Today, the explosive growth in the volume and variety of content and data is unstoppable and nearly overwhelming. When an organization stores too much content and data with too few controls, it becomes a significant liability. Serious legal, financial, and reputational consequences can result if companies fail to implement an information governance strategy that takes control of business information such as unstructured digital content, structured data, and paper documents.
Evolving compliance obligations, including the EU’s General Data Protection Regulation (GDPR) and the NYDFS Cybersecurity Regulation (23 NYCRR Part 500), are driving the urgent need for governance, and, in the U.S., high-profile hacks, leaks, and data breaches amplify security risks and underscore the ongoing requirement to protect corporate data from spying, harvesting, and exfiltration. As of now, all 50 U.S. states, the District of Columbia, and many U.S. territories have data breach notification laws on the books.
For more articles on big data trends, access the BIG DATA SOURCEBOOK
As such, the need for information governance and an understanding of how to lay the groundwork for robust and legally compliant information governance has never been more urgent or business-critical. A comprehensive information governance policy will help safeguard a company’s data and reputation. It will also facilitate efficient responses to e-discovery or FOIA/FOI and GDPR requests. With GDPR, users can now demand a record of what information an organization has on them, ask to be “forgotten,” and request that their data be exported from an organization’s systems. In addition to meeting compliance needs, a data governance strategy can make enterprises more streamlined and efficient, because it helps prevent information overload by keeping only the most valuable content available for users.
Let’s explore the key questions to ask when building a plan, and consider the most effective best practices—including “invisible” information governance, holistic records management, building in extra controls, future-proofing, and the role of enterprise architects as agents for positive change. These are fundamental components for designing and implementing the robust governance policies that ensure the safety, security, relevance, and utility of enterprise and corporate data.
Information Governance Defined
Information governance encompasses the policies, procedures, and technologies that determine how an organization manages, secures, uses, retains, and disposes of its information. Information governance is designed to address the need for content management, security, and relevance of available data—as well as regulatory compliance.
Many organizations take the view that records management systems are sufficient for information governance and push back on upgrades for cost reasons, but traditional records management systems are just one part of a broader information governance program. Companies also need to consider issues such as data security and e-discovery—as well as data classification and privacy—and many have struggled with legacy records management systems due to low user adoption and a “bolt-on” approach that has difficulty integrating distributed content stores, mobile working, and the use of unsanctioned file-sharing sites. All of these factors add to the challenge of managing records in a consistent, compliant way, which is where a well-developed, strategic information governance plan comes in.