The 60 second interview: Compliance should watch uncontrolled data growth

FTI Consulting’s European Information Governance leader Sonia Cheng talks to The Lawyer about using Information Governance as a proactive tool as well as the main challenges companies face when implementing their governance framework, ahead of her session at Managing Risk and Litigation today.

How can information governance help companies to be proactive with their compliance framework?

Sonia Cheng
Sonia Cheng

Many corporations, particularly those in regulated industries, often struggle to comply with increasing regulation coupled with uncontrolled data growth.

This is exacerbated by the prevalence of dark or unknown data, often stored in less controlled areas, like file shares. In some cases, businesses are not even able to estimate their potential risk exposure.

This is often because companies don’t have a handle on their data, particularly those who have acquired or merged with other firms. With the GDPR on the horizon, a forgotten back up tape or file share which has personal data on it may result in the firm being subject to the 4 per cent of annual turnover penalty.

Research carried out by NCC Group suggest that the fines from the Information Commissioner’s Office (ICO) against British companies for data breaches in 2016 could have been £69m rather than £880,500 if maximum fines under the pending GDPR had been applied.

Organisations need to implement defensible disposal and information governance (IG) programmes in order to stem or control the information growth curve and proactively mitigate risk.

What are the top challenges companies are likely to face in their journey of implementing a proactive governance framework?

   1. Funding: Companies often struggle to make an effective business case. In the current economic climate, executives are forced to do more with less. To undertake proactive efforts,  companies must get creative about how they budget and plan programmes.

For instance, there may be high profile matters they may be able to leverage to help to start data mapping efforts or implementing technologies that can assist with compliance in other areas.
   2. Scope: Rather than trying to solve 50 problems, stay focused or two or three top problems, start small, show wins, and use it to help secure funding for subsequent phases of remediation. Don’t let perfection be the enemy of good.

3. Change management is probably one of the hardest things for organisations and individuals to deal with. Knowing how to roll out new processes requires a deep understanding of a company’s culture on a global and local level and often requires a combination of top-down and bottom up change.

At some firms, IG compliance is aligned with performance objectives (e.g. performance ratings, bonus) to ensure appropriate prioritisation and focus.

Tell us two truths and one lie about yourself 

  • I was born in Spain, with parents from Thailand and a grandfather from Holland.
  • I have certifications in yoga and healing therapy.
  • I once had 3 concurrent jobs: project manager at a bank, fashion designer, and a jazz club hostess

Sonia Cheng is one of the 30+ speakers at this year’s Managing Risk and Litigation conference taking place in London on the 5th December. For more information on the conference, a copy of the agenda, or to enquire about next year’s event, please contact Bruce Allmand-Smith on +44(0) 20 7970 4625 or Bruce.Allmand-Smith@centaurmedia.com.