It is trite but true: Information is one of a business's most valuable assets. Yet just like oil, if not handled properly, it can cause serious damage. That's why a business's information governance (IG) team needs to be carefully considered and planned—its members have the important responsibility of understanding the "who, what, where, when and why " of its data handling activities, helping to mitigate the privacy and security risks associated with those activities, and optimizing the ways that the business uses data to pursue its objectives.
As critical as it is, an effective IG team can also be quite fragile. Bringing stakeholders together from different divisions of a business creates dynamics that may be more political and volatile than what each individual is used to. The prospect of being accountable for the risks and controls of one of the business's most important resources puts added pressure on the team. Furthermore, the benefits of a strong IG team may not be manifest until some time after the fact. Other corporate priorities may seem more urgent and profitable, and the IG team may lose some of its resolve or resources over time.
All of these factors can dampen the effectiveness and perseverance of an IG team, which an organization should seek to foster, lest an audit, litigation, security breach, or other crisis remind an organization why IG is important in the first place.
So, how can an organization build a strong IG team to last? Here are three tips:
Obtain Management Support: Management support is critical because it ensures that the IG team's mandate is promoted and taken seriously at all levels. Having executive support facilitates the implementation and enforcement of the IG program across the enterprise.
Weave a Cross-Section of the Business into the Team: The members of the team should have transparency into all corners of the organization so that they can identify risks and opportunities as soon as they arise. This means that the team should include at least legal, IT, records management, data protection, executive and business perspectives.
- Divide the Team into Smaller Groups and Convene the Larger Team Only When Necessary: To keep the momentum of an IG team strong, there should be a core team of decision-makers that meets regularly and who are responsible for keeping the larger team accountable for its broader mandate. There should also be subgroups specializing in certain subjects—such as cybersecurity, data governance and enterprise risk—that are called upon to report to the core team as necessary.
While there is no one-size-fits-all model for all organizations, following the general tips above can help to ensure that the IG team within any organization remains focused and committed to implementing a solid IG program.
Contributor – Jonathan Tam