We have written before about the security, privacy, compliance and legal issues created by the Bring Your Own Device (BYOD) phenomenon. And if BYOD seems difficult here in the US, it’s far more difficult in the EU with its stronger protection of personal data. With BYOD, personal information is being mixed with corporate information on an employee-owned device, often with no real corporate oversight, creating all kinds of new problems.
The UK’s Information Commissioner’s office recently published guidance to assist organizations in dealing with BYOD concerns in the EU. Of course, a main point is that having a clear and effective BYOD policy is a crucial step for any organization. But one issue, along with its related advice, really caught our attention:
“If copies of data are stored on many different devices. . . there is an increased risk that personal data will become out-of-date or inaccurate over time … [or] retained for longer than is necessary … [because] it is more difficult to keep track of all copies of the data. Using devices to connect to a single central repository of data can help mitigate this risk.” [Emphasis added].
Centralized archives, operating and retaining data according to company policies, serve this purpose. For example, rather than having email (and attachments) stored on various email servers, in PST files and on devices for every custodian, it should be stored, maintained, accessed (and ultimately deleted) from a single instance email archive. Each device can serve as a “window” to that centralized content so that it’s accessible as needed, and then deleted. This avoids creating new instances of each message that are stored and managed for each individual device requiring access to the data. And this same concept can be applied to documents from file systems, Sharepoint, even records management systems.
Not every organization will have to meet EU (or even EU-style) data requirements. But centralizing and managing content is a solid best practice that will pay dividends no matter where you are located.
Filed under: Uncategorized Tagged: | SourceOne, Information Governance, compliance, eDiscovery, archiving, email management, email archive, archive, cloud, EMC SourceOne, James D. Shook, data privacy, privacy, EU, BYOD