In the wake of the Talk Talk data breach in October this year, many organisations have become concerned about whether the way they handle data in-house is sufficient to protect them from something similar. While we’ve seen plenty of high profile attacks on businesses like Talk Talk that have dominated the news in recent years, it’s worth remembering that all data has value and hackers are beginning to turn their attention to the smaller business, which may have less in the way of security and information governance. With this in mind, many are beginning to look to at their information governance strategy, and whether it needs to be updated in light of recent events.
An information governance strategy helps organisations to manage and control the data that they are in possession of. It can improve regulatory compliance, reduce IT costs and make for a better risk management process. While many businesses may have made significant investments in technology and training over the years, often when it comes to the data that may be stored in corporate databases and data warehouses – such as emails and document files – there is little or no policy in place to manage it safely. Whether you have an existing information government strategy that needs amending and updating, or you’re starting from scratch, there are a few basics that you need to bear in mind when developing this approach.
Be clear about the roles and responsibilities when it comes to data governance. Document how different people within your organisation will come into contact with data, at what stage, and what their governance responsibilities are to that data at the stage that they come into contact with it.
Appoint a head. There must be someone in charge of information governance otherwise there is no one to drive implementation of the strategy and no one who will ultimately be responsible for whether it succeeds or fails.
Ensure there are complimentary policies and procedures in place. There is little point in having an information governance strategy in place that is not supported by internal policies that put data management into practice – focus on processes such as adding and approving content, for example.
Measure while you manage. Develop clear, quality metrics and scorecards so you can see how the data you’re managing is conforming to your policies. Ensure that the results of these are made visible to people in the organisation. If your measuring indicates that there are individuals who are not complying then this should be made (privately) clear to them, as well as the steps required to rectify the situation.
Ensure that your information governance is evolving. For many businesses, the information governance strategy is a document that is drawn up (often for regulatory compliance purposes) and then left to gather dust. This is not a one time action but something that needs to be developed and evolved to respond to the way that the business itself is changing, as well as the digital world around.
For help and advice, get in touch with the team at Omnis Global on 020 7253 4311.