Ernst & Young on Information Governance
If you're looking for a simple guide to information governance from a respected authority in the field, see Ernst & Young's Information Governance for the Real World, and its Information Governance Solution guide. Ernst & Young is one of the 'Big Four' accounting firms and also one of world's largest professional services firms. It advises businesses on how to implement an information governance program.
Ernst & Young has identified seven key principles of information governance:
1. Know your information: develop search criteria to find certain document types.
2. Know where you have information: be able to find PII that must be deposed of.
3. Access: limit data access to certain teams.
4. Protection: find gaps in data protection policies.
5. Response to external events: run gap analysis of processes to respond to data breaches.
6. Keep data no longer than necessary: emphasize the right to erase PII and be forgotten under the GDPR.
7. Dispose: delete redundant and outdated data
Information governance policies help organizations:
Make informed decisions quickly.
Comply with regulations and discovery requests.
Reduce the cost of data storage.
Ernst & Young recommends:
a. Conform to the regulations of FINRA; the SEC; the FDA; and other government bodies to help protect privacy rights.
b. Don't rely on IT to take a black box approach to preservation and collection. Develop an in-house discovery preparedness program.
c. Address the proliferation of information systems.
d. Data maps should be used to track records subject to regulations.
e. Identify critical data assets.
f. Implement a defensible disposition program.