your organisation is well equipped to handle any third-party requests for information (RFIs) or regulatory notices.
If an organisation shows goodwill, they have got their house in order, and are able to respond quickly and efficiently – their dealings with the regulators are more likely to run smoothly.
If you are struggling to respond in the mandated timeframe because you haven’t done anything to prepare for your dealings with the regulators – they tend to come down much harder. It is arguable that the regulators may interpret a failure to respond as reflective of an organisational culture that tolerates non-compliant behaviour.
Boutique consultancies such as icourts provide SaaS solutions and consulting to help collect, organise, and prepare large volumes of unstructured data so to ensure that your organisation is well placed when the regulators call.
Preparation is key to data management
We help you prepare your data for when you receive a third-party RFI or regulatory notice.
Consultancies such as icourts can perform a data audit, or data mapping, to identify and collect all your data and data sources.
Data could include anything from historical hardcopy contracts or trust agreements, through to operational files, transactional data, emails, instant messenger communications, and audio or audio-visual files.
Once we know what you have got and where it is – we can process it so that it is fully searchable and store it in a single repository.
During the processing stage, we can set up rules to automatically de-duplicate and cull unnecessary data. You don’t want to store spam emails for example so we can cull that during processing.
We also index the data, extract the meta-data, and OCR the content so that the documents are searchable. We can also set up rules to tag the content in a way that is meaningful for your compliance teams to aid the searching process.
In preparation for the regulators, we can then store the processed data in cold storage or offline for a nominal fee.
Your organisation is continually producing data, so it is recommended to perform ongoing periodic collections and data sanitisations.
Your consultancy should be using templated workflows to avoid charging you unnecessary consulting fees. At icourts, we keep things simple – there is no need to keep reinventing the wheel – but we live and breathe continuous improvement. We always keep hunting for that edge.
Responding to a regulatory notice
Once you have been served a regulatory notice you must produce your data to the regulators.
We can search the data in cold storage and push only the relevant data across to a hosted document review platform such as RelativityOne.
Only hosting and reviewing what is relevant saves significant time and money.
Document review spaces such as RelativityOne have a lot of additional functionality such as advanced analytics so you can easily interrogate your data in detail. Your legal or compliance team can access the review platform remotely using secure log-in credentials. Once in the platform your team can code the documents as relevant, not relevant, privilege, etc, they can also make markups, comments, and redactions. The coding fields are customisable to whatever is most suitable for your workflow.
If you have a large volume of documents to review, RelativityOne has many analytics functions to speed up the process. Some of the functions include:
- Native file reviewer (which includes emojis, audiovisual, and a huge range of file types)
- Textual near duplicate to identify very similar documents with slight differences
- Clustering of conceptually similar documents using natural language processing (NLP)
- Email threading to group together email conversations
- Audiovisual viewers – so you can view audio or video in the workspace along with the transcription
- Foreign language detection and translation
- AI-powered machine learning that learns based on your human reviewer’s decisions. The system will use these decisions to continually serve up the most relevant documents to your review teams first.
These functions are designed to save you time and make the whole review process much quicker and easier. Data and decisions such as coding, mark-ups, and redactions take place in the same environment and are fully documented, reproducible and auditable.
The other major advantage to using this kind of document review platform is the heightened data security. RelativityOne data is hosted in a Microsoft Azure Australian data center meeting more than 70 international & industry-specific compliance standards, such as ISO 27001; SOC 2, Type II, and Australian IRAP. icourts holds full ISO 27001 accreditation.
Keep the regulators onside and show that you have your data management and regulatory and compliance processes in order.
If you would like to talk to one of our regulatory and compliance consultants contact us today.