If there is one thing to take away from the last year, it is that information should not be taken for granted. Not only can a data breach cause huge issues, but it can actually be used to generate revenue.
All that being said, having a comprehensive information governance program is by far the best way to mitigate data risk. Unfortunately, there is still a lack of understanding when it comes to IG.
In fact, the 2015-2016 Annual Report released by the Information Governance Initiative confirmed that of those surveyed, 75 percent of practitioners and 79 percent of IG providers said the biggest barrier to implementing an information governance program is the lack of understanding and awareness within the organization about the value of IG.
The past blog posts linked in the intro paragraph are aimed at clearing up those misunderstandings, and often the most important step in an IG program implementation is buy-in from the entire organization.
Some powerful statistics on the cost that can be avoided come from The Sedona Conference "Principles of Information Governance":
$171 million—out-of-pocket remediation costs for a data breach affecting 100 million persons
$8.5 million—sanctions for failure to locate and produce electronically stored information in a litigation
$1 million—fine for failure to retain immigration records per regulation
$11 million—settlement with the U.S. government for record-keeping violations under the Controlled Substances Act
Why Information Governance?
As many of you may already know, it is always superior to have a proactive approach to your data. Once a breach or violation happens, it is too late, the damage is already done.
There is already a lot of research available about the benefits of Information Governance. I have included a list below of some of the most relevant benefits.
- Business Differentiator. I have listed this first because it is often overlooked. Consumers are making buying decisions based on privacy. An Information Governance program will improve the security, reliability, integrity and accessibility of your data. This can be used as a competitive advantage in the marketplace.
- Reduced storage and infrastructure cost. If you are doing a better job of managing your data, you will have less of it, therefore, reducing the Redundant, Obsolete and Trivial (ROT) data in your organization.
- Reduce risk by improved compliance. The cost of non-compliance can be financially devastating to an organization. Being in compliant will reduce your risk of unexpected costs, but also reduces the risk of other things that may not be as obvious, such as potentially damaging media coverage and loss of clients.
- Reduce eDiscovery costs. This can go hand in hand with non-compliance as eDiscovery can be very costly to an organization. If you have implemented an Information Governance program, you should "only" have the data that is required by your policies, making eDiscovery easier, and you will be able to locate the relevant data quicker.
- Adaptability. We live in a fast-paced world that is constantly changing. Organizations need to have control over their data so they can react to change, find the relevant data quickly, and immediately comply with new standards.
We recently held a webinar to further break down how cleaning up your data and committing to an information governance program reduces compliance risk. CLICK HERE for the link to the recording and slides of that presentation.
Once you have cleaned up that legacy ROT data and created a process for moving forward, the course corrections and adjustments in the future are exponentially easier. The key is laying down that essential groundwork. IG improves every function of your enterprise related to information, from eDiscovery and legal holds to email.
By Shawn Cosby