Information Governance:  A Primer

According to the Sedona Conference, Information Governance (IG) is about minimizing information risks and costs while maximizing information value. This is a compact way to convey the key aims of IG programs.

The definition of IG can be distilled further. An even more succinct “elevator pitch” definition of IG is, “security, control, and optimization” of information.

This is a short definition that anyone can remember. It is a useful one for communicating the basics of IG to executives.

To go into more detail: This definition means that information—particularly confidential, personal, or other sensitive information—is kept secure.

It means that your organizational IG processes control who has access to which information, and when.

And it means that information that no longer has business value is destroyed and the most valuable information is leveraged to provide new insights and value. In other words, it is optimized.

IG PROGRAMS REQUIRE CROSS FUNCTIONAL COLLABORATION

IG involves coordination between data privacy, information security, IT, legal and litigation/e-discovery, risk management, business records management functions and more. It is a complex amalgamated discipline as it is made up of multiple sub-disciplines.

IG must be driven from the top down by a strong executive sponsor, with day-to-day management by an IG Lead, which is a person who could come from one of the major sub-disciplines of IG. The IG lead could come from IT, cyber-security, privacy, RIM, analytics, legal, operations or related disciplines.

THE KEY DIFFERENCES BETWEEN DATA GOVERNANCE & INFORMATION GOVERNANCE

Data Governance (DG) and Information Governance (IG) are often confused.

They are distinct disciplines, but DG is a subset of IG, and should be a part of an overall IG program. DG is the most rudimentary level to implement IG, and often DG programs provide the springboard for IG programs.

Data governance entails maintaining clean, unique (non-duplicate), structured data (in databases). Structured data is typically about 10%-20% of the total amount of information stored in an organization.

An even more succinct “elevator pitch” definition of IG is, “security, control, and optimization” of information.

DG includes data modeling and data security, and also utilizes data cleansing (or data scrubbing) to strip out corrupted, inaccurate, or extraneous data and de-duplication, to eliminate redundant occurrences of data.

Data Governance focuses on data quality from the ground up at the lowest or root level, so that subsequent clinical assessments, reports, analyses, and conclusions are based on clean, reliable, trusted data in database tables.

THE CHALLENGE: MANAGING UNSTRUCTURED INFORMATION

Unstructured information is the vast majority of information that organizations struggle to manage. Unstructured information generally lacks detailed metadata and includes and scanned images, email messages, word processing documents, PDF documents, presentation slides, spreadsheets, audio recordings, video files, and the like.

Unstructured information is more challenging to manage than structured information in databases, and is the primary focus of IG programs.

IG is much more broad and far-reaching than DG. IG programs include the overarching polices and processes to optimize and leverage information as an asset across functional silos while keeping it secure and meeting legal and privacy obligations. These IG program aims should always be in alignment with stated organizational business objectives.