The top 3 challenges of unstructured data (and how to handle them)

Take control of your organization’s unstructured data environment

Sam Gillespie
Data Governance Offering Manager, OneTrust
April 26, 2022

Blue and violet gradient background

All businesses have a semi-structured data model, made up of two types of data: unstructured and structured data.

Most business data is unstructured and held in tools often with open access to all employees. If left unchecked, this exposes the business to the risk of data loss and non-compliance.

With structured data, data management is an easier task, as relational databases (such as SQL) and datasets have predefined fields that can be easily accessed and processed.

While having large amounts of unstructured data in your organization is not inherently bad, the issues of access, data sensitivity, and compliance get exponentially more complicated in an unstructured data environment. Examples of unstructured data include text files (documents), spreadsheets, video files, audio files, web pages, and even social media posts.

1. Understanding, identifying and governing your unstructured data

The big data and metadata that sits in these sources could be subject to the following:

  • Encryption/masking requirements
  • Retention Periods
  • Privacy Rights Requests

Automating your data discovery and classification process in unstructured environments is the most effective way to help ensure it remains compliant, accessible, and secure.

The words automation, artificial intelligence, natural language processing, and machine learning algorithms are thrown around far too often nowadays, and although they are powerful technologies that can be leveraged effectively, they don’t guarantee efficiency.

You need to provide them with business intelligence – the rules they need to follow for your enterprise data. Have a legal expert walk your team through applicable regulatory bodies and data regulations that apply to your industry and region to fine-tune your unstructured data environment to a well-cataloged file system.

2. Streamlining employee privacy rights requests

As is the case with consumers, employees are also learning more about their data rights. With the GDPR and CPRA clearly laying out provisions for employees to know and understand the extent of their employer’s data, employee requests to access personal information are on the rise.

What makes these requests more cumbersome than a standard privacy rights request from a customer is the scale of employee information companies have. This information tends to sit in emails, chats, SharePoint files, and other unstructured sources of data.

Handling employee rights requests can be broken down into three steps:

  1. Streamline the ID verification process by using an internal portal for a single pipeline
  2. Optimize real-time data discovery with tools to scan sources for employee information
  3. Automate redaction to ensure no sensitive data leaks

3. Enforcing document retention and deletion policies

Even employees with the best intentions commonly store files in non-designated data storage areas, generate share links for documents without thinking twice about the associated risk, and use their personal devices to access and share data that may be considered confidential.

Counteracting these practices first requires data analysis to document high-risk processes that lead to the scenarios mentioned above.

The next steps are flagging policy violations and escalating to InfoSec teams for investigation and remediation when the volume of high-risk activity reaches a specified threshold. This schema will allow your organization to enforce data retention and deletion policies effectively.


On-demand webinar coming soon...


Throughout these challenges, using data analytics to measure program success and effectiveness is the best way to keep track of how well your new policies and practices are working in your data environment. Metrics such as the percentage change in incidents, or time taken to fulfill an employee privacy rights request will give a clear picture of the before and after scenarios.

This will also help get buy-in from leaders across the organization when they can see the improvement laid out before them.

Dealing with unstructured data is a challenge that every organization faces. To learn more about different use cases, analytics tools, and data solutions, check out ‘The OneTrust Guide to Unstructured Data’.

You may also like


Data Discovery

Live demo: OneTrust Data Discovery

See how OneTrust Data Discovery can help your organization achieve complete data visibility to empower your security program and reduce risk.

June 22, 2023

Learn more


Data Discovery

Data responsibility: The information security professional’s higher purpose

Join OneTrust and KPMG for a dialogue with Information Security leaders on managing the balance between risk and reward when handling sensitive customer information.

June 20, 2023

Learn more


Data Discovery

OneTrust Data Discovery Day: A deep dive into automating data discovery and classification

Join us for a two-hour deep dive into data discovery and how OneTrust helps privacy, IT, and security teams understaind their data and achieve risk reduction goals.

June 13, 2023

Learn more