Even if the pandemic subsides, the work from home movement is here to stay. Numerous companies have pushed out plans to return workers to offices and, even then, remote work will likely be more possible for more workers. Twitter, for one, has said WFH is a permanent option.
This all means that companies, many of whom shifted to remote workforces almost overnight earlier this year, should double check that data privacy and security policies are in place to enable a secure and efficient WFH workforce—while protecting consumer and corporate data.
This is no small task. Even before the pandemic and WFH rush, companies were having trouble complying with the European Union’s General Data Protection Regulation, passed in 2018, says consulting firm, McKinsey & Company.
Yet the goal for stepping up WFH data governance isn’t simply compliance. The ultimate aim is to go forward with policies and procedures that enable better results and build brand trust with consumers, business partners and others.
Here are four strategic steps to help enterprises update data governance and the WFH reality:
Step Zero: Promise immunity
Workers may not be forthcoming if they worry about being punished for finding new ways of working that weren’t sanctioned by the IT department. Tell them you understand that things changed rapidly, and that you appreciate their efforts. Also, forget about the original environment. If you only view things in relation to how they were, you’ll miss stuff. Instead, pretend you’re a new CIO coming into a company and everything is on the table.
By letting workers know that you care and that you want to help make their WFH lives better, you’ll get more of a response.
Step One: Do An Inventory
With the rapid need to get workers out of offices and commutes, companies shifted workforces almost overnight. Chances are, shortcuts were taken in terms of data protection and procedures. With workers in an office, working on company systems, it’s far easier to lock down data and enforce data governance policies. All of that gets harder when workers go remote. Home routers don’t offer the same security as office systems. Workers may find that they’re keeping and collecting data in all kinds of places, even Slack, Zoom recordings and so on. There may be new subscriptions to cloud services and data that was extracted from central systems and moved to files.
Without an inventory, an enterprise has no idea of what’s occurred in recent months as workers and managers settled into new circumstances.
Now that you have created a safe environment, ask managers and employees everything about how they work, where they store data, how they protect that data, what data governance policies are working, which are not and whatever else seems important.
Step Two: Rethink Processes
The WFH phenomenon changes so much in terms of data and data governance that it won’t work to simply try to bring everybody back into compliance to meet old standards. Chances are, employees may have found a better way to do things. If so, talk to business leaders about new processes, whether they are, in fact, better. You might find that the new workflow is more efficient but that workers need different tools that mesh better with your data privacy and protection requirements. Perhaps you insist that they stop using one tool but you offer another that is more compatible with company processes. Out of the five SaaS information sharing systems they started using with the WFH shift, perhaps you consolidate to one to enable closer watch over data. As you’ve inventoried everything with a new eye, rethink your processes with the same mentality.
Step Three: Update Systems
Once you’ve decided on what works for your company, address your enterprise architecture and documentation to make sure it is updated and secure. Data governance policies now need to be infused into new workflow and tools, and be pushed out to all employees.
Step Four: Check the New Normal
You have discovered your workers’ coping methods, you’ve incorporated what you can and you’ve secured new processes and systems with good data governance. Throughout all this, the IT team should be an enabling, helping force. Do another inventory to make sure changes are working. Ask questions like: How has our risk profile changed and has it been addressed? The final pieces of your systems and processes will be easier to put in place if you have a solid foundation built in steps one, two and three.
Data Privacy Still Matters
While the workplace has changed, the focus on data security and privacy has not. If anything, there will be more and new data privacy and security regulations in the coming years — not less. Other states, including Washington and New York, have expressed interest in data privacy regulations following on the heels of GDPR and the more recent California Consumer Privacy Act.
Whether employees work from home or in an office does not matter to the consumer whose data is at risk — or to the regulators who are charged with enforcing those regulations. Almost 9 of 10 consumers won’t do business with a company if they have concerns about that company’s data security practices, PwC found. Enterprises have taken note: 44% of CEOs rank data privacy among the top three policies most impactful to their business, according to the same PwC survey.
The good news is that any improvements to data flow, security and governance will only make your company more trustworthy to your customers.