In June, CUBE hosted a webinar with Matthew Bernstein and Lynn Molfetta of MC Bernstein Data, as well as our very own Head of Customer Success, Lee Fairey, to discuss the growing significance of Regulatory Intelligence within Information Governance.
During the webinar, Lee, Lynn and Matthew took questions from the audience. CUBE reflects on the answers provided on topics from ROI for RegTech, to the future of information governance. In this extract, Matthew and Lee look at their priorities over the coming years.
What does the future of information governance compliance look like and what are your top priorities for the next two to three years?
MB: I think one thing that’s obvious is the convergence of records management and data privacy. One of the other things we haven’t talked about is the intersection and the interaction of information governance with what is typically the Chief Data Officer or someone who’s using information from a business value point of view.
With information governance – when we think about records management, for instance, or retention – we always think “Okay, retention, why retention?” Because there are regulations, because there are laws, because there may be a legal or a regulatory enforcement action in place, so you have to put things on hold – but there’s also business value. In the past, the business value really was about a business’s own policies on what it wanted to retain. But more and more people are looking at the value of information.
So when you look at the value of information there’s a natural instinct to keep, store and process everything – especially with Cloud storage and the prevalence of low cost or seemingly low cost storage – but that creates two problems: firstly, the quality of the information that’s being analysed from a business value point of value and, secondly, what are the risks associated with over-retention and those processes themselves?
When you are bringing disparate data sets together or you bring your PII into a place where it shouldn’t be seen, or creating jurisdictional data residency issues across the oceans, for instance; are you combining data that creates personal information that didn’t exist before; are you bringing it under the jurisdiction of an industry vertical regulator that you didn’t interact with before; are you creating information that now needs to be retained because it becomes effectively a record?
These are things that data scientists generally aren’t addressing, and I think we need to be thinking about more and more, particularly as the public and the legislators react to companies using data in ways that people don’t like. It isn’t necessarily wrong, but there’s a reaction to it. So, by having information governance work with the data office, you’re going to avoid some of those problems. I think that is going to be the challenge of the next ten years because companies want to make use of that data.
LF: For CUBE customers, I think the focus at the moment – or over the course of the next 12, 24 months – is automation. They’re using tools to capture the regulations, they understand them, they’ve got sustainable processes and workflows in place to maintain that regulatory landscape and understand how that impacts things like retention schedules, as an example. I think that the utopia is automating that and federating that so when a regulation changes they can update their retention schedules in real-time and they can federate that to downstream systems that are actually holding the content.
So, I think that’s where we tend to be with a lot of our customers in terms of their maturity model around information governance.