Robert Fulghum, who brought us All I Really Need to Know I Learned in Kindergarten, sagely mused “[t]hink what a better world it would be if all … had a basic policy to always put things back where they found them and to clean up their own mess.” So true, throughout our lives, and
As noted in Part 1, attention is always in short supply in organizations, and especially so for executive management. Amidst the distractions and complexity of today’s businesses, executives often use a relevance filter – “Is what I’m asked to support relevant to what drives our organization’s success? Will it help move us ahead, or
Selecting the right initial project(s), determining outcomes and measures, and preparing the business case are important groundwork for your Information Governance initiative, as discussed in Part 1. But to secure resilient management support for an ongoing initiative, you’ll also want to tie the individual projects to strategic objectives for Information Governance at your organization.
Management support is crucial for success with Information Governance initiatives. This is not merely a question of initial project and budget approvals. Most Information Governance initiatives involve behavioral changes in how data is handled, and in many instances, aspects of organizational culture may be impacted. No matter the ultimate benefits, any initiative involving behavioral change
In the real world, what to do has never been as impactful as why to do it. For the 2020s, the newest impetus for managing information retention and disposal is crystal clear – data privacy and security compliance
Continue Reading Less Data is Now Even More Than Ever
We’re witnessing a “rapid, unscheduled disassembly” (thanks SpaceX) of comprehensive consumer privacy laws across the United States. While these new state laws generally have a different, sleeker structure than California’s CCPA/CPRA, they share a similar impact – each such law incents covered businesses to delete unnecessary data.
Continue Reading Less Data #6: Explosion of new state consumer privacy laws compels deletion of unnecessary data
Last month California finalized its updated regulations under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). With the CPRA, California has upped the ante on requiring data retention schedules and disposal of unnecessary data.
As always, to fully appreciate where we are, we need to remember from where
We’ve already seen how new FTC regulations for GLBA-regulated financial institutions require retention schedules and disposal of unnecessary data as essential data security controls. The FTC is now also taking that position for all businesses under Section 5 of the FTC Act, as seen in a slew of recent FTC data security enforcement actions.
Two
The FTC has updated its data security regulations for the financial institutions it regulates under the Gramm-Leach-Bliley Act (GLBA). The FTC’s revised requirements for information security programs, effective June 1, 2023, will now mandate data retention policies and disposal of unnecessary customer information.
To appreciate what this means, we must take a quick look at
Data security laws increasingly require disposal of unnecessary data, But will regulators take this seriously?
Continue Reading Less Data #1: State-level data security regulators are enforcing data disposal