What is Information Governance?
Managing and securing vital company data? It’s key to risk mitigation and regulatory compliance. So what’s driving that need, and what are various components of an Information Governance initiative?
The bedrock and lifeblood of modern business? Data and information. The amount being generated by businesses? That’s growing at a mind-boggling rate, and managing that data deluge? That’s just as big a task, with numerous aspects.
Just two of the data management complexities companies are having to cope with..?
Dealing With the Three V’s: More firms now depend on Big Data, and it’s defined by three key vectors – volume, variety, and velocity. Each of these is expanding in scope all on its own. Mishandling any one of them can create hazardous outcomes:
Facebook, for example, stores upwards of 250 billion photographs, belonging to over 2 billion users, along with a trove of other data about them. But the social network endured serious reputational damage in 2018 when the public learned how it was allowing other firms to use personal data. And as it turns out, most people aren’t aware of how Facebook categorizes their personal data – and aren’t comfortable with it.
Remote-Located Workers: More and more employees, stakeholders, and customers are dispersed in more locations than ever. They may want or require access to a company’s files and data to do their jobs. That’s a particularly knotty challenge if it’s a large or global enterprise.
It’s a fact of business that more workers are working remotely, on a wide range of devices, So an enterprise has to find ways to balance access and data security:
- The number of U.S. corporate employees working from home rose 140% between 2005 and 2018.
- How many work from home at least half the time? 4.3 million.
- During 2015-2016, the number of telecommuters shot up 11.7%.
So what’s the point of information governance?
First off, let’s define it. Information governance is a business’ strategic approach to managing information that’s essential to its operations. That’s regardless of it being digital, paper documents, archived records, or in other formats.
Information governance can consist of a variety of policies, procedures, controls, training, and technologies, all geared toward helping a company satisfy different demands – from regulators, legal authorities, customers, stockholders, or other stakeholders.
The balancing act here? A CIO or data management professional has to consider the proper use of data and information versus those regulatory and security standards. In the end, they’ve got to extract a number of outcomes from their information governance program:
One regulator’s cost for bad data governance?
Under GDPR, recordkeeping failures could contribute to a firm being penalized up to €10 million or 2% of its global gross revenue, whichever is higher.
- It must empower legal compliance and risk mitigation
- It should enhance operational transparency
- It ought to reduce the likelihood, instances, and costs of regulatory penalties and legal discovery
- It has to maximize the value of data to the enterprise
So what disciplines make up “information governance”?
Corporate information governance is not a simple architecture, by any means – not if it’s going to work. Any successful information governance program is made up of a fair number of moving parts. Here are some of them, but it’s hardly a complete list…
This is the practice of controlling access to data, and eliminating unnecessary access to mitigate risk. For instance, employees might be able to access information they don’t need to do their jobs, or may try accessing it via unsecured channels. In healthcare, financial services, or other heavily-regulated industries, imposing access governance isn’t just about protecting competitive information or internal policy: it’s a mandate of regulatory compliance.
Enterprise Content Management
This is the strategy and practice of managing the capture, storage and delivery of data and content by using appropriate technologies, allowing a company to control and make sense of all its unstructured data, wherever and whenever it exists inside the organization. Without ECM, data and documents can end up in silos, dispersed in different formats across different devices, or lost altogether.
Audit trails – also called audit logs – are crucial to satisfying both internal and regulatory reviews, since a lack of them can prove ruinous, especially in highly-regulated sectors. They’re chronological records that document the chain of activities involved in a certain program, workflow, operation, or event, and should also have relevant assets attached like documents, emails, meeting records, and so on.
Know Your Customer (KYC)
KYC is a term and best practice that’s applied, in particular, to banking and anti-money-laundering regulations in the financial services sector. It’s the process for verifying the identity of clients or customers, as well as doing risk assessments of any potential criminal or legal issues in that relationship.
Single Source of Truth
It’s also known as SSOT, and it’s about structuring data architectures so that each and every data element – a contract, for instance – is stored just once, so it’s the only valid and up-to-date version. Typically, storage happens in a single centralized data repository, preventing duplicate or “de-normalized” copies, so everybody in the business is only working from the same authoritative data.