THIS MONTH'S FEATURED ARTICLES
In this article, Richard Kilpatrick outlines the difference between Information Security and Information Governance and explains why IG frameworks are essential for the successful orchestration of specialised security systems.
Richard is a highly experienced consultant in information technology, focusing on realistic data governance, security and privacy. He has led programs of work to discover and classify data across multiple business units, within banks, telcos, health and media.
In this article, Meena explains what organisations can do to reduce cyber risks and why an effective data and information governance program is instrumental for businesses looking to invest in cyber insurance.
Meena is a cyber insurance and data breach broker, specialising in cyber risk, data privacy, intellectual property and cyber crime. She helps organisations identify potential cyber risks and believes that cyber insurance should be a key component of a company's enterprise risk management strategy.
See More Publications Below
Information Governance Articles
When people think about information and information governance, they may think about information in a purely digital or online sense. And, they tend to think that governance centres on addressing privacy and broader legal compliance requirements and, perhaps, consider information from a business risk perspective.
Most organizations are at or near the end of transforming and/or updating transactional processes and systems to become more efficient and reduce cost. However, the people, processes and information that drive time to market and sales have been under-served.
Effective leadership of information governance (IG) is key to ensuring that appropriate strategies, priorities, policies and processes are successfully embedded in an organisation, both to maximise the opportunities and minimise the risks arising from the information it holds.
Organisations that are successfully addressing the business challenge of being overwhelmed by the exponential information growth are placing value at the core of their information governance program.
Enterprises are now asking “How do we better manage and provide governance across this increasing volume of information to harness the business value from it?”
Organisations need to consider information as an asset and measure both the value and costs of the data they hold. This means measuring the financial benefits derived from the value of data held as well the costs and subsequent savings from risk management investments.
Effective governance of information requires a strategic approach. This involves quantifying each of the business drivers by breaking them down into categories: risk, hard and soft costs, and information value. Once this is completed, a return on investment can be calculated to drive and implement effective information governance solutions that deliver results to the bottom line.
The case for leveraging ISO 55000 for heavy asset industries, infrastructure and the public sector is indisputable. Instigating comprehensive and effective Information Governance improves the ability of organisations to comply with laws and manage asset-related risk while providing real business value.
As Information Governance and Data Governance becomes increasingly important for organisations seeking to control and secure information, it is important to understand what each one does and achieves.
We would like to thank all those who responded to the survey and hope the final results prove interesting and useful. A few key findings:
- 49% of survey respondents felt their leadership had failed to address Information Governance.
- The main driving factors of Information Governance projects were external regulatory pressures (80%) and good business practices (59%).
One of the challenges enterprises currently face is the lack of management of information across their business processes, from end to end. Understanding how your organisation leverages information holistically, from end to end, and the management of this information, can be realised with an Information Governance Program.
Mandatory data breach notification is almost across the finish line. Or is it?
As many of our readers may know, the third incarnation of a bill that would require all entities bound by the Privacy Act to notify the regulator and consumers of their data breaches was read in parliament in mid-October. The concern with the mandatory framework is that the settings may result in either under-reporting or over-reporting, while failing to produce better outcomes for consumers and costing Australian businesses hugely in compliance overhead.
Preventing data privacy breaches is becoming increasingly important, with the increasing costs of dealing with cyber attacks, IT security breaches, and the subsequent legal actions and regulatory investigations.
There are approximately 10 months to go until your organisation will have to fess up if it experiences a serious data breach. Whilst that may sound like a long time away, the requirement to notify is only the tip of the iceberg. This article is a reminder to all organisations covered by the Privacy Act to have adequate measures in place to protect information security and to have a privacy governance framework in place.
With the law lagging behind in the rapid technology innovations in big data, AI, machine-learning and the Internet of Things there is a growing discussion about the merits of an ethical based approach by organisations. This article considers why an ethical based approach can build trust and transparency with consumers, and why it should be part of good Information Governance, as a means of maximising the value of information derived from data analytics while minimising risks.
Records Management Articles
Although the records management (RM) profession is facing challenges with an increasing focus on information governance, the reality if that its role and function has been in great need for more than 30 years and remains a necessity today.
In December 2016, the Supreme Court of Victoria endorsed the use of Technology Assisted Review (TAR) in the eDiscovery process in the case of McConnell Dowell Constructors v Santam. This was the first time TAR had been approved for use
in litigation in an Australian Court.
The use of technologies like TAR assists parties in litigation to meet the requirements ‘of a just, efficient and cost-effective resolution of the dispute’ by reducing the time and cost involved in large scale document production during the discovery process.
eDiscovery is the production of relevant documents that parties to litigation or an inquiry are required to produce to either a Court, Royal Commission, Commission of Inquiry or to a government regulator. The eDiscovery industry is a global industry reflecting the enormous growth in information and the specialised technology which has developed to meet that challenge. While eDiscovery is a specialist area of legal technology the challenge of document production extends well beyond in-house legal departments and requires the assistance of IT departments and records management.
It has been said that the world is on the bring of a fourth industrial revolution. The emergence of IoT is the beginning of a revolution that will have as great an impact on society and the way people and business are organised as the computer revolution did on the post-World War II era.
Over a typical business cycle, a large organisation produces staggering volumes of data. This will include essential records, valuable business intelligence, and knowledge uniquely relevant to the business. But frequently 50% or more of the content is utterly useless - it is dead weight, consuming storage capacity and obscuring the genuinely valuable content, burying the essential digital needles in terabytes of useless haystack.
With the help of the file analysis and governance experts, the Pandora GRC team discovered that at least 60% of its unstructured data had no value and there was no business or legal reason to continue to spend precious resources on protecting and storing it. So they took control, realising significant security,
privacy, cost, and productivity benefits along the way.