INTERVIEW OF THE MONTH
INTERVIEW WITH Mr. Andrew Soon
Regional Sales Director, Asia
Nuance Document Imaging (NDI)
Getting ready for international government requirements on data security
This year, countries and regions around the world will implement regulations around how businesses respond to data breaches. The European Union’s General Data Protection Regulation (GDPR) takes effect in May, and countries like Australia also have their own mandatory data breach notification rules that will come into play early this year.
While the EU and Australia may seem like a long way away, any company doing business in these regions or working with other organisations in these regions will be subject to the new laws. It’s therefore essential to prepare your business to comply.
The laws pertain mostly to personal information about individuals. So companies that collect or use personally identifiable information need to be aware of how they’re collecting and storing that data, who has access to it, and how to respond if that data is compromised.
The most important part of preparing for mandatory reporting laws is preventing malicious attackers from gaining access to the data in the first place. Keeping data secure and accessible only by authorised users is crucial. The cost of implementing technologies and processes to harden your data security will be far lower than the cost of failing to comply with these regulations.
Those costs can include fines but they also include less-tangible costs such as the loss of goodwill from customers and the erosion of trust. Organisations that can prove themselves to be trustworthy custodians of customer information are more likely to attract and retain high-value customers.
Keeping data secure depends on many things. Having strong perimeter security and anti-malware in place, advanced threat detection, and a strong culture of security are all critical elements of a data security program.
Given that business documents are highly likely to contain protected personal data, having the right document capture and workflow solutions can be a powerful way to protect data.
The GDPR, for example, includes specific rules that affect how organisations treat business documents. These include:
- Encryption and anonymisation: businesses need to encrypt data so documents can’t be read by unauthorised people.
- Data access rules: by limiting access to data to those people who need it to do their jobs, organisations can reduce the exposure.
- Decreased data footprint: by only storing the data that’s absolutely necessary for business operations, organisations can reduce the amount of data stored, making a smaller target.
- Increased transparency: companies holding personal data must report on and demonstrate their compliance with GDPR and, if a breach happens, they must notify the relevant authority to report the breach or face stiff penalties.
There are five key ways that advanced document capture and workflow solutions can help meet requirements around document security, access, privacy, and transparency:
Digitalisation: paper documents can be easily compromised if they’re lost, stolen, or photocopied. It’s impossible to fully secure paper documents. By comparison, scanning documents into digital files makes it easier to store them in secure, central repositories. Capture and workflow solutions can covert large quantities of paper documents to protected digital formats quickly and efficiently. This makes it easier to comply with GDPR requirements, and reassure customers of your data security, by reducing the number of copies of a document and securing the transport of documents between users and offices.
Encryption: by encrypting documents, you can control who can view, print, or modify the files, making them even more secure. 128-bit or 256-bit AES encryption are the strongest formats. This helps protect personal data every step of the way.
Screening: the more a document is shared, the higher the risk of it being intercepted and viewed by the wrong person. It’s too easy to accidentally forward an email with a document attached, or attach the wrong document to an email. Capture and workflow solutions can help mitigate this risk by screening the document to validate both the sender and the recipient. The solutions search content for keywords, phrases, and patterns, as well as attributes and even barcodes. If a documentation seems risky, it can be quarantined and notifications sent to the sender, supervisor, and security.
Redaction: advanced capture and workflow solutions can automatically redact personal data in documents to add an extra layer of protection for your customers. Documents sent electronically, whether that’s via email, or a networked printer or copier, are monitored for personal data. That data is then redacted, which means unauthorised users who may access the document won’t be able to see that personal data.
Integration: keeping documents secure can seem difficult when those documents are such an integral part of business processes. Capture and workflow solutions integrate seamlessly wherever data protection is needed, from line-of-business applications to groupware and collaboration systems, file, fax, and email services, office and production printers, and even personal and mobile devices. This offers more control over how documents containing personal data are used. It also provides an audit trail that can prove your compliance with GDPR requirements.
While complying with the GDPR and other privacy requirements can seem tricky upfront, the benefits of improving your document security go far beyond simply complying with laws and regulations. When customers know that companies are taking every precaution to preserve the security of their personal information, they are more likely to choose to do business with that company.