An article from Silicon Republic covers some important questions that all companies dealing with data should be aware of and their importance to an overall compliance plan. Cybersecurity and information governance are inextricably linked. Directors in all organizations must be aware of the impact that they have on one another. As more pieces of a business become connected, both internally and externally, the risk of a data breach increases.
As with other business challenges, the proactive approach is always the preferred method. Creating a detailed compliance plan that involves all departments and the various types of potential risks is the best way to ensure a secure data environment. The reliance on data storage and the transmission of sensitive records presents many opportunities for risk. Below are 6 important questions that all directors need to consider.
- Are we being transparent? The organization needs to be transparent about how they are obtaining data and where (and for how long) that data is being stored. The data also needs to be accessible to those who require it in a safe and traceable system.
- Do we have consent? Sensitive information should require consent from all parties to be obtained and stored. It should also be disposed of properly and in line with the overall information governance strategy.
- How long are we retaining data for? One of the tenants of a complete compliance plan and information governance strategy is the defensible disposition of data when appropriate. The company should always refer to current local, state, federal and industry regulations when constructing a retention schedule.
- Are we collecting unnecessary data? Data should only be collected when critical to the business. Trivial or obsolete data can pose a storage and compliance issue if not handled correctly.
- Are we keeping the data secure? Appropriate security measures are critical to every organization's overall compliance plan and must be a priority even for non-records. The up-front cost of properly securing data pales in comparison to the cost of a data breach.
- Are we giving the data to third parties? Any time data is being sent outside of the organization is important to understand how that data will be treated. Your organization can end up in just as bad of a situation if your data that resides with a third party is breached. Your data remains your responsibility regardless of where it lives.
Overall, when considering a compliance plan these important questions must be asked first and buy-in from all departments must be obtained. Information governance requires cooperation throughout the entire organization and CIOs and the records management team must lead these efforts.