Compliance Data Life Cycle Management
For better (and sometimes worse) technological advances over the past 10-15 years have created an almost unimaginable snowball of enterprise data. In Human Resources this pertains largely to people data and compliance reporting. Although many companies maintain policy documents for data and document retention timeframes they seem to be rarely strictly enforced. In addition the rate at which governments pass data privacy laws in individual countries is making the job of HR master data and document management even more complex, especially for global companies.
In the U.S. laws are often directed at minimum retention periods whereas in EU nations the laws are typically more limiting to maximum retention periods. This results in a complex data life cycle strategy for organizations where rules must be enforced for physical purging of certain data and documents typically based on an employee’s citizenship and/or work location.
Challenges and Trends
- Accelerating Data Proliferation (more systems, more connected devices, bigger enterprise appetite for data)
- Increasing Identity theft and hacking incidents
- Global legal complexity regarding data protection and data privacy
How does Fuse help?
- Identification of PII (Personally Identifiable Information) in data and documents.
- Tagging of documents and data with retention policy rules
- Consolidation and Security of legacy and current data and documents
- End to end lifecycle management from import to purging of data and documents
Data Privacy Risk
Risk exposure of data is a function of volume (# of records), time accessible, and frequency accessed. It is complicated by the fact that individual countries are passing laws to limit data privacy risk and data retention faster than many companies and HR departments can adapt.
The graph represents the data life cycle specifically in HRIS systems today. Most regulatory reports, customer reports, and interfaces pull data only through the last 3 years of history while the older data remains idle in the system(s) without Analytics applications in place. The average HRIS has a lifespan of 7-10 years. This results in 60-80% of the data (data that is greater than 3 years in age) sitting mostly unused for any reporting, but still facing even more risk than active data.
Unfortunately, because the data is viewed as “history” it is often dumped into data warehouses and unsecured databases since implementation partners and IT departments will not convert full history into transactional systems due to the additional workload and cost. In many cases the improvised security is insufficient to protect PII (Personally Identifiable Information). Often, users and corporate compliance departments are unaware of the underlying technical exposure.