A data map is an inventory and visualization of your company’s data and information assets. The rising number and severity of data breaches is generating strong demand for maps, and there are other reasons to create, improve, and sustain one.
- Data Maps Make Chief Information Security Officers (CISOs) More Effective. The newly hired CISO, on day one, wants to see the company’s data map. Without one, how would they know what they’re supposed to protect? Not all information is created equal, so it does not all require the same level of protection. How will your CISO identify and find the sensitive data? Without a data map, the CISO flies blind.
- Data Maps Drive Business. We live in the golden age of data analytics. Your teams want to harness vast stores of structured and unstructured data to develop needle-moving insights. However, they need the comprehensive awareness that a data map provides to know where the most accurate and trustworthy data lives.
- Your Board Wants a Data Map. The National Association of Corporate Directors, in its Cyber-Risk Oversight Handbook, instructs board members to ask management for a data map. Your board will not take kindly to being told “no” because data maps are an “ocean boiling” or “Golden Gate Bridge painting” exercise. Data maps are both of those when you do it wrong, but something else entirely when you do it right.
- Data Maps are Essential for Compliance. FINRA regulations in the financial markets, PCI for retailers, 21 CFR Part 11 for pharmaceuticals, and HIPAA in healthcare are some well known examples of the massive and growing volume of laws, regulations and standards focused on data protection. Frankly, it is very difficult to achieve compliance with these kinds of directives without a data map.
- Data Maps Let Us Actually Treat Data as an Asset. Data needs a sponsor at the corporate table, much like the head of HR has responsibility for the people in an organization. Most organizations do not have this role because – candidly – most of us blithely talk about information as an “asset” but few of us have the tools or the mandate to actually inventory, assess, and manage this asset. This needs to change, and the data map provides a central tool that this new kind of information leader needs to drive the change. This mandate might be given to an existing CIO, CFO, General Counsel, COO, or to an entirely new role that is emerging called the Chief Information Governance Officer (CIGO).
- Data Maps Create Data-Centric Organizations. The process of data mapping involves people from across the organization, including IT, Finance, Legal, and business unit leaders, among others. This process engages employees and helps stakeholders across the organization think and act in a data-centric way. Critical questions emerge, such as: what data are we collecting and why; how do we use the data to make better-informed business decisions that create incremental value; and what can we do to ensure that the data is of high quality?
- Data Maps Make Good Housekeeping. Studies show that about two-thirds of an an average knowledge worker’s data is redundant, obsolete or trivial (ROT). Eliminating ROT lowers storage costs, and it’s easier to find and protect the useful data that remains. However, as many organizations hauled into court have discovered, getting rid of the wrong thing at the wrong time can result in enormous penalties and even criminal charges. Good housekeeping in the data environment is not possible without an accurate, comprehensive, and up-to-date data map.
- Data Maps are Doable. Data get balkanized within lines of business and in functional areas across organizations, creating unnecessary risk and limiting our ability to realize value from them. These assets reside in data centers; in devices such as cell phones, tablets, laptops and thumb drives; in the cloud; on paper; and elsewhere. New technology and techniques to locate, identify, track, and visualize data makes the job of building and sustaining a data map within the reach of every company.
Craig Callé is a member of the IGI Advisory Board, a small group of senior professionals and subject matter experts representing the disciplines that together comprise Information Governance. The Advisory Board provides feedback and direction on the IGI's agenda and strategy.