October 30, 2016
Information governance (IG) has a wide range of varying definitions, depending on whom you ask. Some consider it to be an amorphous collection of policies that are difficult to translate into the real world. Others view it as a holistic strategy document, or a series of discrete, tactical projects that implement best practices in data security or storage optimization.
Organizations struggle with the notion of information governance for a variety of reasons. Some lack the executive support necessary to get programs off the ground, while others feel hampered from executing on small, tactical projects due to their legal or regulatory profile. Equally confusing is the purpose of IG ‘whether it is intended to reduce storage costs, improve e-discovery or impact corporate risk and security.
When executed well, IG can accomplish all of these things and more. But one of its most meaningful results is the differentiation of data types and stronger security protocols around a corporation’s most sensitive data. Because not all enterprise data is created equal, different data requires differing levels of protection. As we’ve learned from the long list of publicized data breaches, there is an increasing need for companies to get smarter about locating, organizing and securing their truly sensitive data.
For the vast majority of organizations, progress on this front is gradual. This was illustrated in a recent study of inhouse lawyers, examining the health and success of IG programs within Fortune 1000 corporations, which found that most are in the early stages of IG adoption. In the study, data security was the top recurring theme across responses when participants were asked about IG drivers within their organization. And while 76% of respondents confirmed they have IG programs within their organization, there were more than 30 areas of focus listed.
Regarding data security efforts, many corporate teams agree that initiatives can be parsed into four key areas: 1) Securing sensitive personally identifiable information for clients, patients and employees; 2) securing sensitive company intellectual property; 3) creating a tiered security network to protect against security breaches; and 4) developing protocols and systems to ensure secure access to the network for partners and other approved third parties. Addressing each of these buckets with focused projects helps protect the organization’s data from internal and external threats and makes it easier to tackle the seemingly insurmountable task of arming the company against a data breach.