Key Outcomes Generated

• 2m+ documents scanned and indexed 
• 1,000+ information assets secured / deleted
• Customised data governance framework established
• Simple policies developed

.

The Challenge

A NFP in existence for over 20 years had lost the understanding of their information holdings, due to staff turnover, disparate ways of working and global footprint. The Board and Executive team wanted to ensure the organisation’s main repositories did not contain unsecured Personally Identifiable Information (PII) or even Personal Health Information (PHI).

To avoid the recurrence of the issues faced, the organisation also wanted to establish a data governance framework laying the foundations of sustainable data management, in a low-touch way that does not hinder the productivity of its employees.

Our Approach

We followed a hybrid data discovery approach combining the use of an automated tool with detailed data owners consultation to ensure the fitness for purpose of our analysis:

• Selected a tool able to discover data across the organisation’s main repositories
• Defined the discovery criteria tailored to the organisation’s main concerns
• Scanned 2m+ records and identified over 1,000 records requiring remediation
• Documented the organisation’s main data risks
• Established a lightweight data governance framework tailored to the organisation’s risk appetite and ways of working
• Provided critical input for the creation of data-centric policies (data capture & consent, data retention & lifecycle management, BYOD)