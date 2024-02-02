Data protection is, and will remain, a key priority for regulated firms and regulators alike and is an even greater focus in Data Privacy Week. For companies subject to multiple overlapping global privacy regimes, there is a patchwork quilt of regulation and legislation covering the demands of government regulations regarding sensitive data and data protection, such as the EU General Data Protection Regulation (GDPR), the US Health Insurance Portability and Accountability Act (HIPAA), and the California Consumer Privacy Act (CCPA).

Unified communication and collaboration (UCC) tools have cemented their place in the fabric of the workplace. The adoption of modern, effective and efficient means of communication has led to many benefits but it has also led to the potential for increasing amounts of personally identifiable information (PII), financial data, and electronic personal health information (ePHI) data to be shared in conversations. Firms must protect, manage, and oversee personal data appropriately no matter what the means used to capture, retain, search, supervise and delete the information. The point is reinforced by the prediction by Gartner that by the end of 2024, 75% of the world's population will have its personal data covered under modern privacy regulations.

Data protection and privacy involve the relationship between data security, accessibility, the robust use of technology, the public expectation of privacy, together with the associated legal, regulatory and political issues. Given the volumes of all kinds of communications data, organizations will need to deploy appropriate technology to seek to ensure comprehensive data protection compliance. Indeed firms may wish to consider specific privacy-enhancing technologies (PETs).

'Software and hardware solutions, ie systems encompassing technical processes, methods or knowledge to achieve specific privacy or data protection functionality or to protect against risks of privacy of an individual or a group of natural persons.' Definition of PETs from the European Union Agency for Cybersecurity



For 2024 there are a number of key privacy and data protection issues to consider when developing a strategy for managing UCC applications including:

Blindspots must be eliminated - UCC data is, by definition, dynamic and organizations must be equipped to capture all the components of conversations on UCC platforms from chat, video, and voice to emojis, reactions, and GIFs. These elements provide crucial context about the interactions between employees, customers, and other third-parties and are often critical when reconstructing data when responding to data subject access requests ("DSARs").



Strong search is essential for DSARs responses - the ability to efficiently and effectively respond to DSARs is predicated on strong search. The ability to search across any attribute of a data subject such as name, email address, phone number, or employee ID is critical for locating the relevant information requested. Moreover, searches for emojis, reactions, GIFs and searches across data types like images or audio are essential for collecting complete and accurate information. Given that 74% of firms are facing challenges in searching and retrieving communications, considering search early and choosing platforms like Theta Lake, which provide all of these features in a unified interface, is key.



Redaction and remediation are a must - firms must have the capability to redact any and all personal data or information such as credit card numbers, national insurance or social security numbers and dates of birth. Comprehensive redaction capabilities protect confidential or sensitive information from being accessed and enable swift remediation and removal of risky content across platforms. Moreover, the ability to easily remediate sensitive data in chats or elsewhere helps organizations reduce data exposure risk. Theta Lake provides quick and intuitive features to detect and remove information such as credit card numbers, account numbers, email addresses, or other sensitive personal or financial information directly from chats with a few clicks. Original chats are preserved to meet legal and regulatory requirements, while sensitive data is removed from circulation.



Proactive detection of data privacy risks - firms will need help with oversight. Comprehensive and unified communication records will enable institutions to undertake proactive data protection compliance and supervision and for that, given the sheer volume of the records, specifically trained AI can help firms detect and remediate risks at scale. For example, understanding if sensitive data is discussed on a phone call or disclosed over a screen share is essential given the data leakage ramifications. These targeted detections use high quality expert sources and domain expertise, which means that the burden does not fall on individual organizations to train the AI models or verify the results.



Control over archived communications will have multiple data protection benefits - controlling your own data is essential. From a firm being able to use its own encryption keys through to exporting their data at any time (with no additional costs) to their own storage. Retaining the ability to set specific retention periods depending on the nature of the data and applicable regulations means that customers retain full control over the retention and disposition of their information. Many firms make use of multiple capture tools and disparate voice and email archive storage which makes data management including search, even with third party tools, difficult. Unifying archives particularly combined with a strategic move to the cloud will deliver huge potential benefits and will enable the firms to keep pace with the data protection compliance expectations of the innovation, scale and performance that cloud UCC tools deliver and require.

