What is information governance?

What structures, policies, procedures, processes and controls are needed to manage information in the enterprise?

information

Businesses are constantly seeking to ensure they are fully compliant with regulatory demands over data sharing and information governance - especially in light of GDPR, which came into force on 25 May 2018. But beyond this, large organisations are always seeking to improve their data and information governance skills more generally.

Information governance, according to the Data Governance Institute, is a system of decision rights and accountabilities for information-related purposes. The institute says these are "executed according to agreed-upon models, which describe who can take what actions with what information, and when, under what circumstances, using what methods".

This may also offer employees a reliable avenue for dealing with the host of different regulatory and legal hurdles that apply to handling customer or user data. With various pieces of legislation in force simultaneously this could be confusing.

These include The Computer Misuse Act 1990; The Data Protection Act 1998; The Human Rights Act 1998; The Freedom of Information Act 2000; and The Privacy and Electronic Communication Regulations 2003, as well as the GDPR-inspired Data Protection Act 2018.

Important targets

Information governance offers a framework to bring together aspects of data handling into one single, over-arching policy, ensuring it complies with all relevant data laws. This not only makes it easier for employees to access the information they need to run their day-to-day tasks, but it also means the entire organisation is more likely to be compliant.

Information Governance can also help cut costs associated with the collection, management and storage of data, allowing firms to take advantage of low-cost cloud services they perhaps would not have been able to use in the past, because of the sensitivity of the data they hold, for example.

Because the data is already compliant before employees access it, workers are able to use it freely to make better business decisions, ultimately resulting in higher levels of productivity across the entire organisation.

As part of information governance, the company will also need to outline and adhere to their individual data strategies, policies and standards, ensuring everyone in the organisation understands them and is using them as a unified entity. There's no point having policies and strategies if not everyone is using or sticking to them, including management and the board.

Information governance should be the centre of IT strategy and it should be used to dictate how data management projects and services are developed and implemented.

Measuring success

Organisations can measure the success of their information governance efforts against the following:

  • Has the application of information governance practices fixed any outstanding problems that led to its original deployment?
  • Are data standards well-defined and comprehended by users who need to be mindful of them?
  • Is data and information of a superior quality or of better use as a consequence of the modifications made?
  • Do users within an organisation recognise the main parts they play in information governance within their department?

Best practices

When implementing an effective information governance strategy, it is crucial to follow best practices.

Have executive sponsorship the success of information governance within an organisation often;rides on executive sponsorship of the initiative in order for it to remain a priority.

Know your starting point Before you can figure out where your information governance initiative takes you, you need to assess your starting point and incorporate this into your initial governance strategy.

Be realistic Always make sure that your organisation's information governance project has a realistic and achievable starting point. Start small, build up and develop successes to promote information governance to the wider user base.

Have checkpoints with specific milestones, an organisation can check what is and isn't working in order to make changes and ensure the long-term viability and sustainability of the project.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Most Popular

80% of cyber professionals say the Computer Misuse Act is working against them
Security

80% of cyber professionals say the Computer Misuse Act is working against them

20 Nov 2020
Cisco acquires container security startup Banzai Cloud
Security

Cisco acquires container security startup Banzai Cloud

18 Nov 2020
350,000 Spotify users hacked in credential stuffing attack
Security

350,000 Spotify users hacked in credential stuffing attack

24 Nov 2020