The time for worry is long gone!
Just like an addict has to take a massive step in admitting their addiction out loud, before they can start the hard work to deal with it, the same applies to your unstructured file data.
Before I come across as judgemental, have a think about this …. pretty much all businesses (including ours) feel and act the same way, because they are all overwhelmed with the challenge. Every company with this challenge has one thing in common …. people!
So, you are not alone! Feel a bit better now, because I think you need to give yourself a break.
The stuff you hold in these documents is too damn important to you, and not just for one off transactions where the document will almost certainly be found. Far too important to bury in a sea of garbage.
Human Behaviour is Unstructured
So unless every document is created automatically (and most unstructured documents aren’t), then think about the number of variables that can apply when a document is created:
- Where am I going to save it?
- C: drive, Personal/home drive? Shared/team drive? Sharepoint? CRM?
- Am I the only one that needs it?
- If I don’t have a shared place to store it, how many people do I need to send a copy to?
- If I send any copies, will the email copies be deleted?
- What am I going to call it?
- The same name as the one it was emailed to me with? Unlikely both recipient and sender will have same naming needs
- Is there a process that guides me on name? Or even a rigid naming convention?
- If it gets sent to different teams, will they all call it the same thing?
- How long will I need to keep the file for?
- How are you going to record if there is personal data in the file?
And this variability will extend as you factor in multiple people, processes, locations and business units. Every time a process changes, more variability between past and present appears.
Is it any wonder that unstructured files are exactly that?
There’s no silver bullet to this. You have to look at the problem from two angles:
Have an effective data strategy in place:
- How and where, across all business processes, you store your business files (records), how you manage files containing personal data
- How you protect and share files without leaving lots of transient copies in place
- How long each type of data must be kept, and when must it be deleted
- Processes and procedures that are easy for employees to comply with – make it hard, and they will find alternatives
In parallel, understand your existing data:
- You’re file data is like a massive jigsaw puzzle. Except you don’t know how many pieces you have, how many of them are duplicate or obsolete pieces. And you don’t know exactly what the final picture is supposed to look like. None of these are reasons to ignore the problem.
- You are liable for everything you store, and with the extension of consumer knowledge of data protection from all of the publicity around the GDPR, anyone working in a consumer market (and of course GDPR extends beyond that) should expect to see an increase in SARs that they will have to process
- Take simple steps to start to understand the scale of the problem. Each step will take you some way along the road to more clarity and understanding of your data, by:
- Dealing with data that was migrated to a new solution, but no one ever got rid of the old solution
- Getting rid of data in excess of your retention policies, if you have them
- Getting rid of data that breaks company rules (e.g. email archives), if you have them
- Checking that business processes for storing data, particularly sensitive / personal data, are directing them to be stored in a place with adequate data protection and security
- Educating staff to the sensitivity of data that they handle on a daily basis
Data auditing and remediation will always be required, even with a good strategy and controls in place, to make sure people are following the rules.
Don’t be afraid to delete your data, or quarantine it somewhere it can’t be used, but can be retrieved in the short term if needed. Do be careful though, and follow a rigorous process to validate and document data is eligible to be removed, so you can demonstrate what was done, and why, at a later date if required.
Data MetaMorph’s experience
Even as a relatively young and small company, we can see the above challenges starting to appear.
The key for us is getting our data strategy and processes in place early on, as well as reporting on the data that we have, so we can do periodic analysis and clean up.