May 19, 2020

Iron Mountain: how to approach information management

Iron Mountain
information management
Real GDPR
6 min
Iron Mountain: how to approach information management

Employees at every level and across every industry are reminded regularly that information is vital to their business. In order to make the most of business information, easy access is critical. Whether it’s an email with the latest financial figures, a marketing strategy PDF, a print out of a CV including hand-written notes or a customer contact list, having the information readily to hand enables businesses to serve their customers and employees.

Given the importance of information to business success, you would expect employees to take every possible step to manage information securely. Yet, with file servers overflowing and increased pressure on resources, it would appear that many, from the CEO to the admin team, have become complacent about information security. We may well want to question whether or not modern businesses have put good information governance practices in place.

Bad habits from the top down

Despite understanding the value of the information their business holds, when it comes to safeguarding the information, business leaders often fail to follow the processes and policies designed to keep it secure.

In a recent survey commissioned by Iron Mountain, over half (57 percent) of the CxOs questioned admitted to having left business-sensitive or confidential information on the printer for all to see, with over a third (39 percent) admitting to having lost it in a public place. This admission reveals just how easy it could be for information to get into the wrong hands. There is much at stake: if data is mishandled or breached, companies could face fines of up to 4 percent of annual turnover under the General Data Protection Regulation. When customer information is breached as a consequence of malicious intent or employee error, the organisation’s reputation may be damaged and customer loyalty eroded. Seemingly small misdemeanours can have serious consequences.

It’s not just careless data handling that could land a company in hot water. The processes companies put in place to protect the integrity of information and ensure compliance are often not followed, leaving the organisation exposed to unnecessary risk.

One in five (21 percent) CxOs we spoke to found the information management processes in their organisations too complicated and so chose to bypass them. A worrying 6 percent were completely unaware of any processes governing information security. Company bosses, more than employees in any other roles, found procedures for information filing (16 percent) and document retention (15 percent) to be overly complex and chose to avoid them where possible.

Instead of leading by example, business leaders are guilty of sidestepping company policy to get things done or are simply unaware that what they are doing goes against any policy. Although our research found that CxOs top the list of information sinners in most information-handling scenarios, the actions of facilities managers reveal a similar story. Over half (56 percent) admit to taking sensitive or confidential information out of the workplace and 48 percent have sent sensitive information to the wrong recipient.

Departments tasked with handling sensitive information are also at fault. Nearly half (44 percent) of HR staff said they were in possession of HR documents they should no longer hold under data retention regulations, 32 percent of finance managers acknowledge the same with tax records and 47 percent of legal professionals admit potential storage errors with contracts and other legal documents.

Administrative staff rate well in comparison but are still guilty of mismanaging information, with one in five (21 percent) admitting to having mislaid data or sent it to the wrong person, and 15 percent admitting to losing company documents in a public place.

The growing complexity                                                                                                    

So what’s behind such widespread mismanagement of information and how can businesses change the culture and improve information management and handling practices among staff? It won’t be easy. The rise of cloud services and mobile device usage, along with the emergence of the Internet of Things (IoT) has led to an explosion in data generation within organisations. This has put pressure on people to manage more information than ever before. At the same time, business leaders want decisions to be data driven. As a result, employees must now analyse company information and find ways to derive insight from it while still understanding and ensuring compliance with data retention and protection regulations.

It is imperative that everyone within the organisation has a clear understanding of their responsibilities when it comes to managing the information they process or have access to – no matter what format it is in – as well as understanding the consequences for the business if that information is not managed correctly. But with time and resource pressures causing familiar strain across all sectors, good information governance is not necessarily a reality for many. Businesses need to foster a culture in which employees protect and value organisational information. This will require a continual cycle of information security training for all employees and it will need those at the very top to lead by example.

The solution should start at the top

Information responsibility is shared by everyone: from the CEO and CIO, to sales, marketing, HR and even temporary staff. The basis of good information governance is comprehensive information management policies that covers all types of information, no matter whether it’s electronic or on paper and no matter where it resides, whether it’s in the office or in the cloud, on a USB stick or a laptop,  stored in the home office or offsite with a trusted third party.

Making sure these policies are clear and easy to follow will encourage good information governance. In order to build an organisational culture that values and protects information, policy must be understood, followed and promoted by those at the very top of the business. This can be achieved through example, regular communication and training. When it comes to paper documents, off-site storage, in conditions compliant with relevant market regulations, will help the company to follow retention rules. A digitisation programme for frequently accessed or newly created information will also help to keep track of information and ensure it is stored centrally and compliant with relevant data protection laws.

Iron Mountain research with PwC showed around three quarters of companies (72 percent in Europe and 79 percent in North America) regard information as a business asset, yet on average just 35 percent employ data analysts to extract the value from information and many (43 percent) obtain little tangible benefit from their information. It is clear that companies still have a long way to go before they can overcome the challenge presented by the variety, volume and velocity of today’s flow of information.

Implementing a strong information governance policy requires a consistent, clear and cohesive approach to managing information in all formats. For business leaders in particular, this starts with getting their information management habits in order. Only then can they expect best practice to be followed throughout the organisation.

By Elizabeth Bramwell, Commercial Director at Iron Mountain UK

Read the November 2016 issue of Business Review Europe magazine. 

Follow @BizReviewEurope

Share article

Jul 24, 2021

Nybl: Saudi Startup to Expand AI Solutions

nybl
AI
datamining
Technology
Elise Leise
2 min
AI democratisation platform nybl will seek parternships in Saudi Arabia, the home of its co-founders

According to co-founder Nour Alnahhas, nybl was formed for the greater good. A visual data mining and machine learning platform, the platform will help organisations streamline their operations. ‘We wanted to centralise our vision around AI and machine learning’, said Alnahhas. ‘Something not just for profit, but added value. Conscious capitalism’. 

Nybl aims to democratise artificial intelligence by making it possible for anyone to build an AI solution. What website builders like Wix and Squarespace did for site design, nybl will do for AI—allowing even non-coders to feel comfortable creating solutions. In fact, Alnahhas calls it a ‘Shopify of AI’, or a third-party platform that helps businesses deliver better service. 

EMEA Expansion

With hubs in Kuwait, the UAE, North America, and India, nybl is focused on launching operations in Saudi Arabia, Alnahhas’s home country. When the company first launched, it was difficult to convince Saudi Arabian businesses to work with a startup. Yet now, nybl has proven itself. ‘We had support in the UAE, so now we’re coming back’, said Alnahhas

Alnahhas has launched a pilot with Saudi Aramco and has slowly built partnerships with paper, heating, HVAC air conditioning, and manufacturing companies. In addition, the Saudi government has started to invest in the Kingdom’s National Strategy for Data and AI, which means that nbyl, as a tech startup, has finally gained credibility. 

No War for Talent

One of the most critical parts of nybl’s expansion will be hiring the right individuals. Thankfully, there’s a current surplus of talented researchers, developers, and data scientists within the Kingdom. Like nybl’s Alnahhas—educated at the University of Houston, the Wharton School of Business, and INSEAD— many Saudi Arabians have benefited from government-sponsored education abroad. 

Last year, Saudi Arabia signed several partnerships with tech firms to advance the Kingdom’s skills in artificial intelligence. ‘It’s exciting to be in Saudi Arabia where there’s alignment and support’, Alnahhas concluded. ‘You’re getting an increasing talent pool. And even old and big family conglomerates are finally changing to use AI’.  

Share article