A great deal has been written about the GDPR and CCPA privacy laws, both of which includes a “right to be forgotten.” The right to be forgotten is an idea that was put into practice in the European Union (EU) in May 2018 with the General Data Privacy Regulation (GDPR).
Various government privacy regulations, including GDPR, CCPA, various state regulations, and the draft federal privacy bill currently in Congress (the Consumer Data Protection Act) all include some form of the right to data erasure, otherwise known as the right to be forgotten. Because the regulations don’t specify the specifics behind the right to data erasure, some are questioning what this right means when considering PI deletion. The purpose behind this particular privacy requirement needs to be better understood as to what the regulatory authority was actually trying to accomplish.
Subscribe to the blog and get instant access to the crucial steps to ensure your cloud-based Office 365 migration goes smoothly.
The California Consumer privacy Act (CCPA) was passed last year (2018) with an effective date of January 1, 2020 – assuming no federal actions (check out the blog titled “Will the New California Consumer Privacy Act Stand?” for potential federal actions.)
Over the years I’ve written a lot about the benefits of enterprise file consolidation, i.e., storing and managing unstructured data in a common repository. In fact, most companies still have data spread around the enterprise in distinct stand-alone data silos (usually unmanaged at the file level) including custodian computers, removable media, personal cloud accounts, file systems, email systems, and SharePoint servers (to name just a few). Companies run the risk of experiencing eDiscovery and regulatory issues, the inability to run effective data analytics processes, and lower employee productivity.
Companies moving to Office 365 must decide what they should do with their on-premise compliance journals. The issue is Office 365 does not allow for journal mailboxes, so many companies have created workarounds. They include: Utilizing shared mailboxes for journal data Exploding legacy journals so they can migrate the journaled individual emails into the associated custodian mailboxes Keeping your on-premise Exchange server active is expensive. Using a proprietary third-party cloud is also expensive and risks the issue of vendor lock-in, otherwise known as data prison.
Healthcare providers have an ever expanding choice of medical tools to choose from. However, the more medical devices they acquire, the more complex their systems become. Two of the biggest issues healthcare providers face are: Dealing with the variety, volume, velocity, complexity, and non-interoperability of healthcare data Moving disparate data from their individual data silos to a consolidated repository where true value can be realized, i.e., faster, more reliable diagnoses (because providers and their applications have access to the full healthcare data set
The Journaling function in “on premise” Microsoft Exchange email systems was originally developed back in the late 1990s for financial services organizations to meet SEC requirements. The main requirement consisted of capturing broker/dealer communications (emails) immediately, ensuring those emails could not have been altered or deleted before they were stored on immutable storage (WORM) per SEC 17 a-3 and a- 4 requirements. The SEC wanted to ensure that broker/dealer communications were available to review in an unaltered state if complaints were later filed against the financial services organization or individual broker/dealers. In fact, other companies adopted journaling for various reasons, mostly when under litigation hold to ensure target custodian email was captured and held thereby avoiding spoliation charges. However, the financial services industry was the only industry to really require it via government regulation.
So, you’ve decided to move your on premise email system to Office 365/Exchange Online for cost savings, higher security, and scalability. However, before you begin the migration, a question you should ask is; does my organization journal email for compliance, legal, or business requirements? If your company does, then read on.