2017 was rife with data dangers. Nary a day passed without headlines of massive data breaches and ransomware attacks; Russian election-meddling through WikiLeaks and social media; fake news; and presidential tweet-storms. Disruptive information-driven technologies continued to emerge, from block-chain to biometrics, IoT, AI, and robotics. Meanwhile, the sheer volume of our personal and business data inexorably grew.
What better way to start 2018 than with a renewed commitment to Information Governance? So, here are a dozen reasons why your organization should govern its information, in 2018 and beyond:
“If your clients don’t have a records management system, they may as well take their money out into the parking lot and set it on fire.” District Court Magistrate Judge John Facciola
We know, because we track them. Your regulators expect you to know them too.
“You’re going to be hacked. Have a plan.” Joseph Demarest, FBI Cyber Division
Hacked company systems frequently contain two, three, or even four times more data than was needed for retention compliance or any valid business purpose. It’s not possible for a breach to compromise the security of information that compliantly no longer exists.
In our data-driven world, how well your organization manages information tells you, and tells the world, how well you manage your business.
More storage is simply a reaction, not a strategy. And adding technology tools, without the right rules, only makes things worse, not better.
Disposal of data in good faith, pursuant to a compliantly established and legally validated data retention schedule, and absent an applicable litigation preservation duty, is both responsible and defensible.
Actually … data is simply data. Calling some data “bad” distracts us from the true issue, which is the quality of our business practices in creating, retaining, and using information to make decisions.
Your litigation preservation duties do not vanish for information hosted elsewhere but still in your control; your data security obligations do not evaporate when you house protected data with a service provider; your imperatives of data integrity and accessibility have no exceptions based merely on data storage location; and your records retention and destruction rules do not disappear if your data is hosted remotely. You still need to govern information compliance and risk for your data in other’s custody.
Companies commonly possess third-party data. If your agreements don’t clarify permissible use, ownership of derivative information, retention/disposition, privacy, security, and litigation preservation and production obligations, you have risks and exposures without any rules to protect you.
Privacy, data security, retention, litigation preservation, and defensible disposition aren’t separate issues. They all interrelate, springing from the data itself. How you handle information compliance, cost, risk, and value should be integrated as well, in an information governance strategy.
… and that leaves the most important reason of all:
1. Regardless of industry, you’re in the information business.
It doesn’t matter what products you sell or services you provide. In today’s world, the success of your business – indeed, its viability – turns upon information.
Consider the attention and resources you apply to your other strategic assets, such as your finances, your facilities and equipment, and your people. You make those investments because it would be foolish not to manage their value, costs, and risks. Your information deserves no less.