[webinar slides] developing a successful data retention policy
TRANSCRIPT
![Page 1: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/1.jpg)
Underwri(enby: Presentedby:
#AIIMInforma(onIsYourMostImportantAsset.LearntheSkillstoManageIt.
DevelopingaSuccessfulDataReten(onPolicy
PresentedMarch22,2017
DevelopingaSuccessfulDataReten(onPolicy
AnAIIMWebinarPresentedMarch22,2017
![Page 2: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/2.jpg)
Underwri(enby: Presentedby:
CraigShogrenManager,
Informa-onGovernanceHBRConsul(ng
RichLauwersInforma-onGovernance
HPE
KellyHuckman,JDConsultant
IronMountain
Today’sSpeakers
![Page 3: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/3.jpg)
Underwri(enby: Presentedby:
CraigShogren
Manager,Informa(onGovernance
HBRConsul(ng
IntroducingourFeaturedSpeaker
![Page 4: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/4.jpg)
Underwri(enby: Presentedby:
We’re pretty sure we are not providing all responsive data, since we don’t know what
we don’t know!
Wereallydon’tevenknowwhatwehave,letalonewhereitis!
There is probably a lot of PII on our shared drives that we really need to purge. Could be devastating if we are ever breached.
Our workforce is so mobile, we know our employees are saving stuff to unsanctioned cloud storage. This ‘shadow IT’ will sabotage our efforts at comprehensive disposition.
I only have 24 hours to respond to a regulatory request, yet it will take me 4 times
that amount of time to sift through all the garbage.
![Page 6: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/6.jpg)
Underwri(enby: Presentedby:
WhyDoWeCare?
§ Compliance§ DiscoveryRiskandCost§ Privacy§ Efficiency§ StorageSavings§ CustomerService§ KnowledgeManagement/IP
![Page 7: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/7.jpg)
Underwri(enby: Presentedby:
ThePathForwardIsClear
• DefineGovernanceRequirements
• KnowWhereEverythingIs
• EliminateUnnecessaryData(ROT)
• UnburyTreasures
![Page 8: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/8.jpg)
Underwri(enby: Presentedby:
Organizational silos obstruct comprehensive approach
…ButLiTeredwithObstacles
!
! No internal sponsor / champion
! Lack of budget & resources
! Communication gaps
between Legal, IT and the
business
! “Software-as-Savior”
turns into “Software-as-Shelfware”
! Don’t know where the data is or what it contains
! Change management?
! Bleeding out
![Page 9: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/9.jpg)
Underwri(enby: Presentedby:
DefineWhatGovernsYourInforma(on
§ RetenVonanddisposiVonrequirements§ Privacyandsecurityrequirements§ FRCPrequirements(legalholds,etc.)§ IntellectualpropertyconsideraVons§ ISOstandards§ Businessrequirements
![Page 10: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/10.jpg)
Underwri(enby: Presentedby:
Founda(onalComponentsforDefensibility
§ IG/RIMPolicy§ Purpose,scope,objecVves,accountabiliVes,responsibiliVes,
standardsanddefiniVons
§ RecordsRetenVonSchedule§ Updatedregulatoryresearch§ AcVonable,understandable§ Comprehensive
§ Records,butwhatabouteverythingelse?
![Page 11: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/11.jpg)
Underwri(enby: Presentedby:
Founda(onalComponentsforDefensibility
§ Privacy§ PII/PHI/PCIhandlingrequirements§ RetenVonlimitaVons§ CrossborderconsideraVons
§ PrivacyShield§ GDPR
![Page 12: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/12.jpg)
Underwri(enby: Presentedby:
Founda(onalComponentsforDefensibility
§ InformaVonSecurity§ DataClassificaVonStandard
§ DataMapping/DataFlows
§ Technologies§ End-PointDetecVon,DLP,AccessControls,VirusDetecVon,BigData
SecurityAnalyVcs,Containment/IsolaVonTools,SecurityTesVng,etc.
§ BYODPolicies
![Page 13: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/13.jpg)
Underwri(enby: Presentedby:
Founda(onalComponentsforDefensibility
§ LiVgaVonReadiness§ LegalHoldPolicy/Procedure§ eDiscoveryToolsandTechnologies§ LiVgaVonProfile
§ IntellectualProperty§ Training(ChangeManagement)
§ “But,we’vealwaysdoneitthatway!”
