Far from being a corporate buzzword, information governance has become a critical part of business operations for companies of all sizes. As an increasing amount of business transactions and communications take place online, businesses must create policies and procedures for managing the vast quantities of data and information flowing in and out of their virtual doors.
Legal vs. IT vs. Management
This raises the question: Who should be in charge of it? At first glance, any policy with “information” in the title may seem like it belongs squarely in the IT department. After all, data and information comprise the IT department’s realm of expertise.
On the other hand, one of the primary goals of information governance is reducing risk and preventing situations that could give rise to legal liability or litigation. There is no question that information governance has a strong legal component.
Furthermore, shouldn’t directors and corporate managers have a say in overarching company policies? The second that an employee sends an email, a company should be thinking about information governance.
However, information governance is more complex than simply making sure the company is backing up its data or updating its virus protection. It’s also much broader than a question of honoring the letter of the law or creating companywide policies that originate at the management level. In many industries, federal and state regulations dictate what types of data must be preserved or encrypted.
Big or Small: Corporate Governance Is Important
Moreover, these issues have begun to affect businesses that traditionally never had to concern themselves much with information management. If your business uses email, credit card processing, online shopping, apps, or Internet banking, your company needs firm, well-developed policies and procedures in place for managing the growing amount of digital information that your business produces and receives.
What really works is a team approach. By tapping the wide range of experience and interests in your organization, you are more likely to develop corporate governance procedures and policies that protect your business.
Creating Your Corporate Governance Team
Instead of putting your corporate governance in the hands of one department or another, best practices include pulling from several departments and company experts to build a corporate governance team.
Because corporate governance is such an important element of any company’s success, it also makes sense to create a group or committee specifically committed to identifying needs, brainstorming ideas, and setting the budget for any funds needed to make policies and procedures a reality. For example, a business may require an app or system for archiving data, a third-party vendor that offers cloud data storage, or even internal systems that monitor employees’ interactions and posts through email and over social media. All of these issues contain elements that fall within the realms of IT, legal, and management. In most cases, more than one department will have valuable insight into how data affect specific areas of the business.
Once the committee has identified action points, the appropriate team members can take the lead on implementing policies. In these cases, one department may naturally be more suited to performing a particular task. For instance, IT is a likely choice for providing Internet use education and training to employees, whereas the legal department could be tasked with creating written corporate policies.
The important thing is that the corporate governance committee continues to meet regularly and continues to refine and reexamine the company’s information and data policies. Data—and the technology that powers them—is constantly changing. To succeed, businesses must be willing to adapt when necessary and to anticipate changes as they approach.