Extract from Joe Mulenex’s article “7 Best Practices for Information Governance”
Information governance is the set of rules used to control the creation, management, storage, and ultimately the disposition of data within an organization. It governs data from paper files, phone records, and voicemails to electronic data like emails, spreadsheets, word processing documents, presentations, database records, and new types of electronically stored information (ESI).
As a definition, it works well, but in practice, it doesn’t necessarily tell you how to get from identifying the need for IG to having an effective, functioning set of policies and procedures. Fortunately, in Exterro’s Basics of E-Discovery, we dig a little deeper, looking at some challenges you might face in your IG program, as well as some tips on how to get started.
Recently, with the advent of new data privacy laws like the EU’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA), it’s also important to consider how your IG policies and procedures interact with your Data Inventory. These two concepts are essentially interchangeable these days—and unfortunately, privacy regulations are accelerating worldwide, creating new risks. So, let’s talk about some best practices you should keep in mind when designing your IG plan, and how that interacts with your organization’s data map.
- Create a cross-functional team. Information governance policies must reflect the needs and goals of all stakeholders, not just legal and IT. That includes groups like compliance, risk management, human resources, data privacy, information security, and the various business units in your organization. Each of these groups must be present from the planning phases. They need to have a voice in defining risks, metrics, and the criteria to help facilitate a successful Legal Governance, Risk, and Compliance (GRC) strategy—which is critical to the success or failure of any IG program.