![Page 14: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/14.jpg)
Underwri(enby: Presentedby:
ThePathForwardIsClear
• DefineGovernanceRequirements
• KnowWhereEverythingIs
• EliminateUnnecessaryData
• UnburyTreasure
![Page 15: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/15.jpg)
Underwri(enby: Presentedby:
PreliminarySteps
§ IdenVfyandassesslocaVons/repositoriesofunstructuredcontent§ CollaboraVonsites,shareddrives,personaldrives,
documentmanagementsystems,contentmanagementsystem,email,physicaletc.)
§ FuncVonalrequirementsofcontent/recordsmanagementsystem
§ IdenVfy“contentplacementstrategy”§ IsthereclarityonhowtheretenVonscheduleappliesto
electronicdata?
§ Determinecontentassessmentmethodology
![Page 16: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/16.jpg)
Underwri(enby: Presentedby:
ContentAssessment
§ Manual§ User-Dependent
§ Technology-Enabled§ ITTools§ eDiscoveryTechnology§ FileAnalysisSoeware
§ Content§ Metadata
![Page 17: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/17.jpg)
Underwri(enby: Presentedby:
WhatisFileAnalysis?
TwoPrimaryLevelsofAnalysis§ FileSystemMetadata
§ IncludesinformaVonaboutindividualfiles§ Examplesincludecontextualmetadataaboutassociatedservers,volumes,shares,
folders,andidenVtyrelatedinformaVonsuchascompany/department/group/userpermissionsandownership;aswellasfilespecificmetadatasuchasfileowner,lastauthor,author,fileextension/itemtype,andcreate,lastmodified,andlastaccesseddates
§ FileContent§ IncludesinformaVonwithinindividualfiles§ Representsamuchmoregranularlevelofdetail,andsubsequentlyalargerdata
footprintandsupporVngsetofinfrastructurerequirements§ Repositories
§ Email,FileShares,ERM/EDM/ECMSystems,SharePoint,FilesyncandsharesitessuchasBox.netorDropbox,DataArchives,BusinessIntelligence(BI)/DataWarehouseEnvironments
![Page 18: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/18.jpg)
Underwri(enby: Presentedby:
Representa(veVendorsPrimaryUseCasesSupportedby2016ListVendors
• AcVveNavigaVon• AdlibSoeware• BeyondRecogniVon• Bloomberg• Controle• Cryptzone• Druva• Exterro• SailPoint• Titus
• HPE• IBM• ZLTechnologies
• CapaxDiscovery• DataGlobal• Egnyte• IndexEngines• Spirion• STEALTHbits• Varonis• Veritas
Source:Gartner:MarketGuideforFileAnalysisSoeware(19September2016)Gartner’sNote:Thoughmostvendorssupportsomeelementsofeachusecase,vendorsarelistedintheabovediagramaccordingtothemajorusecasesupportedandwhatcustomersacquirethesoluVonfor.
Governance/PolicyManagement
RiskMiVgaVon
AnalyVcs
Efficiency/OpVmizaVon
• Kazoup
• Condrey• Haystac
![Page 19: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/19.jpg)
Underwri(enby: Presentedby:
DemergerExample
![Page 20: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/20.jpg)
Underwri(enby: Presentedby:
ThankYou!
CraigShogrenManager
HBRConsulVng
312-638-5130
![Page 21: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/21.jpg)
Underwri(enby: Presentedby:
RichLauwersInformaVonGovernanceSubjectMa(erExpertHPE
KellyHuckman,JDConsultant
IronMountain
IntroducingourSpeakers
![Page 22: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/22.jpg)
Underwri(enby: Presentedby:
HowDoWeBeTerConnectLegalRegula(onsandOpera(onalRequirementstoOurContent?
The first and last mile of retention
The First Mile: Retention
Considerations The Last Mile:
Policy Execution
Government regulations
Industry specific regulations
IT Operations Business Needs
Email Cloud
Desktop
Physical Content
SAP Structured
Repositories
Unstructured repositories
File Shares
Auto collection of laws
Translate to retention
rules
Centralized policy
Apply at scale
Audit logs
Connect
![Page 23: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/23.jpg)
Underwri(enby: Presentedby:
WhyHasConnec(ngtheFirstandLastMileofReten(onBeenSoDifficult?
Policy is not digitally connected to content
Appeared complex, time consuming, costly & hard to maintain
Origins of Records Management were paper not IT
Demand was for commercial off-the-shelf solutions
A lack of standards
![Page 24: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/24.jpg)
Underwri(enby: Presentedby:
GDPREnactedtoHelpProtectEUCi(zenDatafromRisk
![Page 25: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/25.jpg)
Underwri(enby: Presentedby:
WhatChallengesDoesGDPRCreate?
