- What is SharePoint 2010? Vision and Reality
view comments - Knowledge Management in 2012? Probably Dead
view comments
- Wrapping Your Head Around the SharePoint Beast
view comments
- iPad 3 vs. New Samsung Tablet: War Starts in February
view comments
- Is There A Business Case For Using SharePoint as an Enterprise CMS?
view comments
- 5 Critical Steps to SharePoint Information Architecture Planning
view comments
- Alfresco Enterprise 4: Social, Collaborative, Mobile, Cloud Connected Content Management
view comments
- iOS 5.1 Update Does More Than Fix the iPhone's Battery Issues
view comments
Receive
the Free CMSWire NewsletterThe Cost of Information Misgovernance, and What You Can Do about IT
By
Jun 25, 2009
1
comment
1
comment
Information governance — historically a bottom-up practice and now the responsibility of Governance, Risk and Compliance (GRC) managers — has been pushing its way into boardrooms around the world. Sarbanes-Oxley, HIPAA, The Basel II accords and similar regulations have triggered this trend.
The problem is that the concerned parties rarely speak the same technical language. Modern enterprise information management systems are helping to address the problem but there are still a few secrets to success. Here are some things to keep in mind during your initiatives.
The terms “corporate governance” and “information governance” no doubt sound similar. Many people focus only on the “governance” aspect of both, and assume that they are different names for the same discipline.
But for too long those who specialize in both fields have paid too little attention to each other — a disinterest that courts and regulators are now forcing to an end. Corporate governance — the role of boards and top management in overseeing, administering and monitoring a company, is very much of a “top-down” field. Information governance, which oversees the performance and risk management of information technology (IT) systems, would seem to be a very “bottom-up,” tactical item at the bottom of a board’s agenda. Yet IT and data management have been pushing their way up on that boardroom agenda for some time.
How Technology Became the Board’s Business
The first IT moves we saw in the boardroom came a decade ago, when the technology costs and potential dangers of Y2K problems became a boardroom concern. But the costs and legal liability for managing (or mismanaging) electronic data did not fade with the Millennium, and have in fact spiked higher over the past several years.
The federal Sarbanes-Oxley Act of 2002, particularly its Section 404, mandated a strong internal control environment, including the electronic data needed to prove it. The Health Insurance Portability and Accountability Act (HIPAA), which became effective in 2003, imposed tough data privacy and protection mechanisms for any businesses related to health care. The Basel II accords on banking in 2004 required robust data storage and retrieval capability. The Personal Data Privacy and Security Act, and its subsequent updates, set complex information security rules for government agencies and their private contractors.
Legal requirements on how companies must preserve and produce data also grew rapidly. In late 2006, new amendments to the Federal Rules of Civil Procedure (FRCP) regarding electronic discovery of evidence became effective. These codified, and in some ways simplified, electronic evidence discovery matters. But the new FRCP rules also forced companies to better organize their data management processes.
The High Cost of Information “Mis-Governance”
Corporations have learned the hard way that these requirements have teeth. In 2008, non-compliance with FRCP data discovery demands in litigation cost UBS Warburg $29 million, and Merck a whopping $253 million. But even playing by the new data governance rules can cost a company if the information is badly retained and organized. Recently, a Fortune 100 corporation, in seeking to acquire a competitor, learned a hard lesson on information governance when it scrambled to meet government antitrust disclosure demands. Over 150 workers spent 10 weeks reviewing material, including 1.5 million emails alone.
Organizations not directly involved in an investigation also suffer nowadays if they lack modern information governance processes. A small government agency had only peripheral involvement in the investigation of Freddie Mac. The general counsel of this small, under-funded office had signed off on an e-discovery request to search their email and files, assuming the cost would be minor. But the inaccessibility of the data required an army of attorneys and staff to perform a hands-on physical review — all billed by the hour. The “minor” cost came to $6 million, and this for a non-party to the litigation. By the way, this agency sought relief for this crippling cost, but was turned down by an appeals court. The court’s reasoning? The general counsel should have known what he was letting the agency in for when he approved an open-ended e-discovery process.
Continue reading this article:
Email ItFeatured Events View all
| Add event
| 
RSS
- Feb 22, 2012 – Intelligent Content Palm Springs 2012
- Feb 26, 2012 – SPTechCon - Sharepoint Conference San Francisco 2012
- Feb 28, 2012 – (Webinar) How to Build Great Mobile Websites
- Mar 6, 2012 – Get Social with Microsoft & Telligent in Dallas
- Mar 8, 2012 – Get Social with Microsoft & Telligent in New York
Who's Hiring? View all
| Post a job
| RSS
- Technical Writer in Charleston at Blackbaud
- Interaction Designer in Maryland at Inmedius
- Project Manager in London at Brandworkz
- Sales Director, Consumer Electronics at Synacor
- Regional Sales Manager - East Coast at Elcom
- Communications and Web Content Manager in New York- at Common Ground
- Business Development Specialist in Boise at Balihoo
- Director of Corporate Marketing in Charleston at Blackbaud
