Blog > June 2019 > Right to be Forgotten: Part 3

Right to be Forgotten: Part 3

The “Right to be Forgotten” is gaining traction with consumers in the United States. According to a new poll, nearly nine in 10 U.S. voters want "the right to be forgotten" on the Internet. This demand will impact companies beyond just web service providers such as Google, Bing and Yahoo. As consumers are empowered with ownership of their personal information, requests will continue past the tech giants.  Today, every organization—of every size and across all industries—is data-driven and must be prepared to comply with data privacy regulations. That’s why ASG is focused on helping our customers tackle the right to be forgotten as one of those regulations and, in addition, reap the business benefits of compliance.
In our last blog post on the right to be forgotten, we discussed how advanced retention and redaction capabilities help organizations address their compliance needs. Here are three more approaches to meet consumers’ needs to “be forgotten.”
Tagging Wild Content
“Wild content” should be a cause for concern at most organizations. While many companies have data stored in content platforms, much of that data is not classified properly. As such, certain data—structured or unstructured—may not be recognized as customer records or personal information. Identifying and tracking personal data is essential to comply with privacy regulations (e.g., the CCPA and the EU’s GDPR). Organizations must ensure they aren’t maintaining customer documents for longer than what is needed for business relationships or what is required by law. Yet, this wild content may be on shared drives across 20 departments without the organization’s knowledge.
Companies must identify where content lives in the wild by tagging customer data across all shared drives and collaborative systems and, once identified, take appropriate action in the systems. Once tagged, content is easy to clean out so there isn’t any consumer information that will catch organizations by surprise. Modern solutions, such as ASG’s Mobius Content Services Platform, offer federated search capabilities that provide a comprehensive view of content across the enterprise. With this visibility, organizations can manage content from one point of entry while keeping content where it lives until it is no longer required.
Structuring Your Data
While 80 percent of an organization’s data is unstructured—living in Word documents, spreadsheets, PDFs and images—the remaining 20 percent of structured data is equally important for compliance. ASG’s Data Intelligence solution makes it easy to identify customer data residing in organizations’ applications, databases and data lakes. The automated nature and the tracking of privacy compliance programs will be necessary when auditors and consumers start making data requests. ASG offers more than 230 interfaces that allow organizations to scan through their enterprise IT systems, find that personal data and trace the data lineage as it moves from system to system. That way, they not only know where the data is, but also where it’s been and who has accessed it.
Managing structured data helps organize unstructured data as well. Data validation puts values across unstructured content. With a full view of where customer data is living, organizations can discover it more easily when it’s time to delete.
Federating or Migrating
As organizations decide to consolidate or migrate systems for digital transformation, they must consider how this process will affect their content and compliance. Organizations must determine where the content is generated, how it will be consumed and if it can be organized for easier governance as well as disposal when necessary. The ultimate goal in deciding to federate or migrate is to ensure proper governance while not disrupting, or even finding business gains for, the end user. Organizations can start with this legacy system checklist:
  • Does the organization have governance services in place in those systems, such as encryption at REST, redaction and event-based retention?
  • Is the information properly indexed and classified?
  • Do these systems have open APIs as well as interoperability standards (such as CMIS) that make it more feasible to federate disparate systems, find information and take action?
To comply with the right to be forgotten, organizations must discover the unknown. ASG helps our customers do just that. Organizations don’t know what redundant or trivial content exists until they deploy the appropriate solutions to find out—or until an auditor beats them to it. To meet customer demands and comply with the right to be forgotten, organizations can find the approach that works best for their needs and start taking action today.
For more information on ASG’s Content Services, read this data sheet on the solution’s business benefits, use cases and more. To learn more about our approaches to the right to be forgotten, watch this webinar on how to govern large volumes of content and a wide array of data types that are spread across disparate systems.