John Culkin, Director of Information Management at Crown Records Management answers questions on how to survive in a sea of information in the banking and finance industry
Can you provide some background to the problems being faced in the industry thanks to the modern proliferation of data?
“It’s a problem for everyone in every industry. Right now the digital universe, and this is a according to research by IT giant EMC, is doubling in size every two years. By 2020 the data created and copied annually is predicted to reach 44 trillion gigabytes.
“To put those figures in perspective, it amounts to more than five terabytes of data stored locally or in the cloud for every single man, woman and child on the planet. Enough for 88,400 hours of music for each person, 1.6 million photographs or 1,300 movies.
“Those figures are particularly relevant in the banking and financial world which generates so much data – more every year. So the problem of course is working out who should be responsible for it all.”
So what is required to get on top of it all?
“Our opinion is that it demands new ways of working and governance.There is now so much data that while it is undoubtedly on the agenda in boardrooms (with huge fines for data breaches focusing everyone’s attention), it actually has an impact on every aspect of the business.”
Who is likely to be in charge of data at the moment?
“It varies from company to company. It could be the CEO, CIO, the IT Manager – or there may be nobody at all designated to take control. But really that cannot continue.”
Surely the CEO is where the buck stops? They have to be ultimately responsible for the data in their business?
“There are still a lot of businesses that think that way. The answer sounds sensible. But it is practical? With so much data at every level of the business is it feasible, or even wise, for a CEO to be responsible for all of it? The reality is that the proliferation of data in the modern data world has rendered this solution inadequate.
“In fact youou’ll often hear people say that ‘everyone’ in a business should now be responsible – perhaps that is a more modern answer. But I’m not sure even that works any more. If everybody is responsible for data, you have to ask does anyone actually ‘take responsibility’?It’s a big risk because these days data breaches result in huge fines; so failing to assign ownership is dangerous.”
What is the most up to date advice for data governance?
“The rise of new ‘information or data architects’ is interesting. It shows that businesses are starting to think about their data governance structure and take it more seriously.The most up to date advice is to assign ownership of data to individual senior managers in every department that handles records and information. Have a structure in place in which they report to the board and in which the legal department also takes an interest and provides advice. Building a strategy and structure for data governance in which responsibilities are clear is vital. There may be too much data in your business for one person to handle every type of information.”
If you are working with or running a business that is awash in data and information, where would you even start?
“The first step to designing a new data governance structure – or to improving current procedures – is to undertake an audit of all information in the business. How much should be kept? How much is just “data noise” in an overflowing database that slows down reports? Understanding your assets is the first step to planning how to both mine and protect them.
“It’s really important to have a clear policy in place to help staff identify what is a record in the first place. This one decision, often made at the coal face and out of the sight of the CEO, sets the tone for everything that follows. Classifying every bit of information as a record would be expensive and unnecessary.”
What about dealing with data breaches? They seem to be in the news on a weekly basis..
“The new EU General Data Protection Regulation is going to bring this issue into focus because it will bring in huge fines – up to five per cent of global turnover – for data breaches. It is estimated 80 per cent of data breaches stem from human error, so training staff at every level in how to avoid data breaches – and understanding the threats – leads to good data governance.
“Training is vital for everyone and not only for senior management. It could be somebody very junior who touches information first. Have clear procedures in place for structured records (those stored in a database) and unstructured (information stored locally).
“It is also vital to keep data policies up to date. Some company’s data polices are so old they were written when there was no social media and when legislation was very different. Somebody in the business needs to take responsibility for keeping pace with it mall. Staying ahead of the game protects companies from breaches and turns records into assets.”
So can you sum up what needs to happen in 2015 as the data explosion continues?
“There is no doubt in my mind that data is outgrowing current information governance structures. It will not be a one-person job in future. Even for the most talented CEO or CIO. Putting in place a modern data structure – and assigning ownership for each type of data – is the way forward.”