§ UnderstandofthescopeofPII
§ IdenVfyPII,determineformatlocateitwithinITrealestate
§ IsolateandclassifyPII
§ AppreciatetheretenVonVmesforpersonaldataandcontactinformaVon
§ Obtainandretainexplicitconsentofdatasubjects
§ LimitaccessofPIIbaseduponscopeofconsent
§ Facilitatethe“righttoerasure”ofpersonaldata
![Page 26: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/26.jpg)
Underwri(enby: Presentedby:
CreateaDataMap
• MapbothPIIandNon-PIIdatasources
• EstablishrelaVonshipsb/wdatasources/ownerswithrelevantRecordClasses
• Representprocessingpurposesconsentedtobydatasubjects
• IdenVfyPIIlocaVons,createane-discoverydatamap,andinformacoherente-commspolicyinasingleproject
![Page 27: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/27.jpg)
Underwri(enby: Presentedby:
Retention Schedule, Organization Structure,
Data Maps, etc.
Enterprise Content Management
Physical Content
Unstructured repositories
SAP
Structured repositories
File Shares
Cloud
DigitallyConnectPolicytoContent
![Page 28: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/28.jpg)
Underwri(enby: Presentedby:
Mapping
ReportCompliance
GetConsent
Find GovernClassify
ManageDataInScope(PersonalData) SecurePersonalData
Security
RecordsRepository
Informa(onManagement&Governance
DataRepositories • DataSecurity
• Applica(onSecurity
• SecurityIntelligence(BreachDetec(on)
![Page 29: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/29.jpg)
Underwri(enby: Presentedby:
CompleteGDPRPlaborm
AnalyseRecord
Repository
Classify
DataRepositories
Messaging
EmailFiles Read
SharePoint
Ac(on
ApplicaVons
DataWarehouses
DocumentManagement
DataArchiveSocialMedia
WebContent
Apply
Store
EligibleRecords
Declare
DataEncryp(on
Find Govern
ApplyReten(onRules
Compliance,LegalHold&Audit
![Page 30: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/30.jpg)
Underwri(enby: Presentedby:
Methodology
• Survey and confirm
• Index metadata and content of documents
• Extract named entities (SSN, emails, phones…)
• « ROT » analysis
• « Technical » analysis (size, type, age…)
• Redundant • Obsolete • Trivial
• Creation of Categories based on entities, metadata and/or content
• Apply tags
• Move • Secure • Archive • Review
![Page 31: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/31.jpg)
Underwri(enby: Presentedby:
ContentManagerComponentOverview
Ingested Policy Center data stays in Content Manager
• Retention laws, jurisdictions and vertical industry information is mapped
• Policy Center is polled for updates • Updates are ingested and managed
permanently
Content Manager is licensed perpetually
• All components remain active • Annual support renewal
• Connector that extracts and ingests Retention Requirements into Electronic Content Manager
• Mapping of data • Classifications • Retention schedules
HPE CM Policy Center
Connector
• Trained on existing content or BCS
• Holding node prior to classification
• Automatic folder creation
• Linked security & retention
HPE CM Auto-Classification
Module • Information lifecycle management
• Governance-based ECM
• Access defined by authorized seats
• Perpetual license + annual maintenance
HPE Content Manager
(ECM + Retention)
![Page 32: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/32.jpg)
Underwri(enby: Presentedby:
TakealookatwhatHPEhastoofferwww.hpe.com/soeware/scmHPEGDPRselfassessmenth(p://gdprcomplianceassessment.com
![Page 33: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/33.jpg)
Underwri(enby: Presentedby:
ThankYou!
KellyHuckman,JDConsultant
IronMountain
RichLauwersInformaVonManagementSubjectMa(erExpert
HPE
[email protected],Chicago
![Page 34: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/34.jpg)
Underwri(enby: Presentedby:
QUESTIONS?
![Page 35: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/35.jpg)
You’vejusta(endedanAIIMWebinar.Whatnow?
Takeyourskillstothenextlevelbylearninghowtomap,design,capture,andautomateoperaVonalprocessesusinga
combinaVonofstrategies,andtechnologieswithAIIM’sTrainingCourses
www.aiim.org/training
![Page 36: [Webinar Slides] Developing a Successful Data Retention Policy](https://reader031.vdocuments.net/reader031/viewer/2022030307/58e576791a28abbf5d8b4997/html5/thumbnails/36.jpg)
Underwri(enby: Presentedby:
AIIMistheCommunityforInforma(onProfessionals
AIIMbelievesthatinforma(onisyourmostimportantasset.Learntheskillstomanageit.
OurmissionistoimproveorganizaVonal
performancebyempoweringacommunityofleaderscommi(edto
informaVon-driveninnovaVon.
Learnmoreatwww.aiim.org