It is important to understand that regardless of the source of the mandate, one challenge faces all enterprises: Once they have created their privacy policies, they must decide how they will enforce those policies and measure their effectiveness. On the surface this may seem like a simple task, but in practice it can be quite challenging.
With so many users acting as content contributors today, Microsoft SharePoint deployments must be able to meet every compliance regulation in the book without inhibiting business productivity. Here's how to keep SharePoint in line with required business rules and regulations.
It goes almost without stating that companies must be vigilant in designing both privacy and security protections into their design and quality assurance practices.
However, outside of protecting systems from the “bad guys” that steal our information, as every employee using SharePoint within a business has the potential to become a content contributor and to also “break rules” purposely or accidentally with regards to data privacy and security, it becomes critically important for organisations to develop enforceable and measurable policies with regards to their data protection and compliance practices - ones that clearly delineate how they use, store and protect this information.
They have an additional obligation to educate and train employees as well as implement controls. This is because, of course, “Corporate Culture eats Compliance Strategy for Lunch.” If an organisation does not have buy in from key stakeholders - including the business, compliance officers and the IT organisation - policies will be ineffective.
That rings particularly true in considering privacy strategy within most organisations. A policy or a strategy in a vacuum has almost no chance of succeeding. Instead, it’s important to create a “culture” of compliance throughout the enterprise.
In this vein, AvePoint provides SharePoint technologies that assist in detecting, tracking, responding to and resolving compliance issues.
These solutions make it possible for organisations to implement and enforce policies by identifying sensitive data, applying metadata and classification and protecting that data, while at the same time invoking authentication technologies, permissions and integrated security capabilities.
This approach can be used to implement measurement and enforcement as policies are developed through collaboration between key business stakeholders.
For those SharePoint administrators and others, the best advice is that it is never too early or too late to bring privacy into your discussion and planning - there is no time like the present. No matter what the political climate, privacy is a reality that will be a high priority for all enterprise initiatives going forward.
It’s important for privacy professionals to help customers (program/project officials) address and implement their privacy strategies as part of the organisation’s culture sooner rather than later. This will help to both reduce the cost of enterprise IT and security systems as well as implement privacy best practices.
Organisations should look to use technologies and to create policies that make it easier to do the right thing than it is to do the wrong thing or to simply neglect privacy entirely. In the end, we need to take a positive approach to our privacy policies and the enforcement of the same, as privacy is the cornerstone of security within our organisations.
Posted by Dana Louise Simberkoff, VP, Risk Management and Compliance, AvePoint