A Guide to Information Governance

A Guide to Information Governance

Catalina Joseph, Gov CIO Outlook | Wednesday, February 17, 2021

It is important to consider how government information governance policies and procedures interact with the data inventory.

FREMONT, CA: As massive data breaches continue to make headlines, government agencies of all sizes focus their initiatives on information security. But before anyone can put security policies in place, they need a well-crafted information governance framework to properly handle valuable data and reduce risk. Information governance is the rules leveraged to control the creation, management, storage, and ultimately data disposition. It governs information from paper files, phone records, and voicemails to electronic data. Here are some best practices governments should keep in mind when designing a data governance plan.

• Create A Cross-Functional Team

Information governance policies must reflect the requirements and objectives of all stakeholders. This comprises compliance, risk management, human resources, data privacy, information security, and several business units inside the organization. These groups should be present from the planning stages. They should have a voice in defining risks, metrics, and the criteria to facilitate a successful Legal Governance, Risk, and Compliance strategy, which is vital to any information governance program's success or failure.

• Conducting Comprehensive Data Audit

Before building an information governance framework, governments need to understand what data they currently have. Individual units will be familiar with the essential data sources they use. Effective information governance policies and procedures account for backup tapes, legacy or retired technologies and software, and data archives. This means mapping out that data and developing a data inventory, the organization's data map is vital to success with new data privacy regulations.

• Prioritize Data Map Maintenance

Understanding what issues is complex to the organization and then crafting policies that address those critical areas is important. These problems should arise while auditing data and assessing the legal obligations, so this step should happen naturally. Success or failure with compliance usually starts with data, and managing an up-to-date data inventory is the best way to know what governments have. If they have accumulated many never-used backup tapes, develop and deploy a defensible deletion policy or enforce what's already in place if the operations seem solid but just are not being performed.

Weekly Brief

Read Also