Phyllis L. Elin - A Corporate Librarians Guide to Information Governance and Data Privacy

A Corporate Librarians Guide to Information Governance and Data Privacy

A Corporate Librarians Guide to Information Governance and Data Privacy

Phyllis Wisotsky Elin

A Corporate Librarians Guide to Information

Governance and Data Privacy

Copyright Business Expert Press, LLC, 2023.

Cover design by Charlene Kronstedt

Interior design by Exeter Premedia Services Private Ltd., Chennai, India

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any meanselectronic, mechanical, photocopy, recording, or any other except for brief quotations, not to exceed 400 words, without the prior permission of the publisher.

First published in 2022 by

Business Expert Press, LLC

222 East 46th Street, New York, NY 10017

www.businessexpertpress.com

ISBN-13: 978-1-63742-245-8 (paperback)

ISBN-13: 978-1-63742-246-5 (e-book)

Business Expert Press Business Law and Corporate

Risk Management Collection

First edition: 2022

10 9 8 7 6 5 4 3 2 1

Description

With the expansion of technology and governance, the information governance industry has experienced dramatic and, often, sudden changes. Among the most important shifts are the proliferation of data privacy rules and regulations, the exponential growth of data and the need for removing redundant, obsolete, and trivial information, and the growing threat of litigation and regulatory fines based on a failure to properly keep records and manage data. At the same time, longstanding information governance standards and best practices exist, which transcend the sudden vicissitudes of the day.

This volume focuses on these core information governance principles, with an emphasis on how they apply to our target audience, which includes law librarians, legal and research staff, and other individuals and departments in both the public and private sectors who engage deeply with regulatory compliance matters.

Core topics that will be addressed include:

The importance of implementing and maintaining cohesive records management workflows that implement the classic principles of capturing, checking, recording, consolidation, and review;

The classic records management principles of accountability, transparency, integrity, protection, compliance, accessibility, retention, and disposition; and

Archives management and the two principles of providence and original order.

Keywords

information governance; records management; electronic discovery (eDiscovery); risk management; privacy; data storage; data archiving; information lifecycle management; information security; information protection; document handling; data governance; enterprise content management; enterprise architecture; big data; data science; data defined storage; business intelligence; knowledge preservation; knowledge management

Contents

I have been a global consultant in the field of Information Governance (IG) and Compliance for over 40 years. During that time, the metamorphosis of Records Management to IG has given me a somewhat unique perspective. My education began in Cincinnati, Ohio, in the 1970s where, along with a small group of women, I was schooled in the tenets of best practices for Records and Information Management (RIM). My professors were formidable women who cut their teeth working for the U.S. Federal Government during World War II. So, eager for a career as a perpetual student, and combining my curiosity with my admiration, the teaching methods of my two mentors played beautifully into my scholarly inclinations.

Though RIM basics were not in my wheelhouse as an English major and Political Science minor, as the training began, it immediately appealed to my sense of reason and organization. RIM spoke to me. I was enthralled by it. As I absorbed these learning sessions, I felt the same academic excitement as I did for my classes at New York University. In addition to the building blocks of my education, I also nurtured traits of patience, meticulousness, and logic. These were paramount to this career path, and I was encouraged in believing that I possessed these skills.

My IG and Compliance career has taken me to many countries and continents, all of which, for better or worse, treat RIM at least a little differently. My journeys have also allowed me to see and understand many organizations in most vertical markets and jurisdictions. I also interviewed subject matters experts (SMEs) in all functional areas to verify their record keeping requirements, workflow perils and pitfalls, and many a parade of horribles.

With the expansion of technology and governance, our industry has often changed very dramatically and abruptly. The shift in data privacy rules and regulations is just the most recent example. Still, there are standards and best practices which transcend the sudden vicissitudes of the day, and these more enduring, universal principles will be the focus of this volume.

That said, the foundation of my observations generally begins with ISO 15489, established in 2001 as the first globally recognized requirement for RIM. And thus, the workflows will more or less adhere to the following protocol: capture; check; record; consolidate and review; and act; coupled with accountability, transparency, integrity, protection, compliance, accessibility, retention, and disposition. We will also touch on archives management and the two principles of providence and original order.

In the latter sections of the book, I will cover a number of general subject areas from the perspective of people, process, and technology utilizing COBIT, ITIL, and 40 years of experience in management and consulting. These areas will include inter alia, strategic alignment, management principles, continuous improvement, business continuity, metrics, and risk and operations management.

Governance Overview

As its name implies, information governance (IG) is a comprehensive strategy for managing an enterprises people, process, and technology, with an emphasis on risk, legal compliance, information management, and business intelligence. Governance also subsumes a number of disciplines such as eDiscovery, data privacy, big data, architecture, operations, business continuity, and audit.

The goal of a governance strategy and framework is to ensure that the organization understands and is able to work together to execute leaderships strategic goals and objectives; and that the enterprise and all of its employees and resources are operating as judiciously and harmoniously as possible to achieve those ends. In that regard, it is useful to view the organization as much as a physical mechanism than an amalgamation of disparate parts and services.

Leadership sets the strategy and tone and thus establishes the organizational culture. Depending on the enterprise, it will be subject to more or less regulation, which will in turn influence the governance frameworks, privacy requirements, best practices, and infrastructure. The organization will establish appropriate technology, third-party systems, and operational structures to support its business goals, resource according to need, and monitor and extract metrics for every facet of the enterprise to ensure the whole is greater than the sum of its parts.

The success of an organization is often measured by its ability to achieve strategic alignment across these areas, but especially leadership, business, technology, operations, and legal. Program management is essential to planning, executing, and resourcing executive leaderships core strategies; businesses drive the specific requirements and core competencies that ultimately determine success in the marketplace; IT and operations build the processes, procedures, and infrastructure on which the organizations strategy is based; and legal and compliance outline and enforce policies and mitigate risk to keep the organization in good standing, with regulators, shareholders, and the public.