When insurance legislation came into force that required Canopius to examine its structured data storage processes, they realized that there was also a parallel challenge around unstructured data, i.e. not captured in databases or financial systems. For Canopius, unstructured data meant anything from PDFs, documents, and spreadsheets, to photos, videos, and custom files. David Francis, Group Data Protection Officer and Head of Information Governance for Canopius, explains further: “In our industry,it’s easy for organizations to adopt a ‘hoarding mentality’ when it comes to data. Companies are reluctant to delete any data that might be useful at some point in the future. However, this has a real impact on storage requirements, and if the information is not indexed it will be hard to find. Plus, data privacy laws mean that data kept beyond a certain timeframe could leave companies open to penalties.”
It is expected that unstructured data will account for 80 percent of all data created in 2020*. With this in mind, Canopius looked for a solution to index its content and metadata to discover, cleanse, classify, and migrate data to where it needs to be.
Canopius was very clear that this was not an issue to be solved by IT and technology in isolation. Francis worked with a team of experienced information governance consultants at Oyster IMS and together they devised a business-led program to identify information owners, gain senior management backing, and create a clear ongoing communication strategy. In parallel, Micro Focus ControlPoint, with its IDOL indexing engine, was selected to support this business engagement. ControlPoint helps implement business rules to verify data, identify and remove trivial information, tag data based on content, archive appropriate data, and migrate information.
Francis comments on the process: “ControlPoint is completely customizable for teams, or even different individuals, so depending on the requirements, it will treat their data in a certain way. Once the process was implemented, as we recognize that our business changes all the time, we set up a regular monitor and review schedule to ensure this is not a ‘one-off’ exercise, but becomes second nature to us.”
Bringing structure to unstructured data soon started paying dividends. Canopius is an acquisitive company and one of the department’s audits found a ‘lost’ HR area that the current team were not aware of. As HR data is inherently sensitive, it was vital to manage it appropriately. The team also found examples of confidential information saved to a less secure area and could rectify this immediately. With new data coming in from different companies, ControlPoint’s ability to recognize common data formats and define granular policies for different data sets proved very useful.
For example, Francis used ControlPoint to manage an e-disclosure request for a litigation: “Locating 2.5TB of relevant information would have taken me at least a month before. Using ControlPoint and working with Oyster IMS, I was able to collate information across multiple repositories and respond to the request within a morning.”
Canopius is subject to GDPR ‘right of erasure’ requests. ControlPoint searches across information siloes and returns all instances of the requested data for deletion. Data subject access requests are also managed through ControlPoint, which hugely streamlines and speeds up the process. According to Francis: “We already used ControlPoint when GDPR came into force. It really put us ahead of the game as we had done the groundwork and were already applying GDPR principles to our data.”
Following the ControlPoint implementation, Canopius has so far deleted over 4.3 million files. As Francis says: “By shrinking the haystack, you will find the needle faster. We spend less time looking for something and more time making data-driven business decisions.”
Efficiency and productivity improvements are not the only benefits Francis has noticed: “With ControlPoint, we have reduced our storage costs, and improved our response to audits and GDPR information requests. By knowing exactly where our data is and what purpose it serves, we have enhanced our whole information governance regime. We are confident that this will reduce our exposure to penalties or sanctions related to data privacy breaches and are beginning to explore how we can extract meaningful insight from our unstructured data.”
He concludes: “Micro Focus and Oyster IMS have helped reduce our liability and given us the tools to make intelligent decisions on our data retention policies. This is a great example of business and IT working together for success.”
We already used ControlPoint when GDPR came into force. It really put us ahead of the game as we had done the groundwork and were already applying GDPR principles to our data.
Locating 2.5TB of relevant information would have taken me at least a month before. Using ControlPoint, I was able to collate information across multiple repositories and respond to the request within a morning.