No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

The Data Collection “Fire Drill”

by Charles Weeden
July 2, 2018
in Data Privacy
fire alarm with strobe light on white wall

Using Tech to Streamline Compliance Efforts

Data collection and monitoring tools now make it easier to access information quickly, but only if your company has the right content management and e-communications system in place. Rather than leaving the decision as to what system would work best solely up to the IT department, compliance officers should have a say in the functionality of such systems, given the time and resources involved in following compliance protocols and e-discovery searches arising from compliance audits, internal investigations and regulatory investigations.

When the alarm goes off, your general counsel and regulatory compliance team puts the IT department on high alert: find all institutional content related to a specific issue or event, and find it fast.

Perhaps the request is in response to a claim alleging a product defect, with all documents related to product design and testing needing to be collected, including blueprints, design specs, patent applications, emails and texts between designers and outside contractors and subcontractors, as well as beta testing results. Or the request relates to alleged insider trading, employee harassment, illegal payments to a foreign partner or leaking of clinical trial results.

When these requests come to an IT department, resources must be pulled from other projects and the team has to search the company’s cloud or network of files, and in some cases, depending on where information was saved, obtain laptops from their users so individual hard drives can be reviewed. The team also might need to recall where deleted emails are stored, identify the search parameters to gather the relevant ones and determine what to do with data from users who have left the firm or work from overseas offices, which may have conflicting privacy and e-discovery rules governing the accessing and downloading of information. And perhaps more challenging is that IT staff may suddenly be exposed to sensitive, confidential information, if only to capture and manage it.

Thankfully, technology has evolved to streamline the entire process, so this information can be gathered with just a few keystrokes, assuming of course senior leadership is committed to proactively preserving, managing and tracking all content. Compliance officers play a crucial role in convincing their organization’s C-suite to invest in the right tools and personnel to make that commitment a reality by highlighting how an integrated information management program reduces chaos, saves money long-term and reduces the stress of an internal or external investigation.

De4 Methodology

To facilitate the transition to an integrated corporate information architecture, smart organizations may wish to consider deploying the De4 methodology, which is segmented into four steps: Decide, Define, Design and Deploy. This article focuses solely on the first two segments as they benefit any entity looking to develop an integrated data information and monitoring program, regardless of what system is ultimately implemented.

Decide

This may appear as a simple first step, but it isn’t. Implementing new systems makes many employees, regardless of their department or seniority, uncomfortable and wary about whether they can learn the new tools and protocols and, if they do, whether they will be more effective. The HR department may use a locked file cabinet to store employee information, while a sales person produces customer proposals on her laptop. These systems work well for the individual, but are high hurdles to a project that transitions this content. Convincing these groups and most of the rest of the organization to change sometimes feels like trench warfare and takes a significant toll on project managers. Few individuals want to be the person who tells someone he has to change his work process, especially when the compliance, legal and other departments are the primary beneficiaries of the project. Most departments have systems that work well for them but not for the entire institution. Finding a solution that everyone can buy into is not easy.

Nonetheless, to determine if transitioning to an integrated data gathering, data sharing and data distribution system is right for your organization, in the “Decide” phase, ask:

  • Which departments/divisions will be affected?
  • How much legacy data will need to be converted to the new system?
  • What regulations and retention practices will need to be incorporated? For instance, HIPAA, HR, ERISA, SOX.
  • What types of messages will need to be captured? For instance, instant messaging, voice messaging and fax.
  • What e-discovery/review capabilities will we want our legal department to be able to perform?

The deliverable of the “Decide” phase is a five- to 10-page outline of corporate policies and priorities and, in turn, the presentation to senior management’s sign-off.

Define

The “Define” phase translates the general policies above into a detailed departmental system specification and, eventually, a request for proposal to determine in the “Design” state the archival technologies that will support the requirements.

In the “Define” phase, IT personnel:

  • Meet with each department to discuss how to implement the corporate policies into new requirements and procedures.
  • Define special archive folders for differentiated retention.
  • Define user access to archives, the size of the email information store, short-cutting parameters, the back-up plan, etc.
  • Determine how to manage current local archives.
  • Write up archive and technical specifications and present them to senior management.

