top of page

Ernst & Young on Information Governance

If you're looking for a simple guide to information governance from a respected authority in the field, see Ernst & Young's Information Governance for the Real World, and its Information Governance Solution guide. Ernst & Young is one of the 'Big Four' accounting firms and also one of world's largest professional services firms. It advises businesses on how to implement an information governance program.

Ernst & Young has identified seven key principles of information governance:

1. Know your information: develop search criteria to find certain document types.

2. Know where you have information: be able to find PII that must be deposed of.

3. Access: limit data access to certain teams.

4. Protection: find gaps in data protection policies.

5. Response to external events: run gap analysis of processes to respond to data breaches.

6. Keep data no longer than necessary: emphasize the right to erase PII and be forgotten under the GDPR.

7. Dispose: delete redundant and outdated data

Information governance policies help organizations:

  • Make informed decisions quickly.

  • Comply with regulations and discovery requests.

  • Reduce the cost of data storage.

Ernst & Young recommends:

a. Conform to the regulations of FINRA; the SEC; the FDA; and other government bodies to help protect privacy rights.

b. Don't rely on IT to take a black box approach to preservation and collection. Develop an in-house discovery preparedness program.

c. Address the proliferation of information systems.

d. Data maps should be used to track records subject to regulations.

e. Identify critical data assets.

f. Implement a defensible disposition program.

bottom of page