"We're Eating the Elephant One Bite at a Time": Data Privacy Lessons from Art and Education

When you think about data privacy challenges, art galleries and technical colleges might not be the first organisations that come to mind. But as we discovered at the recent OpenText Sydney Summit 2025, these institutions face many of the same hurdles as businesses everywhere.
In a fascinating fireside chat, Carl Duncan from WyldLynx sat down with Louise Fischer, Services Program Manager at the Art Gallery of NSW - a custodian of Australia's cultural and artistic heritage, and Mark Roberts, Manager of Information Governance at North Metropolitan TAFE in Western Australia. Their conversation revealed how they are leveraging OpenText's innovative cybersecurity solutions to enhance the security and governance of their vast collections of high-value records.
The "Grandmother's Garage" Problem
"People are putting stuff in what I call your grandmother's garage. They leave all their stuff there and it goes mouldy, but they still won't throw it out," explains Louise from the Art Gallery of New South Wales.
Does this sound familiar? We all have digital files scattered across personal drives, work emails, and shared folders that we rarely clean up. Louise compares her gallery's situation to "how to unite a country with over 300 brands of cheese" – a perfect description of the challenge of managing data across different departments with strong opinions!
For Mark at North Metropolitan TAFE in Western Australia, the problem is similar: "We have a massive proliferation of files and subfolders. It's like octopuses meeting in Teams – there is stuff everywhere!"
Both speakers highlighted how the COVID-19 pandemic made things worse, creating what Mark calls "the Teams pandemic" – where data moved but the underlying organisational problems remained.
Why Should You Care About Your Data?
You might be thinking, "So what if we have lots of old files? They're not hurting anyone."
Think again. Mark's institution experienced a data breach last year: "There was probably about 3 hours of someone getting into our network, and about 85 documents and 60 emails were taken."
They were lucky – their reputation remained intact and they didn't lose money. But others haven't been so fortunate
Beyond security risks, messy data creates everyday headaches:
- Important files become impossible to find
- Staff waste time searching for information
- Duplicates create confusion about which version is current
- Recovery from system crashes becomes a nightmare
As Louise points out: "What happens if the system crashes and we can recover all the files but not the directories they were in? We'd have to open them all and rename them!"
"It's actually quite insane when you think about how much duplication there is. A form comes in, somebody emails it to another person who goes 'Oh no, it's not my job.' Then it's in their sent items. They might do that three or four times, and then somebody prints it out and scans it into another system! "
The Journey to Better Data Management
Both organisations are using a tool called "Core Data Discovery and Risk Insights" (or "Fusion") to help tackle their data challenges. At North Metropolitan TAFE, they've even created a mascot named "Cedric" – complete with a tool belt – to represent the process of fixing their data problems.
But technology alone isn't the answer. Here are the key lessons from their experiences:
- Take Small, Manageable Steps
"We eat the elephant one bite at a time," says Louise. Don't try to fix everything at once. Start with the "low-hanging fruit" like removing duplicate files over 10 years old.
- Find Your Champions
Look for departments or individuals who understand the value of good data management. As Louise notes: "We've got a few people that are champions. Our conservation department were an unusual bunch of champions."
- Use Carrots, Not Sticks
Both speakers emphasised that simply pointing to policies, regulations or audit requirements rarely works. Incentivising good habits and behaviour is much more effective than using punishment to reach your goals.
"You can throw policy, you can throw legislation, you can throw the fact that there's an audit coming and the director will get into trouble," Louise explains, "And they're like, 'I've got an exhibition to hang, don't give me details!'"
- Show Them the Problem
Scanning your data and showing people the actual results can be eye-opening. Louise admits that seeing the number of duplicates "scared the living Jesus out of me!"
For North Metropolitan TAFE, examining their forms revealed that about 35 out of 54 forms were capturing sensitive personal information like health details – a major privacy risk with new legislation coming.
- Think About Culture Change, Not Just Technology
Both organisations describe the journey as "baby steps" in changing how staff think about information. Technology solutions like SharePoint won't help if people don't use them properly – as Louise discovered when someone "moved 83,000 records from the [Google] Drive into SharePoint – just lock, stock and barrel."
The risks of doing nothing are real, but the path to improvement doesn't have to be painful.
Getting Started on Your Data Journey
If you're feeling overwhelmed about your organisation's data, remember Louise's advice: "Don't try to do it all at once. It's getting buy-in, identifying champions, and lots of carrot."
The risks of doing nothing are real, but the path to improvement doesn't have to be painful. Start small, focus on obvious problems like duplicates, and gradually build momentum.
As Mark puts it: "It's actually quite insane when you think about how much duplication there is. A form comes in, somebody emails it to another person who goes 'Oh no, it's not my job.' Then it's in their sent items. They might do that three or four times, and then somebody prints it out and scans it into another system!"
Sound familiar? Perhaps it's time to peek into your organisation's digital "grandmother's garage" and start the clean-up, one bite at a time.