Spark teams up with Fidelity Life for data governance strategy

Spark has announced that Fidelity Life, New Zealand's largest locally-owned life insurer, is collaborating with Spark to establish a comprehensive data governance strategy.

This initiative will leverage Spark's security consulting services and Microsoft Purview tools to enhance the visibility and control Fidelity Life has over its sensitive data. The objective is to bolster the insurer's overall resilience and competitiveness.

Fidelity Life's shift to more decentralised IT operations, with employees working beyond traditional office settings using various digital systems, has highlighted the need for robust data and information security measures.

"Most organisations sit on hundreds of millions of files across hybrid environments. Trying to figure out the location of data is a difficult problem to solve," said Tahira Begum, Security Lead GRC at Fidelity Life. "We recognised the need for a robust data protection and governance strategy to mitigate risks, ensure compliance with industry regulation, and protect customer information."

As part of the collaboration, Spark conducted data security workshops within three of Fidelity Life's primary business units. These workshops identified security risks, established security controls, and set compliance priorities to fortify data management practices. Using Microsoft Purview tools, the largely automated data security checks identified several data sets, including emails and document storage, and flagged potential security risks.

The workshops also examined daily data-handling habits of users to create a detailed understanding of where and how different types of data were stored and managed.

Data and document classification, based on specific attributes, is central to Fidelity Life's data protection strategy, helping to ensure effective data management.

Tahira emphasised the importance of a strategic approach to data protection: "Our data protection strategy is the driving force. Then you've got your tools to roll it out. First, you've got to recognise data as a target and answer the questions: where is my data, which data is sensitive, who has access to the data, and how is it being used?" Microsoft's Data Loss Prevention, part of the Microsoft Purview suite, plays a crucial role in Fidelity Life's strategy.

By utilising the Microsoft Purview compliance portal, the company has developed and implemented DLP policies to oversee sensitive data effectively.

Liz Urquhart, Spark General Manager for Digital Services and Solutions, noted the importance of a structured data governance framework. "Implementing a robust data governance strategy is imperative for any organisation aiming to harness the full potential of its data assets. A structured framework and the right tools help to ensure data accuracy, consistency, and security, and empower organisations with valuable insights to sustain competitive advantage in the market."

With a clearer understanding of Fidelity Life's data landscape, Tahira and her team are now preparing for updates to the company's security policies and monitoring. Effective communication will be vital in ensuring staff embrace the forthcoming changes. "Communication, understanding and action are critical, because security is so much more than ticking the box on technical controls," said Tahira. "Our next step is educating our people so that they are comfortable with the changes we are making. This process is crucial to developing a culture of data security awareness and responsibility across all levels of the organisation."

Tahira also advised other organisations to begin by thoroughly assessing their data landscape and regulatory requirements. "Engaging experts like Spark and Microsoft and using tools such as Purview can provide invaluable insights and solutions for specific needs."