P2P

I L T A W H I T E P A P E R | I N F O R M A T I O N G O V E R N A N C E 73 a third-party that provides services to store an organization's data? If a third-party in possession of an organization's data refuses to grant access to the information in a timely fashion, what recourse is available to the organization? Controlling Access to Information – User Rights Limiting access to information based on user rights access, enables organizations to function effectively, while also safeguarding sensitive data. IG platforms are permission driven allowing certain credentialed users to see a complete business record, while providing others with lesser credentials access only to redacted documents, or blocking access entirely. Systems and applications used by employees should consider the provisions of the IG plan. The increase of remote working due to travel restrictions resulting from the COVID-19 pandemic introduces greater risk of potentially insecure transmission of information. Unauthorized means of communication by remote employees should be blocked since sharing information by insecure communication increases organizational risk. The types of approved methods for electronic communication should be an element of an IG plan, and employees performing functions remotely must provide access to the organizational data contained on their device. Organizational practices, such as Bring Your Own Device (BYOD) programs, will also require differing rules of enforcement when contrasted with search and retrieval techniques available for employer issued devices. Beyond the type of hardware device used for the communication, efforts made by employees to circumvent the use of approved secure forms of collaboration, because the employee prefers using an unsanctioned "app" is an action that should be monitored and regulated by the IG enforcement team. While an existing third-party application may provide an easy-to-use means of communication, if it isn't approved for organizational use, there IG enforcement team should have an available means of preventing its' use. Isn't There and IG App to Handle All This? No, there's not an application that satisfies data governance requirements. Since every organization has a unique ecosystem, relying on different technologies to store, process or manage information under its' control will create various IG challenges. There is no "One-Size-Fits-All" solution enabling organizations to meet their information governance obligations. Existing data governance platforms provide dashboard based solutions created to deliver insight into existing organizational data across the enterprise, however technology alone cannot provide a complete solution. IG technology platforms typically include customizable capabilities, allowing IG professionals to implement solutions in a manner fitting with existing "Real-World" needs. "Rules-Based" technologies assist information governance professionals by adding automation to the enforcement of the information lifecycle. However, the applicable retention schedules for organizational data must be defined by those serving records and information management functions within the organization. Hence, a combination of people, process and technology is required to effectively govern information. Technology can provide organizations additional data governance assistance, through the provision of "smart" archival systems which provide additional safeguards to aid in the IG's program's enforcement. IG platforms should be able to monitor the presence of certain types of data stored within the enterprise, and should detect the presence of PII in any specific business record. The ability to detect and generate reports regarding the presence of different forms of PII within an organizations data landscape is essential for effective IG practices. Technology can also be utilized to enhance search functionality across the various organizational systems. Productivity for IG personnel and compliance officers can be enhanced by search capabilities which reach across multiple disparate systems all at once. Purge commands for disposition can be centrally controlled through an IG platform, providing an audit log of any actions taken by end-users. Having the ability to search terms and/or enter deletion commands into a platform that acts across multiple distinct data stores simultaneously creates business efficiency.

• Cover