With more and more data in use by businesses, their customers and clients, it's increasingly difficult to track, monitor and protect it.
It seems clear from the number of data breaches in the past year alone that information governance is either not the priority or being addressed haphazardly.
Why should this be happening?
With data the lifeblood of businesses today, why are data breaches happening at all?
By definition, information governance is a consistent framework, applied across the enterprise that determines how employees will handle data. It is built around enterprise-wide strategic and business goals.
In principle, it covers data security, privacy, compliance requirements and enables e-discovery, among other things. But do businesses care? We decided to find out what industry thought leaders had to say.
Do businesses care about information governance?
Bob Larrivee, VP and Chief Analyst, AIIM
Larrivee has more than 30 years of industry experience including product management, R&D, marketing, sales and education. As Vice President and Chief Analyst of Market Intelligence at AIIM (Association for Information and Image Management), he is responsible for the development and delivery of AIIM's Industry Watch market research studies, custom white papers, infographics and video blogs. Tweet to Bob Larrivee.
The real question is how much or should much do businesses care about information governance.
Almost daily in the news there are stories of data leaks, hacked websites and compromised email security — across both public and private sectors. For example, following a recent UK data theft incident of 2.5 million customer records, the CEO of a major telecommunications supplier was questioned as to why she had not invested more to keep customer data secure.
The result of all this exposure through the media is an increased awareness of the need for information governance.
Compliance officers, data security managers, IT departments and records management departments are being brought together to identify gaps and opportunities to strengthen their corporate security and governance policies and practices.
While this is a good thing, there also needs to be strong leadership and a shared awareness of the potential issues that can arise as the result of poor information governance.
Adam Howatson, CMO, OpenText
Howatson joined OpenText in 2001. During his tenure, he has worked in product management, marketing, engineering, information technology, partner development, and mergers and acquisitions. Tweet to Adam Howatson.
More data is shared online every second today than was available across the entire internet 20 years ago — and for that reason alone businesses need to care about information governance.
In a recent survey of 1,200 organizations conducted by OpenText and AIIM, information security and information privacy were the two threats of most concern to the companies surveyed.
When combined with risks to reputation and regulatory compliance, the third and fourth ranks issues, you see a very clear picture emerging that information governance must remain a top priority for all businesses today.
PWC's recent report, the Global State of Information Security Survey: 2015, shows that organizations reported financial impact from data breaches as being up to 93 percent more costly in 2014 than 2013.
Couple this with the negative media coverage, impact on brand reputation and customer trust, and you start to see how a solid information governance approach can be vitally important in protecting information, reputation and the business' bottom line.
To say that businesses no longer care about information governance is to say they no longer care about customers, suppliers, intellectual property, revenue and reputation. Without a clear, strategic approach to managing enterprise information in a digital world, any organization risks being the next major headline; and not in a good way.
Sue Trombley, Managing Director, Iron Mountain
As managing director of thought leadership, Trombley provides the information management and governance communities with new ways of thinking to make their jobs easier and showcase their value. She writes and publishes content, speaks at association meetings and conferences, hosts and presents webinars, writes blogs, and has a podcast series. Before her current role, she led an Iron Mountain consulting group responsible for business development.Tweet to Sue Trombley.
Information Governance. When the term became universal a couple of years ago , the jury was still out: was IG hype, just another industry buzzword that would soon fizzle out, or was it a fresh approach to managing and leveraging information within an organization?
The records and information management (RIM) community tackled this question by embracing the concept of IG.
Professional and industry associations, the EDRM (a group established to address the lack of standards and guidelines in the e-discovery market) and Sonoma Conference, vendors and SMEs made it their mission to create a general IG framework that identifies organizational constituents and actions for the efficient and compliant management of information, regardless of industry.
Whether an enterprise has an official program or not, most are embracing the significant components of IG. The growing use of data analytics by necessity, forces all business units to fully utilize data for the benefit of the enterprise as a whole.
Efforts to mitigate data breaches are also demanding conversations that cross operational boundaries, making collaboration about information use and management an increasing occurrence.
Ramon Chen, CMO, Reltio
Ramon Chen is the Chief Marketing Officer at Reltio, developer of a master data management (MDM) platform for life sciences.
Before joining Reltio, he held positions at Veeva Systems, RainStor, Siperian, GoldenGate Software, MetaTV, Evolve Software, Sterling Software and Synon. Tweet to Ramon Chen.
Information governance has long been a topic that a compliance professional could love. But what appears boring is actually one of the critical issues of the new information economy.
Poor regulatory and compliance reporting and enforcement leads to billions in fines every year across all industries. Beyond fines, companies face further losses in the form of a hit to their brand, when such issues surface into the public domain.
With the age of big data receiving notoriety, information governance is once again in the spotlight. Going hand in glove with it is master data management, the discipline of create a single 360 view of a customer or product, across multiple silos.
In today’s environment with data circulating across the enterprise to help each group such as sales and marketing, do their jobs better and faster with relevant insights, governance of that data becomes an even more complex task.
The poor compliance professional has always been short changed when it comes to technologies that help them enforce compliance. Traditional tools offer retroactive reporting to highlight violations, but correcting issues at the source, auditing and alerting compliance teams prior to violations, tracking who has received the right training, has always been missing.
John Power, Founder and CEO, Ostia Solutions
John Power is the founder, principal design engineer and CEO of Ostia Software Solutions Limited. He has more than 30 years of experience in the software industry with particular focus on large scale business critical systems from back end database engines, through middleware to the delivery of data on platforms such as Linux or Windows. Tweet to Ostiasolutions.
Business cares more than ever about information and data governance. Organizations must fully understand the information they are holding, how they classify it and how they use it.
According to the Irish Government Risk and Compliance Technology Centre, within the European Community alone, there are 12 new regulations per day being landed on organizations dealing with personal or financial information.
For example, most, if not all data cannot be used in testing. The testing issue can be addressed by using synthetic data (data that is realistic and valid compared to the data model but doesn’t represent real people) or masked data which is needed where test data with complex inter relationships is needed.
Masked data is more problematic, as in some cases, identity may be inferred by the data in the records which has not been masked.
Business must rise to the challenge posed by these regulations. Ignoring the issue is likely to leave the business exposed and having to deal with future exponentially difficult problems. Implementing a set of information governance policies today, supported by appropriate software tools, can give the business the control and assurance required.