Modern enterprise necessitates the control of huge amounts of data. From creation through to storage and finally, safe disposal, information governance is the process of applying set rules and procedures to ensure the responsible management of this data.
In years gone by, information governance largely related to physical records and files, but with the advent of enterprise technology, a much wider variety of data sources needed to be recognized. From SMS messaging through to email communications and database records, today a wide range of electronically stored information (ESI) must also be accounted for within a solid information governance strategy.
In this article, we’ll explore ten ways to ensure your organization is approaching information governance in an effective, responsible and compliant manner.
Before designing an information governance strategy to suit the needs of your organization, it’s essential to obtain a clear understanding of the legal requirements and compliance needs that apply to your industry.
In certain highly regulated sectors, such as Law, Government, Financial Services and Health Care, additional stringent requirements will need to be factored into the scope and method of your record keeping. Even outside of these industries, many directives apply universally, especially with regard to privacy laws such as GDPR.
Not only will you need a clear understanding of the time frames and methods of collection that your data will be subject to (as defined by state, federal or local regulatory agencies,) you’ll also need some kind of process in place to ensure you are aware of any changes that occur with regard to these requirements.
This brings us neatly on to our second tip – the appointment of data custodians, in every department. Data custodians are responsible for the way that data flows through a business. From the safe collection and archiving of data, through to the way it is transported and stored, a data custodian will oversee the implementation of an information governance system.
The way that data moves through an organization is constantly changing. New sources might come into play (for example, the addition of a team collaboration platform) or the threat of a looming litigation could necessitate temporary changes to retention scheduling.
By having a dedicated data custodian assigned to every department, you can be reassured that data integrity is being maintained, technical safeguards are in place all times and that any necessary updates or changes to your information governance strategy are flagged for swift implementation.
The everyday processes and actions linked to good information governance are likely to impact many members of your organization, not just your appointed data custodians.
To ensure full appreciation of the importance of the processes you’ve put in place to protect your data, make sure their purpose and function is clearly explained to all relevant parties, beyond the stakeholders responsible for the creation of policies.
Good data stewardship is the responsibility of everyone involved in the business, and is ultimately for the benefit of all – dedicating time and resources to educating staff in these matters helps to reinforce this understanding.
When looking to improve information governance within an organization, it is important to pay close attention to any silos or isolated elements of procedure that might be developing.
By working to create an interconnected and cross-functional flow of data, the whole structure of information governance is strengthened, and issues are more likely to be recognized and addressed before they develop into serious problems.
Another tactic which can help with the development of a solid and dependable information governance framework is the creation of a detailed data map (or data inventory.) This provides a definitive resource to help track all sources of information, and can be an eye-opening exercise as you start to take better control of your data and realize just how much is being generated from a wide variety of sources.
Although individual departments may be collecting data for their own purposes, it can still be easy to overlook certain data sources – especially as enterprises scale and increase their use of social media, communication tools (for example, recorded Zoom calls) collaboration platforms such as Slack or Teams) and productivity resources (such as Asana.)
Keeping comprehensive records is one piece of the information governance puzzle, but it's also important to remember that data is retained for a reason: to be reviewed when specific information is required. Access to information held within your records is essential, and if this functionality is overlooked or seen as less of a priority, you’ll soon run into issues when an urgent need arises to access specific information.
Keeping records in an indexed and searchable state is an important element of information governance. It enables responsiveness, efficiency and helps to avoid costly delays to the provision of ESI that may be requested as a part of the eDiscovery process, linked to litigation.
Keeping records is important – but so is the art of not keeping them. It’s important to set up clear retention policies that clearly outline the procedures and timelines you have in place regarding the scheduled deletion of records from your keeping.
These policies should be clearly communicated to everyone impacted by them. Additionally, you’ll need measures in place to override scheduled deletion, for example if a legal hold is requested to protect certain data sets associated with a litigation case. For more insight here, explore the differing requirements implied by data retention versus data preservation.
Plan to save data in original file formats such as HTML, CSS and PDF. This means you’ll have no issues opening records and don’t run the risk of data loss through conversion. Additionally, storing in original file format means your records are much more likely to meet regulatory requirements in more highly regulated industries.
Storing records in an unalterable format—a format that is non-rewritable and non-erasable provides a clear way of demonstrated that archived content has not been edited – very important if it is to be considered as evidence within a legal case.
The WORM (write once, read many) format is popular, allowing data to be written to a disk once, with no ability to edit, rewrite, erase or rename the file from its original state. Aside from guaranteeing authenticity, WORM storage can also help the accidental deletion of important records.
As with any business strategy, it’s essential to set clear parameters for success. Without the ability to measure your performance and results, you won’t be able to gauge the effectiveness of your information governance policies, and improve them over time.
Make sure you have a clear idea of the metrics you’ll use to measure your success. As the demands on businesses with regard to Governance Risk Compliance increase, having a dependable method for measuring the success of information governance will doubtless become an increasingly important area of focus.
A solid information governance model is essential to the long term security and success of a business. As the amount of information generated daily by modern enterprises increases, and the number of sources creating this data expands, it’s never been more important to have a solid plan of action and demonstrable policy in place.
The requirement for information governance isn’t going away – in fact, the need is only going to increase over the coming years. Regulation continues to tighten, and the number of litigation cases calling for the production of ESI through the discovery process is rising.
With all this in mind, take decisive action to implement and improve information governance within your own organization, laying the foundation for a strong and flexible policy that can meet and match the future requirements and higher standards all industries can expect to be held to.
Looking for a ready-made information governance model that specifically addresses data from online sources commonly leveraged by modern enterprise? Download our free blueprint: Managing Modern Data Sources for Compliance and eDiscovery.