Information Governance Requires Defensible Destruction

Part 1-Implementing Policies-The Hows and Whys

Corporate workplaces need defensible destruction in place more now than ever. There has been increasing recognition that Information Governance (IG) is a key component in the management of information at the corporate level. However, there has been limited progress in implementing the policies and processes needed to defensibly destroy data and information that has reached the end of its lifespan. Now is the perfect time to address and resolve increasing organizational IG maturity.

States continue to legislate and regulate the retention of private information and there is no going back. An organization should already have in place an updated written information security plan (WISP), a records retention schedule and policies to back up the treatment of information at the end of its lifecycle. It is essential to have these plans and policies in place as state and federal government continue to install more requirements every year, and the obligations to secure private information and maintain IG are continually increasing.

Corporations are continuing to install chief information governance officers, IG steering committees, data privacy officers, and information security departments. This is in response to legal department concerns, law and regulations, concern about exposure to bad press, and other worst-case scenarios. Other entities are hiring external experts to help construct the framework for a new or improved information and records management program. Despite these signs of progress even in the most perceptive firms, the general business world has not reached maturity in the way it treats data and information. In these unpredictable times, access to information has never been more important, nor has the protection of it.

Many firms and corporations have invested in the infrastructure required to implement policy and practice to define what data and information will be accessible, at what levels, and for how long. Policies and training have added to employee understanding of responsibilities in the use of corporate information. These factors help keep reduce risk and further appropriate use of corporate information.

More work is needed to address information storage in whatever format. Some questions arise regularly in the absence of guidance:

• Is it acceptable/risky/encouraged/required to keep company information in several locations to avoid data loss?
• Is it okay to keep the paper copy, plus an electronic version?
• Who is managing the coordination of all this information?
• Is there any consistency to the treatment of the information as it ages?

.

Accufile information governance consultants specialize in guiding organizations with the creation and implementation of their information compliance policies and procedures. Contact Accufile today.

Stay tuned for Part 2 of Defensible Destruction and Going Paperless.