As data breaches continue to rise, the importance of robust governance to align and improve integrated cybersecurity, technology procurement, privacy compliance, and information lifecycle management becomes critical. Recently released reports by the Office of the Australian Information Commission and the New South Wales Information Commission reveal the high percentage of […]
Five Key Lessons from Robodebt for AI and Technology Projects
Australia’s Robodebt scandal provides some critical lessons for boards/governing authorities and senior executives implementing artificial intelligence (AI) and technology in both the public and private sectors. The emergence of AI governance guidance and standards, such as AS ISO/IEC 42001:2023 and NIST’s AI Risk Management Framework, are helpful tools for organisations […]
Dark Data – the risks, costs and ESG
Dark data poses potentially significant risks and costs for organisations. Additionally, with an increasing focus on ESG reporting, organisations should be considering how they can measure and report on each element of ESG with respect to data being collected, generated, used and stored. This article by Susan Bennett considers the […]
The use of WhatsApp and messaging record-keeping failures: the massive fines keep coming
On 8 August 2023, penalties for record-keeping failures of $549 million were ordered against 10 banks, broker-dealers and investments advisers in the U.S. The Commodity Futures Trading Commission (CFTC) ordered four banks to pay $260 million for record-keeping and supervision failures arising from the use of unapproved messaging systems including […]
Information Governance maturing with developments in Privacy Laws being a key driver: Findings of the Information Governance Industry Report 2023
9 May 2023: The Information Governance Industry Report 2023 is InfoGovANZ’s fourth survey charting the development of information governance over the past seven years.
The IG Industry Report reveals that the key drivers and priorities for information governance activities within organisations were:
- External regulatory, compliance or legal obligations
- Good business management practices
- Internal technology restructuring or transition; and
- Mitigating risks associated with data that can be defensibly deleted.
Dr Peter Chapman, Partner Korda Mentha and InfoGovANZ International Council member said, “while most of these drivers have remained consistent in previous survey results, the elevation of ‘mitigating risks associated with data that can be defensibly deleted’ as a key priority for organisations is unsurprising given the Optus and Medibank data breaches in the latter part of 2022 and the more recent Latitude data breach, which have highlighted the risks of over-retention of personal information.”
Two new questions were added to the survey to gain insight into the impact of these data breaches on organisations more widely. While only 20% of respondents indicating a major impact to their organisation’s IG activities, more than half of respondents’ organisations had either implemented changes or formed the intention to make changes to information lifecycle management policies and procedures in the last 12 months. “This demonstrates a broader recognition by organisations that they need to ensure they have adequate information lifecycle management in place, including disposal of personal information that is no longer needed” said Susan Bennett, Executive Director InfoGovANZ.
The survey results revealed that a quarter of all IG projects either underway or planned to be underway in the next year were driven largely by changes or foreshadowed changes to privacy laws with a further quarter being ‘somewhat’ driven by changes or foreshadowed changes to privacy laws. Susan Bennett said, “In light of the recent high-profile spate of data breaches and foreshadowed changes to Australia’s Privacy Act, it is unsurprising to see a significant increase in IG projects planned across the next 12 months from 74% in 2021 to 82% in 2023.” Over a third of respondents indicated their organisations are expecting to increase their IG spend this financial year.
It is pleasing to see that organisations are increasingly governing with a formal IG framework. The number of respondents reporting that their organisation is doing so has increased from 51% in 2019 to 64% in 2021 and then 71% in 2023. In another positive sign, nearly two-thirds of respondents assessed their organisation’s IG maturity as intermediate or advanced.
More respondents considered their organisation to have a proactive stance (50%) than a reactive one (40%), although clearly there is significant room for improvement here. Our third new question asked respondents their opinion as to whether the board and/or leadership team of their organisation had sufficient understanding of IG. Concerningly, only one-third of respondents believed this was the case.
“As recent high-profile data breaches have shown, boards and governing authorities of organisations need to have in place robust information governance to reduce information risks across the enterprise”, said Susan Bennett. Boards need to ensure they are actively monitoring the governance of data and information lifecycle – from collection to use and disposal – to comply with privacy regulations and reduce overall risks, including reputational and legal risks and costs to the organisation.
Key Survey Highlights
- The three main drivers of IG projects are external regulatory, compliance or legal obligations (81%), good business management practices (66%), mitigating risks associated with data that could have been defensibly deleted (49%),
- Half of the survey respondents indicated that changes to privacy laws were 50% or more of the reason behind IG projects underway or planned in the next year.
- Recent high-profile data breaches impacted IG activities in a ‘major’ way for 20% of the respondents’ organisations and had a minor impact on 57% of respondent organisations.
- 55% of respondents indicated that their organisation had or was planning to make changes to information lifecycle management policies and/or procedures in the last 12 months.
- 64% respondents said their organisations govern IG with a formal IG framework with policies and procedures.
- 82% respondents said their organisations have IG projects underway or planned in the next year.
- 65% assessed their IG programs as intermediate or advanced in maturity.
- Nearly 50% assessed their IG programs as proactive and 40% as being reactive, event-driven and unplanned.
- Only 34% of respondents assessed their board and/or leadership team to have sufficient understanding of IG.
About InfoGovANZ
Established in 2016, InfoGovANZ is a community of international professionals across the data and information sphere – Information Governance, Legal, Data Privacy, AI and Ethics, Cyber and Information Security, Records Management, FOI, eDiscovery, Data and Infonomics, Risk and Compliance – with a multi-disciplinary focus to collaborate and share best practices and promote global information governance innovation.
The report can be accessed here – Information Governance Industry Report 2023
For further information
Please contact Susan Bennett, Executive Director
susan.bennett@infogovanz.com or on +61 2 8226 8546.
Privacy and AI: IAPP Global Privacy Summit, Washington DC, 2023
The IAPP Global Summit Privacy Summit this year was a huge event with over 5,000 attendees and a smorgasbord of keynotes and seminars on a wide range of topics – from privacy and AI compliance to the recent Generative AI developments together with predictions, the status of EU-US data transfers […]
Legalweek NY 2024 Report from down under
It was wonderful to attend #Legalweek24 in New York City to see and discuss the latest legal and technology developments. The three things that stood out were: the legal technology AI race is on, robust cybersecurity and information governance are critical, and the LegalWeek buzz. These and other highlights are […]