An area of growing importance in information management (IM) is the concept of information governance. The term data governance is sometimes used as well, but I find this term to be rather narrow in scope, as it is often used to refer to data resources, rather than the broader concept of information. Information governance is defined by Gartner as:
The specification of decision rights and an accountability framework to ensure appropriate behavior in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles and policies, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.
Some information management activities that fall under information governance include:
- Records management
- Regulatory compliance
- Storage and archiving
- Information security
- Risk management
The need for information governance is driven by a number of factors, including:
- Exponential growth of digital data
- Increased complexity of regulatory environment
- Business value and risks are often unknown and unmanaged
- Increased sharing of information outside the organization
- Prevalence of social networking and mobile applications
- Increased risk of security breaches or data loss
In most organizations, the volume of information continues to grow exponentially and has become more mobile, making the job of protecting it even more difficult as requirements to do so increase. Information managers must deal with ever-increasing and more complex legal and regulatory requirements. Legal discovery requirements continue to become more standardized, with courts having less tolerance for noncompliance with established standards.
Good information governance makes good business sense. Most organizations are quickly realizing the need to manage information more effectively on an enterprise basis. The evolution of information governance is an essential business requirement to mitigate risk, reduce cost, and increase revenue. Market pressure for increased revenue is driving efforts to find creative ways for organizations to leverage the large volumes of information they retain to increase market share, drive revenue, and maintain a competitive advantage. Organizations often become aware of the importance of information governance when they face a data breach. Organizations are becoming increasingly aware of the financial implications of data breaches, both in terms of costs incurred in dealing with these breaches, as well as those associated with the damage to an organization’s reputation. The figures below show some of the costs involved in Canadian data breaches in 2016, based on a study conducted by the Ponemon Institute:
Information governance is a key component of the Records Management course I teach in the Master of Information Management program. In my next post, we will look more closely at information governance principles.