Gimmal Blog

Read the latest thought leadership and industry news from the experts at Gimmal!

All Posts

Is Your General Counsel Involved in Your Governance, Risk and Compliance Plan?

Cyber intrusions or hacks are generally seen as the domain of the IT department, however it is critical that the general counsel be involved in the creation and execution of the data governance risk and compliance strategy. In fact in a recent survey of 450 companies, 31% of respondents stated they rely on IT, while 21% said they rely on general counsel to be primarily responsible for compliance after a data breach.

The information above was gleaned from “The Fifth Annual Survey on the Current State of and Trends in Information Security and Cyber Liability Risk Management”. This expansive survey covers a variety of topics of concern for risk managers and general counsel. Some other highlights of import were noted by Peter Vogel on his blog post about the survey:

  • Trends and attitudes continue to take shape and marketplace reactions to emerging issues continue to present themselves.
  • Increased cyber risk focus from boards and senior executives is translating into strategic cyber prevention and response initiatives in more organizations.
  • Exposures such as a data breach of customer records and reputational damage resulting from a data breach are high on the list of concerns.

The general tone from this survey is clear: organizations are rightly concerned about the consequences from a data breach. One area that isn't mentioned explicitly, however, is information governance (#InfoGov). Unfortunately, data breaches can be difficult to predict and often prevent. Having a complete information governance strategy can help to limit any damage from a potential breach by ensuring your records are either disposed of according to their retention schedules or properly archived and more secure than non-sensitive documents.

As we pointed out in a previous post, many organizations believe they have tighter control around their information governance than they actually do. It is imperative that the IT department, general counsel and records manager have detailed strategies laid out that clearly define each teams' responsibilities and where (and to whom) an issue is escalated. This problem can present itself in a very costly manner if your organization is subject to #eDiscovery due to a lawsuit.

Data governance risk and compliance is not a topic that will be going away any time soon. As organizations continue to produce data at exponentially higher rates, those who are reactive and without a forward-thinking strategy will not only open themselves up to risk, but suffer losses in productivity and increases in technology and storage costs.

By Kevin Bley

Related Posts

Why Should Records Management be Important to You

Why should an organization care about records management? When users throughout all departments are creating new records without a thought to how they are cataloged or tagged, the sprawl of records can become a real threat. Unstructured data can lead to compliance issues for highly regulated industries. When proper records management isn’t a top priority, content that should have been disposed of for security purposes is left vulnerable for anyone to find and distribute.  

Creating Compliance in Chaos: A Consultant's Story

Records and Information Management (RIM) is constantly changing and evolving as record managers begin to realize the benefits of automation in their daily operations. In my 6 years of consulting, I have seen everything from heavily manual business processes to automated document management solutions.  Even as time goes by, information professionals continue to face the long-standing hardship of trying to get end users to comply with either internal or external regulations when it comes to records management.  Lately, there has been an apparent shift from ridged business centric solutions to end user centric solutions. 

Gimmal at ARMA International InfoCon 2019

Once a year, members in the records management community come together for ARMA’s annual conference to discuss the latest advancements and best practices for modern information managers.  ARMA, the global authority of information management and governance, hosted this year’s conference, ARMA InfoCon, in Nashville, TN. While attendees were not in the typical “record” industry that Nashville is known for, the location called for a great mix of music and information management knowledge.