Ernst & Young on Information Governance

Ernst & Young on Information Governance

February 1, 2019

If you're looking for a simple guide to information governance from a respected authority in the field, see Ernst & Young's Information Governance for the Real World, and its Information Governance Solution guide.  Ernst & Young is one of the 'Big Four' accounting firms and also one of world's largest professional services firms.  It advises businesses on how to implement an information governance program. 


Ernst & Young has identified seven key principles of information governance:


1. Know your information:  develop search criteria to find certain document types.

2. Know where you have information:  be able to find PII that must be deposed of.

3. Access: limit data access to certain teams.

4. Protection: find gaps in data protection policies.

5. Response to external events: run gap analysis of processes to respond to data breaches.

6. Keep data no longer than necessary: emphasize the right to erase PII and be forgotten under the GDPR. 

7. Dispose: delete redundant and outdated data 


Information governance policies help organizations:

  • Make informed decisions quickly.

  • Comply with regulations and discovery requests.

  • Reduce the cost of data storage.



Ernst & Young recommends: 

a.  Conform to the regulations of FINRA; the SEC; the FDA; and other government bodies to help protect privacy rights. 

b. Don't rely on IT to take a black box approach to preservation and collection.   Develop an in-house discovery preparedness program.

c. Address the proliferation of information systems.

d. Data maps should be used to track records subject to regulations. 

e.  Identify critical data assets. 

f.  Implement a defensible disposition program.  

Please reload

Some elements on this page did not load. Refresh your site & try again.

Contact Me With Your Litigation Support Questions:

  • Twitter Long Shadow

© 2015 by Sean O'Shea . Proudly created with