Welcome to the FILED Newsletter

Welcome to the first edition of FILED Newsletter, our new monthly newsletter offering a summary of relevant news, opinion, guidance and other useful links in the world of data, records and information management.  

This is a big, fast-paced industry and it can get overwhelming sometimes, so we want to provide a short summary of the essential content you need to read, and nothing you don’t. We operate under a no-fluff policy here.

– Anthony, Co-CEO/Founder

If you only read one thing

A hack at the US Federal Court records systems shows the risk of being trapped in legacy technology

First up this month, we have the alarming story of a major data breach at the US federal court records management system. Under questioning by the US House of Representative’s Judiciary Committee, it was revealed that “three hostile foreign actors” had attacked the courts’ document filing system. They haven’t offered more details on exactly which data was affected, citing security concerns, but noted the attack was “startling in breadth and scope”.

While the federal judiciary has been working to modernize its aging electronic system, this story is a stark reminder for businesses: you need to attend to these vulnerabilities before a breach, not after.

“Hoping for the best” is not a strategy. You need to be engaging partners about how to solve these problems because the risk is real.

Privacy & governance

A ruling from Europe’s top court, could have far-reaching implications for platforms that use background tracking or profiling to target users with ads. The court decided the publication of the name of a spouse or partner amounted to the processing of sensitive data, because it could imply sexual orientation. According to the court, inferred data based on protected/sensitive data is therefore protected/sensitive data itself.

This is clearest interpretation yet of how the bloc’s General Data Protection Regulation (GDPR) should be interpreted, and may raise significant compliance difficulties for platforms building data catalogs and targeting individuals with adtech.

In the United Kingdom, lawmakers are working on their own post-Brexit data protection legislation to replace the GDPR. At this stage to news appears to be good for those who are sick of clicking cookie consent boxes, and terrible news for robo-callers.

And in the United States: is it possible the US Congress’ upcoming privacy bill might be… good? It seems that way, according to this coverage in Wired. A new draft is both being celebrated by privacy advocates and may actually have the bipartisan support to be passed. The draft favors data minimization, limiting companies’ collection of data, which contrasts with privacy legislation like the GDPR, which is all about users providing consent.

In Australia, retailers Kmart and Bunnings have had to pause their use of widespread facial recognition technology in their stores, as the privacy watchdog investigates. While this technology is by no means widespread in the country, the investigation and any subsequent legislation could impact businesses collecting sensitive data of all types

And this piece from the University of Michigan outlines the business case for companies to start to care about privacy. In short: it can affect the bottom line, it can be turned into a competitive advantage, and most importantly, it may be the law (depending on where you’re based).

Security

A major privacy data breach at the University of Western Australia has exposed personal information and grades of current and past students, as well as the details of their emergency contacts. A significant and apparently “random” attack.

Meanwhile, customer-facing systems at Luxembourg energy provider Encevo Group are still offline 12 days after a cyberattack by a “rebranded” ransomware group BlackCat (read more on the new breed of ransomware groups). Affected data includes contracts, agreements, passports, bills and emails. At this point Encevo Group lacks the information to personally inform all affected individuals, a particularly scary situation.

Are you sometimes confused as to the difference between a breach, a data breach, and a privacy data breach? And more importantly, how to respond to each? This article from Security Intelligence has you covered.

Also from Security Intelligence and IBM: the average cost of a data breach is now $4.35 million.

The latest from RecordPoint  

It’s been a busy month for the RecordPoint team. Here are a few of the bigger things we’ve been working on:

Connectors

We launched Connectors, a new product feature that enables organizations to connect their essential business systems to Records365, providing consistency to their data management, enabling them to make better decisions and ensure they are compliant across their entire data corpus, all without impacting users. Learn more about why we built this feature, from our VP of Product Kris Brown.

Pulse of the Industry Report 2022

Have you read our Pulse of the Industry Report yet? It contains a lot of interesting nuggets for those in the records and information management industry. For example:

• Professionals are struggling to get organizational buy-in for records management, often because they lack a strategy that aligns to the broader company. Sound familiar? Learn how to overcome this issue.
• How many new tools did your organization adopt during the pandemic? Some organizations added as many as five, often with little consideration for the implications from a compliance point-of-view. Learn how to solve the challenges of data sprawl.
• Let’s take a step back: what is records management in 2022? Is it possible the challenges with budget and internal education are only overcome when we stop thinking of ourselves as “records managers”? What if we start to think of ourselves—and more importantly sell ourselves—as data managers, or asset managers?

‍