P2P

70 along with the precise placement and enforcement of legal holds. I.T. personnel are likely focused on reducing storage costs, disposition of information, and ensuring that confidential information is properly safeguarded. Records managers will be concerned with some of the same issues that their colleagues in legal and I.T. are focused on, and may also seek to add automation to ensure more effective enforcement of records retention schedules. Knowledge Management" professional and most "C-Level" executives will be likely be primarily concerned with providing timely access to vital business information, and reducing interruption to the flow of information. The roles of each member of the IG enforcement team should be clearly defined. Defining the Scope of an IG Plan – Responsibility Extending to the Employee Once the key stakeholders have been identified, the scope of the information governance plan should be determined. Depending on how the organization is structured, and where data in its possession is physically located, the program should plan for how information is stored and accessed. Accurate organizational data maps should be relied upon when crafting any data governance plans. Technology to provide insight into the various types of data stored across the disparate data landscape should be utilized where possible, especially if it can effectively reduce cost and risk. Additional data security and enterprise security solutions in use by the organization should also be addressed, as they may impact the ability to access or share information. While relying on employees to follow the guidelines set forth in an IG plan, it is essential to have a means to ensure that business records are properly being stored, while preventing unauthorized user-access. Technology helps provide insight into actions taken by employees, and adds safeguards designed to reduce human error, as well as prevent willful employee misconduct. Organizations should seek to create IG plans that notify employees of their data governance obligations. A program relying on "notification" is preferable to one that seeks the permission of the end-user. Having to wait for employee permission can create delays and inefficiencies and requires additional effort to manage when opposed to a "notification" program. Notifying end-users that they are expected to take certain actions, paired with a process in place to address non-compliance with the IG plan, is a component of an effective program Data privacy rights may differ depending on the location where organizational data resides, and global organizations face more complexities when implementing enterprise-wide solutions. Based on jurisdictional rules, and applicable data privacy regulations, access to data might be permissible for some employees but not for others serving the same role in the organization. The reach of the IG plan, and the workflows involved to fulfill the policies set forth, should be simple enough that they can be achieved without undue burden or excessive cost to the organization. Developing metrics gauging the effectiveness of the program should be part of the plan. If certain forms of technology used in the organization's landscape do not integrate with enterprise-wide technology relied upon by IG professionals, then a separate workflow approach is required for managing such data sources. Avoiding Dark Data – Addressing Paper and Legacy Systems Having access to view data stored within an organization's infrastructure is essential for proper data governance. If an organization has no insight into data within its control there can be no confidence in the governance program's enforcement. Without a means of gaining knowledge of the data's attributes at the content level it is impossible to comply with existing governance obligations. An organization must be able to ascertain information about the context, structure and content of each business record it possess. Legacy data creates challenges for information governance. Data residing in "Organizations should seek to create IG plans that notify employees of their data governance obligations."

• Cover