9 May 2023: The Information Governance Industry Report 2023 is InfoGovANZ’s fourth survey charting the development of information governance over the past seven years.
The IG Industry Report reveals that the key drivers and priorities for information governance activities within organisations were:
- External regulatory, compliance or legal obligations
- Good business management practices
- Internal technology restructuring or transition; and
- Mitigating risks associated with data that can be defensibly deleted.
Dr Peter Chapman, Partner Korda Mentha and InfoGovANZ International Council member said, “while most of these drivers have remained consistent in previous survey results, the elevation of ‘mitigating risks associated with data that can be defensibly deleted’ as a key priority for organisations is unsurprising given the Optus and Medibank data breaches in the latter part of 2022 and the more recent Latitude data breach, which have highlighted the risks of over-retention of personal information.”
Two new questions were added to the survey to gain insight into the impact of these data breaches on organisations more widely. While only 20% of respondents indicating a major impact to their organisation’s IG activities, more than half of respondents’ organisations had either implemented changes or formed the intention to make changes to information lifecycle management policies and procedures in the last 12 months. “This demonstrates a broader recognition by organisations that they need to ensure they have adequate information lifecycle management in place, including disposal of personal information that is no longer needed” said Susan Bennett, Executive Director InfoGovANZ.
The survey results revealed that a quarter of all IG projects either underway or planned to be underway in the next year were driven largely by changes or foreshadowed changes to privacy laws with a further quarter being ‘somewhat’ driven by changes or foreshadowed changes to privacy laws. Susan Bennett said, “In light of the recent high-profile spate of data breaches and foreshadowed changes to Australia’s Privacy Act, it is unsurprising to see a significant increase in IG projects planned across the next 12 months from 74% in 2021 to 82% in 2023.” Over a third of respondents indicated their organisations are expecting to increase their IG spend this financial year.
It is pleasing to see that organisations are increasingly governing with a formal IG framework. The number of respondents reporting that their organisation is doing so has increased from 51% in 2019 to 64% in 2021 and then 71% in 2023. In another positive sign, nearly two-thirds of respondents assessed their organisation’s IG maturity as intermediate or advanced.
More respondents considered their organisation to have a proactive stance (50%) than a reactive one (40%), although clearly there is significant room for improvement here. Our third new question asked respondents their opinion as to whether the board and/or leadership team of their organisation had sufficient understanding of IG. Concerningly, only one-third of respondents believed this was the case.
“As recent high-profile data breaches have shown, boards and governing authorities of organisations need to have in place robust information governance to reduce information risks across the enterprise”, said Susan Bennett. Boards need to ensure they are actively monitoring the governance of data and information lifecycle – from collection to use and disposal – to comply with privacy regulations and reduce overall risks, including reputational and legal risks and costs to the organisation.
Key Survey Highlights
- The three main drivers of IG projects are external regulatory, compliance or legal obligations (81%), good business management practices (66%), mitigating risks associated with data that could have been defensibly deleted (49%),
- Half of the survey respondents indicated that changes to privacy laws were 50% or more of the reason behind IG projects underway or planned in the next year.
- Recent high-profile data breaches impacted IG activities in a ‘major’ way for 20% of the respondents’ organisations and had a minor impact on 57% of respondent organisations.
- 55% of respondents indicated that their organisation had or was planning to make changes to information lifecycle management policies and/or procedures in the last 12 months.
- 64% respondents said their organisations govern IG with a formal IG framework with policies and procedures.
- 82% respondents said their organisations have IG projects underway or planned in the next year.
- 65% assessed their IG programs as intermediate or advanced in maturity.
- Nearly 50% assessed their IG programs as proactive and 40% as being reactive, event-driven and unplanned.
- Only 34% of respondents assessed their board and/or leadership team to have sufficient understanding of IG.
About InfoGovANZ
Established in 2016, InfoGovANZ is a community of international professionals across the data and information sphere – Information Governance, Legal, Data Privacy, AI and Ethics, Cyber and Information Security, Records Management, FOI, eDiscovery, Data and Infonomics, Risk and Compliance – with a multi-disciplinary focus to collaborate and share best practices and promote global information governance innovation.
The report can be accessed here – Information Governance Industry Report 2023
For further information
Please contact Susan Bennett, Executive Director
susan.bennett@infogovanz.com or on +61 2 8226 8546.