Gimmal Blog

Read the latest thought leadership and industry news from the experts at Gimmal!

All Posts

Data Breaches Pack a One-Two Punch

As we have discussed in a previous blog post about Sony, the consequences of a data breach reach beyond the initial loss of data. The latest company to experience this is Arby's.

They have announced that their point-of-sale system had been compromised by intruders from October 2016 to January 2017. In total, 335,000 customers had their credit and debit card information exposed at over 1,000 Arby's locations.

Almost immediately after the announcement, Arby's has been hit with multiple class action lawsuits. One is being led by affected customers, while another was filed by four credit unions and the Michigan Credit Union League. The credit unions are seeking damages related to the cost of canceling and reissuing cards, changing or closing accounts, and notifying members of the breach. Both suits allege that Arby's had lax security practices, which led to the breach.

We posted a blog earlier this week discussing how information governance affects overall information security and that applies directly in this case. While Arby's clearly had some external security vulnerabilities, they could have mitigated some of the damage with effective information governance practices.

IG Should Be Your Company's First Line of Defense

It is always superior to have a proactive approach to your data. Once a breach or violation happens, it is too late, the damage is already done.

There is already a lot of research available about the benefits of Information Governance.  I have included a list below of some of the most relevant benefits. 

  • Business Differentiator. I have listed this first because it is often overlooked.  Consumers are making buying decisions based on privacy.  An Information Governance program will improve the security, reliability, integrity and accessibility of your data.  This can be used as a competitive advantage in the marketplace.
  • Reduced storage and infrastructure cost. If you are doing a better job of managing your data, you will have less of it, therefore, reducing the Redundant, Obsolete and Trivial (ROT) data in your organization.
  • Reduce risk by improved compliance. The cost of non-compliance can be financially devastating to an organization.   Being in compliant will reduce your risk of unexpected costs, but also reduces the risk of other things that may not be as obvious, such as potentially damaging media coverage and loss of clients.
  • Reduce eDiscovery costs. This can go hand in hand with non-compliance as eDiscovery can be very costly to an organization.  If you have implemented an Information Governance program, you should "only" have the data that is required by your policies, making eDiscovery easier, and you will be able to locate the relevant data quicker.
  • Adaptability. We live in a fast-paced world that is constantly changing.  Organizations need to have control over their data so they can react to change, find the relevant data quickly, and immediately comply with new standards.

We recently held a webinar to further break down how cleaning up your data and committing to an information governance program reduces compliance risk. CLICK HERE for the link to the recording and slides of that presentation.

Once you have cleaned up that legacy ROT data and created a process for moving forward, the course corrections and adjustments in the future are exponentially easier. The key is laying down that essential groundwork. IG improves every function of your enterprise related to information, from eDiscovery and legal holds to email.

By Kevin Bley

Related Posts

Why Should Records Management be Important to You

Why should an organization care about records management? When users throughout all departments are creating new records without a thought to how they are cataloged or tagged, the sprawl of records can become a real threat. Unstructured data can lead to compliance issues for highly regulated industries. When proper records management isn’t a top priority, content that should have been disposed of for security purposes is left vulnerable for anyone to find and distribute.  

Creating Compliance in Chaos: A Consultant's Story

Records and Information Management (RIM) is constantly changing and evolving as record managers begin to realize the benefits of automation in their daily operations. In my 6 years of consulting, I have seen everything from heavily manual business processes to automated document management solutions.  Even as time goes by, information professionals continue to face the long-standing hardship of trying to get end users to comply with either internal or external regulations when it comes to records management.  Lately, there has been an apparent shift from ridged business centric solutions to end user centric solutions. 

Gimmal at ARMA International InfoCon 2019

Once a year, members in the records management community come together for ARMA’s annual conference to discuss the latest advancements and best practices for modern information managers.  ARMA, the global authority of information management and governance, hosted this year’s conference, ARMA InfoCon, in Nashville, TN. While attendees were not in the typical “record” industry that Nashville is known for, the location called for a great mix of music and information management knowledge.