- Improving Cybersecurity Against Data Breaches: How Information Governance Paves the Way
- January 12, 2015
- Law Firm: DLA Piper (Canada) LLP - Vancouver Office
- The issue of data breach is not exactly new, but in the past it has been relegated to a niche corner of information technology. Increasingly, however, cybersecurity is becoming a critical priority for businesses as a recent surge of high-profile data breaches hitting victims such as Sony, Target, Home Depot, JPMorganChase and others dominate the headlines.
What should an organization do to protect valuable information assets? I was recently interviewed for the cover story of the November/December 2014 issue of Canadian Lawyer magazine, which looks at the relatively new approach of information governance. While the story focuses on the particular challenges facing law firms, the threat of data breach is universal and understanding information governance is useful for all businesses, especially if the handling of sensitive client data is involved.
What is Information Governance?
Information governance is the systematic, organization-level management of information through its entire life-cycle – from creation, encryption, storage, retrieval, distribution to disposal. I emphasize in the interview that it is important to understand that data security is not just a technology issue. It is not fair nor effective to place the responsibility of mitigating risks squarely on the shoulders of your IT department. A successful information governance program involves a combination of people, policies, practices and technology. You need a security team that includes senior management as well as members in different specialty areas such as technology, records management, data security, and privacy. Key processes should also be regularly monitored and evaluated. It won’t be 100 per cent safe as you can never completely eliminate risk, but there is absolutely no question data security, privacy compliance and e-discovery are all improved as you implement information governance so that you know what information you have, how it is kept, where to find it when you need it, who has access to it, and how you are protecting it; this in turn will help you plan for disaster recovery and business continuity to minimize cost and contain damage in the event of a breach.