By Mike Dunleavy, Head of Professional Services (Delivery), Crown Records Management
2015 is set to be a year of real change in the data environment as new legislation, new technology and modern office trends combine to provide CIOs, office managers and HR directors with a very modern headache.
The incredible proliferation of information means every business across every sector will need to embrace significant challenges and opportunities in the coming year.
Predicting every hurdle that businesses will face in 2015 is not easy, particularly in a General Election year in which future data legislation may well be a hot topic.
But five areas stand out and now is the time for UK companies to take note – and to prepare:
1. The EU Data Protection Regulation
This crucial piece of legislation is expected to be ratified by European ministers during 2015 and will completely transform data protection across the continent by the time it is enforced in 2017.
The right to be forgotten has already been a hot topic as both Google and Microsoft rush to remove outdated personal data from internet searches in response a European Court of Justice ruling. But that ruling is just the thin end of the wedge as the EU attempts to provide a Europe-wide regulation to replace the UK Data Protection Act.
Importantly, it will offer citizens far more control over their personal data – including a right to ask for it to be deleted or corrected – and huge fines for companies that negligently breach the regulations. These could reach 5 per cent of global turnover, or 100m Euros if greater. A requirement for every company that handles data and has more than 25 employees to employ a Data Protection Officer is also likely to be included.
Tip: The new regulation will have a significant impact on all businesses that handle data – not just data controllers. It is vital for companies to put systems in place early that allow them to know exactly what data they hold, how it was sourced, how to access it and how to edit it. Rules around data privacy are changing across the world too – Singapore, Malaysia, Australia and even China have new legislation in the pipeline.
2. Mobile working
The trend of mobile working is only going to grow in 2015 - the modern mantra is that ‘work is not a place, it’s a thing you do’. There are already more than 4.2 million employees in the UK – 14 per cent of the workforce – who work from home.
The most recent legislation, in June 2014, means every employee in the country has the right to request flexible working after 26 weeks of employment service. This right was previously only available to parents with children under the age of 17 or certain carers.
The trend of flexible working is likely to grow in 2015. In fact research has shown that Generation Y are more likely to stay in a job if they have greater flexibility over where and how much they work, frequently a more important factor than a higher salary.
Tip: Businesses will need to ensure they set up secure systems that provide safe and structured access online to facilitate this development, because the threat of data breaches is clear when information is being transferred in and out of the office.
The increasing prevalence of ‘bring your own device’ to work is set to have a fundamental impact on IT in 2015 as the number of smartphones across the world is predicted to reach two billion by the end of the year.
This is a growing concern as employees also take tablets, laptops and USB drives to the office – and risk compromising online security as they connect to the corporate network or access corporate data.
New technology brings new challenges, too. Wearable technology is predicted to boom in 2015, which could see employees bringing Google Glass or smart watches into the workplace.
There are so many questions to consider. How do you know what information is being recorded in your work space? What happens to information on a personal phone or tablet when an employee leaves? What rights of access does an employer have to personal equipment used on its systems?
Tip: Having a BYOD policy is a basic requirement for any organisation. Policies should specify what devices are permitted, outline a stringent security policy, make it clear who owns which data, and detail which apps should be banned in the office environment.
4. Data breaches
Data breaches have been a significant issue in 2014 following news of leaked customer data at Barclays, patient records lost by NHS Trusts and concerns over NHS databases.
How businesses dispose of data should therefore be a high priority – and secure destruction will be a key phrase in 2015. Increased legislation helps guide business in best practice; but still we see fines levied every day against companies who have not managed their records effectively – and new EU Data Protection Regulation will set punishments even higher.
Tip: It is estimated 80 per cent of data breaches stem from human error. These can be mitigated by ensuring staff know what is expected of them and understand the consequences of failing to protect sensitive data. Passwords should be changed on a regular basis and staff aware of when to do so. Encryption adds another level of data privacy and should be placed on all devices including mobile devices, back-up tapes and laptops.
5. Data proliferation
With the digital universe currently doubling every two years, many businesses are in danger of being overwhelmed by the data generated.
The absolute key to good data governance is in being able to identify early what is a record and what is simply data noise. Starting 2015 with an audit to distinguish how much data currently stored actually needs to be kept is vital and can save money. Current estimates are that one desk costs a company £10,000 per year in London. Reducing the space needed for storage has financial benefits.
Tip: Not every business will have the capability to cope the volume of data it handles, and for some out-sourcing may be key. Gartner predicts that by 2018 more than half of organisations will turn to firms and consultants that specialise in data protection, security risk management and security infrastructure management.