If you’ve been in the IT business for awhile, you might find yourself saying, “We have faced this challenge before” when it comes to information governance (IG). It is one of those evergreen challenges you will face time after time.
Back in 2006, I was the IBM eDiscovery portfolio manager. Back then, eDiscovery amendments to the Federal Rules of Civil Procedure (FRCP) went into effect in the United States, but impacted organizations globally. It made electronically stored information (ESI) available to requesting parties and opened up a whole new market for ESI identification, collection, analysis, and production. Due to the amendments, solution providers invested heavily to realign or create new solutions to market. IG became a hot topic to ease eDiscovery activities as it was reflected in the Information Governance Reference Model, aka IGRM.
Today, I see history repeating itself. A new regulation in the European Union, called the General Data Protection Regulation (GDPR), will standardize data privacy, security and EU citizen rights across all EU member states, and any vendor or provider hosting or processing EU citizen data anywhere in the world. The regulation will go into effect in May 2018. Just as before, solution providers have started to realign their solutions to help clients with their GDPR readiness: www.ibm.com/gdpr. One more time, organizations with IG practices already in place will meet the challenge easier and more effectively. But aside from regulatory drivers, let’s not forget that IG also adds extreme value to the bottom line and should be embraced as a business imperative to achieve a real competitive advantage rather than just a mundane obligation.
Implementing IG is like preparing for a marathon and it can easily get overwhelming. However, as a long distance runner, I can attest that the process can be simplified. Any marathon preparation starts and ends with a single step. You simply need to get to the starting line and then put one foot in front of the other. To begin your journey to IG, consider starting with these three pillars:
- Understand the regulatory impact on information: Identify which of many regulations impact your data sources and determine the governing policies on each
- Understand what information exists: Identify the information owners and build an information catalog
- Enforce policies: Once the governing policies, including security, privacy and protection rights are identified, enforce these policies on data where possible and identify what gaps must be closed for the rest
Finally, and most importantly, none of this can be achieved without having a governance board including leaders from line of business, legal, IT, security, records management, privacy and protection at the table.
Don’t go it alone with your own IG marathon. The IBM unified IG team has been helping clients with a governance strategy, combined with practical implementation advice for years. Visit us at IBM InterConnect 2017, booth #842 to discuss your specific needs – and jump start your education here to learn more about IBM information governance solutions.
Share this post: