Consider for a moment the amount of data that businesses generate on a daily basis. Add in the increased connections through mobile devices, cloud computing and social media. This leads to a multitude of concerns, including costs, risks and security, as data is stored in disparate locations. And then there are industries like government, finance, health care and legal services that have to comply with different laws and industry regulations, which can make managing data very cumbersome.
The need for information governance was never as mission critical as it is today.
Information governance, records management and e-discovery solutions have long been viewed as essential for global organizations that handle voluminous amounts of sensitive data. Managing mountains of data can be daunting. Initially the task fell on the shoulders of the records management team. Now as documents move to digital, employees work across the globe, social media is embedded in our lives, litigation risks have increased and corporate budgets are scrutinized, business leaders and board members are starting to take notice and take charge, but many businesses lag behind.
The US National Archives and Records Administration recently warned about upcoming challenges for records management as we become a more connected world. Faced with the need to maintain and monitor this increasing amount of data and, at the same time, ensure compliance with various government mandates, industry regulations and corporate policies, businesses turned to a more robust governance system.
Many companies rely on information for customer support, operations, product development, human resources, and finance and administration. Because data is one of the most critical assets businesses have, they need to create conditions and jurisdiction-aware policies, and enforce them on a regional and, in some cases, global level.
But what does this all mean? In essence, information governance policies outline the appropriate actions that should be taken on a document during its lifecycle. This includes who has access to the documents and who maintains it, where it can be stored and for how long, when documents can be anonymized and declassified, and what to do if it needs to be put on a legal hold. This ensures that the company is managing information securely and efficiently.
It’s no longer just ensuring that data is kept: it’s ensuring that the right data is kept for the right amount of time and in the right place.
Where do we start? With all these complexities, rules, policies, it can be confusing and many don’t know where or how to take that first step.
Start at the top. Form an Information Governance Steering Committee that includes all the key stakeholders -- this includes CEOs, CIOs, legal counsels, IT directors, records managers, risk and compliance officers. This committee sets the vision, objectives, goals and oversight for the company’s information governance strategy, which should then get translated into a set of policies and actions that can be systematically enforced. The strategy needs to be transparent and shared with the stakeholders and across jurisdictions.
Implementing information governance company-wide can be tricky -- it needs to be practical and aligned with the corporate agenda, include a timeline, communications plan and training for staff. This keeps everyone on track and prioritizes each activity. When rolling the program out, start with the end in mind -- eventually, it will encompass all business units, geographies, IT systems and jurisdictions.
Finally, shop around for a solution that will ensure visibility into policy enforcement. Some solutions are advertised as being helpful and successful but these solutions cannot do it alone. They must have support and assistance from IT, legal, compliance and records management groups. The closer these departments are in their efforts, the more successful the business will be in achieving their information governance plans.