Presidential tweets, Self-destructing messages and the use of Shadow IT as the ‘new normal’: The need for Information Governance more than ever – Jason R Baron
Thanks to Gilbert+Tobin and Thomson Geer for hosting very successful and engaging events in Sydney and Melbourne with Jason R. Baron presenting ‘Presidential tweets, Self-destructing messages and the use of Shadow IT as the ‘new normal’: The need for Information Governance more than ever’. Jason’s keynote was followed by panel discussions facilitated by Susan Bennett, Co-founder InfoGovANZ – the Melbourne panel included Victorian Privacy and Data Protection Commissioner, Rachel Dixon and Paul Noonan, Technology Partner at Thomson Geer; and the Sydney panel included NSW Privacy Commissioner, Samantha Gavel and Simon Burns, Technology Partner at Gilbert + Tobin.
Jason’s keynote, delivered in his distinctive and thoroughly entertaining style, addressed the rapidly changing information landscape and the impact it is having on individuals and organisations. His observations on Shadow IT, the recently enacted EU General Data Protection Regulation (GDPR), privacy and compliance, were flavoured by anecdotal examples such as the Clinton private server and presidential tweeting.
The key strategies and best practices for confronting the reality of shadow IT identified by Jason include:
1. Develop a robust information governance policy that covers the emergence of shadow IT in the workplace.
2. Educate employees.
3. Employ IT solutions to protect information:
- Allowing remote access through directed means (e.g., Citrix);
- Require passwords and screen timeouts;
- Make it easy to copy or forward messages to official recordkeeping systems.
4. Make agency systems and devices easier and more attractive to use than alternatives (good luck).
5. Periodically reevaluate employee practices and company policies.
6. Practice what you preach – with an important message to C-suite executives: If you won’t do it, they won’t do it. Use your own shadow IT practices as a bellweather for what will work best with your organisation’s culture.
The audience was treated to valuable insights into the challenges presented by users applying ‘end-run’ methods to avoid official record-keeping systems and communication channels. This lead to an insightful panel discussions focusing on data privacy, regulatory compliance and how effective information governance can mitigate the risks of Shadow IT without impeding IT and business innovation.
The Melbourne Panel discussion traversed a wide range of shadow IT, big data and regulatory challenges for organisations. Victorian Privacy and Data Protection Commissioner, Rachel Dixon led a very engaged panel discussion on the issues on the privacy and governance challenges of big data analytics and data sharing. The Panel discussed the complexities of de-identification of personal information as highlighted in the recent paper from the Office of the Victorian Information Commissioner. The Melbourne Panel discussion also highlighted the importance of people and culture to drive technology and changes to process in order to achieve organisational goals.
Paul Noonan, Technology Partner at Thomson Geer highlighted the potential for organisations in other industries to look to the example of APRAs prudential standards and guidelines on information technology matters and APRA’s proposed new information security standard. Paul also pointed out the increasing compliance burden on Australian businesses, particularly for small businesses that have turnovers of less than $3 million dollar and are not bound by the requirements of the Privacy Act, but may be subject to the requirements of the EU’s GDPR.
During the Sydney panel discussion, NSW Privacy Commissioner Samantha Gavel discussed the importance of Privacy Impact Assessments, and how organisations should seek to implement a ‘privacy by design framework as identified in the GDPR requirements. Samantha also responded to questions on data sharing and Big Data, referring to work being performed at the NSW Data Analytics Centre, such as the white paper on Data Sharing Frameworks, and how efforts around data privacy in NSW were aligned with similar efforts in Victoria.
Simon Burns, Technology Partner at Gilbert + Tobin, spoke on the new opportunities and risks posed by cloud infrastructure, and how the efforts and capabilities of historically disparate business units – such as IT security, records management and the executive – need to be coordinated and leveraged appropriately to provide effective Information Governance. Simon also discussed the changing technical and ethical challenges associated with private data usage and licensing, addressing questions about a recent white paper from NSW DAC and the paper from the Office of the Victorian Information Commissioner on de-identification of data.
Jason spoke further on the challenges of Shadow IT during the panel discussion, specifically about the need for effective Information Governance and the need for organisations to invest in the necessary training, guidance and strategic thinking. Historically a failure to make this investment would simply result in reduced competitive opportunities, however the rapidly advancing regulatory requirements around information management mean that an organisation that does not make these investments will be taking on significant compliance risk.
The Sydney panel discussion was followed by some interesting challenging questions from the floor around the responsibilities of the board and ‘C-suite’ executives, the rise of the Chief Information Governance Officer in large corporates, and the security/privacy challenges of third-party, cloud-based document storage services.
Watch the Keynote Presentation
Download the Presentation Slides
The slides of the presentation are available here
Authors: Dr Peter Chapman, Matthew Golab and Susan Bennett