Home on the Range – Keep it Safe. Data Sovereignty and Security
The recent Microsoft versus the US Department of Justice (DoJ) is an interesting development in individual privacy, some laud it as a resounding victory on behalf of all citizens who still hold on to hope that our information will be kept private. That is yet to be seen.
But let’s take a look at a scenario in the real world – your world. What should we be thinking about in terms of compliance and data sovereignty? I have to purchase a dog’s license every year. The people who live two blocks away, in a different township, don’t. It’s not the money – 5 US dollars, it’s the potential of having my dog taken away. Every organization faces compliance in some form or another. At the very minimum it can introduce a lack of trust with those you do business with, jeopardize your relationship, and your overall brand. Government organizations, pay attention, you are not exempt. There is the possibility of financial repercussions and increased risk. Or you could just choose to live in fear of getting caught if it’s your responsibility. So what can you do about it?
This isn’t a sales pitch – it’s just what our clients need to do and the fact that we have viable solutions to tackle this issue. To take a step back, we automatically generate multi-term metadata and auto-classify it to a taxonomy. Given that fact, we surface very rich consistent metadata and that the auto-classification engine uses to find just about anything that exists as unstructured or semi-structured data that is pertinent to the topic.
We start with a taxonomy that contains the verbiage and descriptors of the content you are trying to find. Rules are easily (and I stress easily) created and then you let the auto-classification do what it does best. It will find all references, similar references, and multi-term phrases that are relevant and even inter-related. Voila, you have your data set that is pertinent to the law. It is that easy. From there you can use workflow to automate the process and send to a specific repository, a person, remove the content from search, disable portability, it’s all up to you.
The same process is typically used to identify any security (PII, PHI) or anything deemed by the organization as confidential, securing it before you have a data breach. Circling back to Microsoft and the DoJ, the metadata environment now affords you the opportunity to ensure that all the data that should reside locally actually does and its storage is compliant with country and local laws. If you are cloud based, your SLA should cover you, but I would be careful and make sure it’s quite clearly spelled out.
Food for thought. Did you know that it is illegal in Ohio to get a fish drunk? In Eureka, Nevada it’s illegal for a man with a moustache to kiss a woman, and in Maryland it’s illegal to mistreat an oyster. Try creating taxonomies for those laws!