20 July 2018
Records and information management, information governance and data governance are a few of the many names that describe the contemporary businesses science that prioritizes defining and establishing the attributes necessary to maintain order, efficiency and control of the data in information systems.
Lying at the intersection of such areas as IT, legal, privacy, security and compliance, data governance is an important, yet often overlooked, part of the strategy that defines large firms, entities and organizations. To have a data governance strategy means giving data the same amount of attention often assigned to risk and waste, safety and customer service. Data stewardship is the process of leveraging the attributes to maintain order and security over the data.
A fully mature strategy of data governance exists when there is an internal authority managing data events, a set of processes to lean on where the data is concerned, and the continuous refinement of processes for organization, efficiency and control. This post highlights five of the key aspects of a mature and capable strategy to govern corporate data.
1) Volume of information
Each transaction adds to the millions of bits and pieces of data that exist in heaps of documents (physically, or as is increasingly more common, electronically on servers and in the Cloud). There is a tendency here for organizations to lose their understanding of what types of data are stored where, which leads to an ensuing loss of security and control over how data is comprehended, the contexts it exists within and the manner in which it is used.
The risk comes in at the point where an organization must respond to a discovery or regulatory query, determine its compliance with regulations concerning a customer’s privacy, or tries to impose a new policy for records retention, etc. Getting control over this process starts with a system that can efficiently and comprehensibly sort and preserve data.
2) Multiplicity of systems
As an organization grows, not only does the volume of information it needs to keep track of increase, but there’s also a proliferation of different ways in which this information is collected, processed and exchanged. A merger can bring in a new subsidiary that has its own established practice of data governance that may need reconciliation with existing standards. External organizations, especially regulators, will have their own means too, and dealing with them is an increasingly complex juggling act.
Because of the proliferation of different systems for data management in the increasingly rapidly shifting business world, many organizations are implementing policies such as bring-your-own-device (BYOD) models compatible with the vast array of tech staff will bring to bear on data, while others enforce a single standard by issuing their own tablets and other devices.
3) The autonomous discovery process
Time was that the collection and sorting of data important to legal discovery was left in the hands of the IT department, with the rest of the staff viewing data management as a “black box.” As long as it was effective for what it was needed to do, understanding how it worked wasn’t terribly important.
This is starting to change, with recent rulings that have seen judges penalize organizations for not taking greater ownership over their discovery process. Because of this, discovery is itself emerging as a distinctive in-house area that requires its own strategy.
4) Responding correctly to regulations
The consideration of discovery cannot be disconnected from the wider realm of regulatory compliance. A multinational organization is probably governed by many standards that seek to protect consumers and ensure privacy rights by establishing what information it needs to retain, how to retain it, and how it can be legally transmitted internally and externally.
Basel III, laws by the Securities and Exchange Commission in the United States, and the EU Markets in Financial Instruments Directive are some examples of the standards by which a multinational organization will be measured, often simultaneously by different ones. Making clear and rigorous standards that not only ensure compliance, but that encode best practices of data management into an organization’s DNA, is the high—but necessary—bar to reach.
5) Outsourcing of data management
In the past, outsourcing was frequently seen as a risk to data security insofar as it added new parties and infrastructure outside of the organization’s custody and hence prevented a full accounting of the risks to data. However, leaders are realizing that with the increasing interconnectedness and openness of approaches to data brought on by the internet and the Cloud, what is needed is not a strategy to protect everything—a practical impossibility—but more and more turning to effective outsourced platforms that can be tailored to the needs of smartly protecting an organization’s critical assets.
Blueprint OneWorld’s data and document software offers a number of secure, elegant and affordable solutions to some of the problems discussed above. Our system can also relieve you of many of the headaches of legal compliance through automated creation, checking and filing of statutory forms in a number of different frameworks. We hope to be your organization’s entry point into a reliable and effective strategy of document management. Please call or email us today to discuss these and other solutions.