Active Archives Simplify Compliance and Data Sovereignty
Any time data is being collected and retained, there are always compliance and data sovereignty issues that must be addressed. However, the quantity of data stored in today’s enterprise magnifies the potential risk. Imagine the extent of sovereignty and compliance issues when you are dealing with exabytes of data storage for long or even infinite periods of time?
Compliance rules, for example, differ greatly from location to location. What is acceptable in one state may be a crime in California, Germany, or New Zealand. Such locations provide rigid sovereignty regulations that mandate that information can’t leave their borders. However, such rules are often cumbersome to police and enforce when the cloud, wearable devices, and remote work enter the equation.
Further data sovereignty and compliance factors to consider include the advent of artificial intelligence (AI) and the prevalence of ubiquitous analytics applications. Usage of AI and analytics could face challenges if they attempt to transmit data back to a central repository, which may lie in a different region. Hence, we are seeing the appearance of more powerful edge computing nodes to serve AI and avoid falling foul of data movement restrictions.
Each area may have different stipulations concerning how information is collected, managed, and stored. There can be tremendous variation at the state, country, and regional levels. In addition, internal policies concerning these matters can vary from lax to extremely strict. And there may be industry-specific regulations, such as those from the SEC, that public corporations must adhere to.
The three areas where these rules have perhaps the most significant impact are:
- Patient data in healthcare.
- Customer information and financial data in the financial services sector.
- Customer information and product and sales information in retail.
Each owns vast digital assets that fall under a wide range of regulations, standards, and policies.
Active Archives and Compliance Management
Active archives possess the management capabilities to address most compliance and data sovereignty concerns. Data solutions exist that can map archived storage to organizational and regional compliance needs. These solutions help organizations manage the governance of existing data and legacy data to minimize risk across all business units and agencies.
In addition to responding effectively to regulatory and compliance matters, an active archive offers fast accessibility to archives. AI tools already exist that can create labels and containers around stored information to streamline storage, risk management, compliance, and data sovereignty. Active archives with an AI component are becoming an essential feature of data management. These archives are equally comfortable dealing with data in modern as well as legacy formats. They address retention and disposition requirements.
These capabilities are becoming more important now that the rules on compliance and sovereignty have grown some teeth. For example, the EU’s General Data Protection Regulation (GDPR) has levied fines in excess of $4 billion in less than a decade. Meta (Facebook) was recently fined more than a billion for violations.
Prudent organizations, therefore, are paying close attention to this area. They need to provide audit trails for their data, adequate documentation, the ability to set and enforce retention policies, and the ability to store and provide evidence of consent. Active archives open the door to such features and more. They also make it possible for organizations going through restructuring, mergers, acquisitions, and bankruptcy reorganizations to reconcile the efforts and systems of multiple entities and remain in compliance.
You can find out more about emerging use cases for active archives by listening to the recordings of the 2023 Active Archive Virtual Conference.