Move Past the Monsters Guarding the Castle
Understanding dark data can also remove wasteful duplicative effort and increase productivity. The best way to achieve this is to culturally and technologically educate employees to prevent them from doing the same type of work over and over again. Employees often end up recreating the same documents when presented with a specific question that has been answered before.
A better working knowledge of what has been created before would make a difference in allowing employees to remove redundant workflows. Structured workflows allow employees to know the sources of old information, which is where dark data comes in. Presumably, if dark data is “tamed,” an organization has some sort of search index. If a mailbox goes back 10 years, a comprehensive understanding of dark data makes searching that backlog much easier than approaching searches with native tools.
Bringing the Beasts to the ‘Good Side’
Understanding dark data allows users to cover ground quickly across incredibly wide spans of time. To know this, though, requires proactive, proper education of employees.
This also allows organizations to prevent insider threats. When discussing cybersecurity, it’s obviously important to address firewalls and spam filters, but insider threats can be even more damaging than an outside attack. The best way to mitigate this beyond a working knowledge of dark data stores is access management.
Prioritizing privileged users and only allowing access to data within certain windows of time prevent accidental or purposeful leaks. Limiting data with even more rulesets over time is a proactive way to prevent inside threats and can stop things slipping through the cracks. For example, perhaps an employee—and not even a disgruntled one—is accessing data storage from more than 10 years ago. Any personal information created years ago would be capable of being compromised. This may not necessarily be information about the company, but personal, individual privacy that could be violated. The company could and should be held accountable for that data, but all of it could be mitigated with proactive access management and control of dark data.
A Call for Legislation
To hold those companies accountable, there should be legislation in the U.S., such as Europe’s GDPR. Taking it a step further, U.S. legislation needs to be more technologically thoughtful.
GDPR was intended to be vague, as it gives more power to the people, which is important. That vagueness though can take some of the teeth out of legislation by making it impractical. Enterprise-level organizations likely have robust storage for dark data, but a small website could have different struggles. Smaller sites likely have schemas that don’t allow data deletion.
If, in the event a customer recognizes her “right to be forgotten,” the whole site could be broken down because of a small site schema error. Maybe those websites shouldn’t be allowed in theory, but in practice, that kind of legislation is most damaging to small business owners and entrepreneurs. With the vast amount of dark data created, there should be legislation, but the feasibility of execution of that legislation should be deeply considered. The court of public opinion is a great way to hold data mis-managers accountable, but technologically thoughtful legislation would ultimately do a better job.
Dark data is just data at the end of the day and is therefore an asset that can be leveraged by businesses. This will require a deep understanding of dark data that will involve complicated thinking, but that doesn’t mean it shouldn’t be dealt with at all. It won’t be easy, and it won’t be quick, but there are numerous advantages in bringing dark data to light.