Data Protection Series: How do New Data Privacy Laws Affect Records Managers?

Published On January 25, 2018

Paper is an important part of information security.

Data privacy laws are in the news a lot lately. The proliferation of data and the growing number of data hacks has put data privacy in the spotlight, with many organizations left wondering where they should go next with their current data privacy, protection and compliance plans. The following is information intended for records and information managers, who may be one of the least-addressed groups when it comes to this issue.

Ensure you have a voice in your organization.

New data protection laws will directly affect the way you do business, and it’s imperative that your legal department or external law firm is complemented by your knowledge on day-to-day records management process. The general tendency for organizations is to dump all legal matters on external lawyers, but these lawyers won’t be looking at your business’ operational needs from an information governance perspective. The information governance stakeholder group should have privacy as part of its remit and the records manager should be a key player in that group.

Take a pragmatic approach.

Make sure to connect and get the input of individuals at your company who understand business operations and strategy. The information governance stakeholders that adopt privacy issues will be able to position solutions in a broader context that align to those strategic and operational needs.

Don’t forget about paper.

Paper and data privacy: you may be wondering exactly where I’m going with this. Most people talking about data protection aren’t focusing on physical assets; they’re focusing on digital data because of the high profile cyber-attacks happening nearly every week.

However, paper is important in the data privacy conversation precisely because it’s now so easy to ignore. This raises potential threats surrounding your records falling into the wrong hands. Though organizations are reducing their reliance on paper, nearly every organization still uses it in some format. This disposable medium is posing an unseen risk. It’s all this blog would have been about 15 years ago, and we can’t forget about it now. That’s why secure information destruction is so important.

Paper also poses a risk in that it can be quite difficult to find once misplaced. If you don’t have the indexing and digitizing plans in place to keep your information well-organised, you may find yourself in hot water when a disclosure or subject access request is submitted. For the eighth consecutive year, the average cost per lost or stolen record has risen. The figure rose from around $140 in 2014 to around $150 per record in 2015, according to Information Security Buzz. The longer paper sits without any plan, the bigger risk it becomes. After all, sometimes you don’t know what you’re missing until you need it.

Encourage information responsibility.