By Paul Bruton, Business Director, Data Intelligence, Hitachi Data Systems, Asia Pacific
In a region as diverse and geographically spread as Asia Pacific, it has often been a challenge for organizations to stay up-to-date with the latest regulations and ensure they are compliant. With several developments, including China’s latest cyber-security law (taking effect June 1st), Australia’s Privacy Law changes in relation to Data Breaches (taking effect 22 February 2018) and the EU's pending General Data Protection Regulation, combined with a confluence of dynamic market changes and the emergence of new technologies, more and more pressure is being put on companies to adapt much faster to keep up with the changes around them.
Frequently overlooked, compliance is fast becoming one of the most important aspects of any modern business. That’s because the consequences of ignoring this complex and increasingly critical consideration can end up being incredibly costly.
Statistics point toward a rapid rise in business data, meaning the volume of data businesses need to store, manage and report on is becoming more difficult to administer. So how can businesses in the region ease this burden and ensure they meet the required regulatory and security standards? There are a few areas to consider.
Data retention obligations
Historically, data storage and management obligations have been borne out of a need for record keeping. Various company records, tax and audit requirements necessitated the storage of accurate records for specified time periods. Market failures during the early 2000s - such as the Enron scandal and the credit crunch - exposed many institutions, particularly financial institutions, as having record management systems that were not fit for purpose. This led to significant legislative reform, particularly in relation to the integrity of records and reporting obligations.
Game-changing regulations, such as the Sarbanes-Oxley Act, mandated strict fraud prevention reforms to improve financial disclosure by corporations and prevent accounting fraud for companies listed on US exchanges. This had implications for businesses outside of the US as well. With some requirements applying to affiliates within international groups, even businesses in Asia can find themselves caught by extraterritorial legislation.
Falling short of these regulatory and compliance standards can be an expensive oversight. Regulators may take enforcement action, including fines calculated as a percentage of turnover, revocation of operating licenses and an organization may also suffer reputational damage from being exposed as non-compliant.
Capture and Management
With consumer interactions increasingly taking place via mobile apps, social media and chat-bots, it can be a challenge for businesses to accurately capture all relevant data. This requires a thought-out policy towards data management, one which allows data to be stored independently from the application, and remain accessible and readable in the future.
Businesses also need to create and store data every day, in an ever more regulated environment. Data capture and management must be deployed to enable a company to comply with all its reporting and retention requirements, as well as a way of self-certifying to certain national and international standards. Compliance with international standards gives the necessary assurance to customers and regulators alike that an organization has effective data management systems in place.
For example, Dodd-Frank requires financial institutions to maintain full, complete and systematic records in relation to all financial dealings. And its reach goes beyond the borders of the USA, to extend to overseas affiliates and providers of outsourced business functions.
Disposal and defensibility
When a business does find itself in a dispute, being able to rely on the data it has stored and being able to retrieve the right data quickly is essential. In fact, there is a global movement towards the legal recognition of electronic communications so that they can be admitted in evidence in court and so that countries can shift their economies from paper-based ones to more efficient electronic ones.
Current best practice for meeting regulatory compliance is to retain all e-mail in an indexed format for ease of search and retrieval. However, few organizations are implementing an affective eDiscovery layer to search, meaning when they need to find relevant information the cost can run into the tens of thousands of dollars.
Likewise, there are minimum retention periods of accounting records so that a company can demonstrate its financial position at any point in time. But they vary widely – from 3 to 12 years – across the Asia Pacific region. This can be particularly important when it comes to mitigating the risk of future litigation. A robust storage solution will provide for the systematic review, retention and recall of documents created during the course of business as well as permanent deletion when required.
Building a strategy to keep up
That’s the theory. But, how can an enterprise put it all into practice? One way is to use object storage technology, like that in the Hitachi Content Platform. This enables organizations to ingest, tag and store data such as emails, making it easier to search and access data later down the line.
Companies also need to build a strategy that encompasses data management, data governance, data mobility and data analytics. This should focus on automating day-to-day IT operations, like data protection, and be able to evolve to changes in scale, scope, applications, storage, server and cloud technologies over the life of data. In IT environments where data grows quickly or must live for years, decades or even indefinitely, these capabilities are invaluable.
With object storage, the integrity and authenticity of data stored is guaranteed. The digital fingerprint of each content object stored, is a badge of uniqueness. This plays a critical role in the prevention of alterations to records and in the prevention of deliberate or inadvertent “overwriting” of a record by a new version, thereby aiding record retention and preservation.
Due to this fingerprinting technology, records stored do not change and so can be proved to be authentic in a court of law, meaning every action within the system is fully auditable.
The bottom line
While compliance is compulsory for every company, the requirements become even more onerous as businesses grow. And there is more to the process than merely following the rules. The keys to success are knowing how to interpret them, and the ability – and technology – to apply that effectively.
Please feel free to download the whitepaper titled “Navigate the Data Governance Landscape With Confidence” co-authored by Hitachi Data Systems and Fieldfisher here: https://pages.hds.com/data-governance.html