You may have asked yourself this question (or maybe you will now): What’s new with my information governance program? With the ever-changing scope of information governance from year-to-year and even month-to-month, it’s key to visualize how your information governance program can keep up with the times. Some of these growing concerns include:
- Collecting different types of business critical data in a legally defensible manner
- Meeting heightened regulatory scrutiny within your organization
- Handling increased structured and unstructured data (called Big Data)
- Retaining information without hoarding it “just in case” or keeping too little
- We need to delete redundant, obsolete and trivial data - who needs to sign that off
These and other issues are continuing to come up in the realm of information governance. To that end, let’s explore what information governance looks like in today’s business environment by answering these questions.
Who Owns the Information Governance Program?
It seems your IT team would be the logical fit to head your program, but because the biggest goal of information governance is reducing risk and preventing situations that could lead to legal liability and litigation, your legal department may play a significant role. Remember the primary role of IT is “keep the lights on”, IT maintains the assets but will not know what data is on these assets. Legal know what the key data is but not where it is stored on the IT systems - see the problem.
This issue over who owns information governance, IT or legal, may be a hybrid solution. IT and legal should collaborate on company-wide policies originating at the management level, thus ensuring regular data backups and appropriate preservation. Legal should make sure this data is handled in a legally defensible manner in case of a compliance audit or eDiscovery request. Each department’s differing area of expertise can help the company.
How Is Information Governance Different Today Than in the Past?
Modern Information governance arguably has its roots in the healthcare industry. England’s Department of Health decided to make a comprehensive platform for healthcare records management in 2003 when data was becoming a bigger issue. The National Health Service adopted this method and offered its own guidance. In 2011, ARMA International worked with the Electronic Discovery Reference Model (EDRM) on a white paper concerning the use of the principles with the Information Governance Reference Model (IGRM).
The focus was once on accessing frequently used data, which has shifted to security compliance, records management, and access logs. The volume and complexity of digital data has also increased, along with more organizations using cloud storage.
If you’re in the healthcare industry, for example, there are eight guiding principles on how to create an information governance structure (Information Governance: Principles for Healthcare, otherwise known as Information Guidance Principles for Healthcare [IGPHC]). These principles can help organizations, even those not in the healthcare industry, with their practices, including establishing and following company policies, coordinating transparent principles, building reliable audit trails, ensuring data protection, and handling compliance procedures with appropriate laws and regulations.
What Are Today’s Risks Versus Yesterday’s Risks?
As Big Data continues to grow, there are more concerns about how to collect, analyze, and preserve different types of data; plus, it needs to be done in a legally defensible manner. Deletion is a key topic across companies, everyone knows we need to delete data but no one is comfortable doing it. It is sometime surprising that when pressed many people in the business will respond with “Legal said we need to keep all that data as they may need to access it as part of X, Y or Z litigation hold”. Like many things in life with this default position of keep everything from an operation point of view you hit the “Risk before the reward”. Normally this is outside of the corporations own record retention policy too; this non-compliance is not advisable.
Web archiving has become a larger issue because there are more moving parts to capture, like embedded videos, third-party links, and social media apps. This is especially a concern as corporations nationwide have over 100,000 rules and regulations.
Information governance may be more complicated than in the past, but it’s one of the most vital aspects of your company’s overall security and data policies. Someone or some bodies need to OWN IT.