Preventing a “Fire”

The real benefit in implementing an institutional information management program lies not with the remediation after the fire, but in preventing the fire in the first place. In retrospect, wouldn’t Volkswagen’s compliance team want to know about the “diesel dupe” before it was discovered by the State of California? Wouldn’t Wells Fargo want to know that thousands of its employees felt the only way to meet their marketing targets was to secretly create millions of unauthorized bank and credit card accounts? Settlements from these matters, not to the mention the reputational damage done to a company’s brand, are often in the billions of dollars and dwarf the costs of implementing the technologies to prevent them.

In the verbal world of the past, communications and transgressions were more difficult to discover. With the advent and widespread use of digital communications, today, institutions are slowly and painfully realizing just how sticky and problematic textual communication can be. Institutional deniability is far harder now to use as cover.

Improved forms of data analytics now also make it possible to respond to issues before they turn into problems. For example, some software can now analyze the sentiment of an email or text message and determine if a customer was satisfied with the exchange or upset. When this software is integrated with another e-communications collection tool, not only will someone in the compliance department be alerted when a customer expresses dissatisfaction online, but so will customer services, enabling a manager to directly contact the customer and, potentially, turn a negative situation into a positive one.

Compliance’s Proactive Role

Compliance officers face real challenges. Rather than sitting in the fire station waiting for the alarm to go off, undoubtedly, most would rather be proactive with tools to see what situations may be starting to emerge in order to act on them quickly and ideally prevent a full-blown crisis. For instance, if the sales people use inappropriate language, then a culture builds that  may end up in a harassment claim. Or if software or pharmaceutical test results are being leaked, then action can be taken before your intellectual property loses its value.

The SEC and many other government organizations look to the institutions they monitor to build a “culture of compliance.” This means employees understand that the compliance department has the tools to find and address inappropriate behavior. This, in turn, cleans up language and potentially questionable practices. Undertaking a knowledge-management initiative has, in the end, the benefits of reducing costs, instilling efficiencies and building just such a compliance culture.

A well-instituted information management and governance program can deliver a significant return of investment, both in savings and proactive prevention.  More importantly, it can enable compliance and other knowledge workers to mine or leverage institutional knowledge to identify potential problems and potential opportunities. An institution can now “know” what it knows.


Tags: Data AnalyticsData Governancee-Discovery
Previous Post

The 10 Best Ways to Get Yourself Fired

Next Post

How the Foreign Corrupt Practices Act Came to Be

Charles Weeden

Charles Weeden

Charles Weeden is Managing Partner of 17a-4, llc, a compliance software and services company focusing on e-communications and archive technologies that meet the regulatory and e-discovery requirements of institutional clients subject to SEC, FINRA and CFTC rules (including SEC Rule 17a-4) reporting. The company consists of two divisions, DataParser software solutions products, and 17a-4, which offers compliance counseling, including designated third-party services as mandated for broker-dealers by the SEC. 

Related Posts

data privacy leader concept

Who’s Minding Your Data? The Case for Dedicated Privacy Leadership

by Daniel Barber
June 16, 2025

As state privacy laws multiply and AI introduces new vulnerabilities, the question isn't whether you need dedicated privacy expertise —...

abstract obscured data colorful

NIST’s Differential Privacy Guidelines: 6 Critical Areas for Secure Implementation

by Michelle Drolet
June 16, 2025

Standard de-identification methods remain vulnerable to sophisticated attacks, but differential privacy offers mathematical guarantees that scale with emerging threats

check engine light

What Gets Measured Gets Managed, but What Actually Matters in Compliance?

by Keshonda Walker
May 16, 2025

Looking beyond standard measurements to identify the quiet signals that help compliance teams address issues before they become crises

hidden value abstract

CCO Insights: How to Articulate the True Value of Your Compliance Program

by Kenneth Koch and Phillip Ostwalt
May 14, 2025

Benefits of robust programs aren’t always obvious, but buy-in remains critical

Next Post
FCPA document with hands and gavel

How the Foreign Corrupt Practices Act Came to Be

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights