Blog > January 2021 > Three Common Privacy Compliance Myths

Three Common Privacy Compliance Myths

Despite making headlines for the past three years (remember the initial 2018 GDPR deadline?), data privacy is still largely misunderstood by many enterprises. Compliance and governance are often seen as burdens, red tape or afterthoughts. While they do require effort from enterprises, in today’s information economy – and especially in the current remote world – managing data privacy and governance is possible, beneficial and absolutely necessary.

ASG recently held a webinar on Content Services and PI Discovery for Privacy-Aware Information Governance. It became clear that misconceptions around data privacy are hindering enterprises’ efforts – from identifying challenges and goals, to using the best tools. To sharpen their strategies, enterprises should beware these three compliance and governance myths.

Myth #1: Information management is the key to governance.

Fact: It is no longer sufficient to simply manage information. Companies are storing, accessing and managing personal and sensitive customer information residing in databases, documents and records (e.g., Microsoft Word, reports, spreadsheets, etc.). Yet, few enterprises can scan/discover where this private data is, or properly manage its access, storage or deletion as needed.
As consumer privacy regulations, such as the GDPR, CCPA and LDPD, expand, so will the types of data being regulated. New and amended regulations will continue to introduce new consumer data rights. So, organizations must take action to ensure they are collecting and using privacy information in accordance with data privacy requirements. Privacy-aware data governance must be a priority for today’s enterprises – and it goes beyond simple information management.

Myth #2: Enterprises don’t have private data and records on shared drives.

Fact: Companies likely wish this was true, but in reality, most are struggling with sensitive data residing on shared drives. Shared drives are the wild, wild west of unstructured content. Think about it: how many employees are downloading information to prepare for a client meeting or a sales call? When HR is hiring someone, are they downloading resumes locally, sharing them and even saving them? All too many are – and the practice has grown even more unruly with remote work.

When it comes to shared drives, many enterprises are struggling with the following challenges:

  • They don’t know where privacy information resides within documents/records
  • They’re unable to associate privacy information within records to a specific customer
  • They have no audit record of who has accessed/viewed the privacy information
  • They are notable to redact/data mask privacy information
  • They maintain customer information for longer than required by law

Myth 3: Microsoft can fully address privacy protection for records on SharePoint, Microsoft 365, OneDrive and Box.

Fact: Microsoft cannot power a full privacy-aware governance strategy on its own. However, records on SharePoint, Microsoft 365, OneDrive and Box can be protected with an integrated content services solution.

ASG Mobius Content Services (Mobius) can integrate with Microsoft 365 to connect content and business processes and accelerate collaboration and efficiencies across the organization. Organizations can also automatically capture content on shared drives and One Drive, anticipating any concerns around privacy and applying redaction capabilities if necessary. Additionally, by elevating process-driven collaboration and integrating key business systems, users have the right information securely at their disposal, driving productivity and meeting compliance standards.

ASG supports enterprises’ privacy-aware data governance by automating the discovery of sensitive information. Mobius also automates the classification, access and governance for the records containing that private data. With these capabilities, privacy-aware data governance becomes attainable and manageable. Enterprises can locate sensitive information at scale – and unstructured data is no longer the weak link of information governance and compliance.

Watch ASG’s webinar to learn about Content Services and PI Discovery for Privacy-Aware Information Governance . Read this datasheet to learn how ASG Mobius can integrate with Microsoft 365 to govern content on shared drives.