SlideShare a Scribd company logo

BRG_TAP_IG_20150826_WEB

M
Margaret (Peggy) Daley
1 of 8
Download to read offline
INFORMATION GOVERNANCE PRACTICE
“The rise of big data, social networking, and mobile interactions, coupled with an accelerating increase in the amount of structured and unstructured information enabled by cloud-based technologies, is forcing organizations to focus on the enterprise information that is most relevant, value generating and risk related. Gartner predicts that by 2017, 33% of Fortune 100 organizations will experience an information crisis, due to their inability to effectively value, govern and trust their enterprise information.” (Gartner, May 2014)
Organizations attempting to implement a viable information governance framework that will ensure long-term health must comply with applicable statutes and regulations. Information must be managed so legal holds can be implemented consistent with the good faith and reasonableness required by courts and regulatory agencies, while protecting the privacy of information maintained on individuals. For both ease and efficiency in obtaining a viable IG framework, information should be eliminated when it no longer serves a valid legal or business purpose. The largest organizations often respond to a query regarding their retention policies with, “We keep it all.” Decision makers may mean well, given the impact of the Sarbanes-Oxley Act and sanctions imposed by courts when evidence cannot be delivered, but such action is likely to have detrimental impacts on the organization. Maintaining large amounts of data and physical information not only is expensive but also creates difficulties in locating information critical to the ongoing business. It creates vast amounts of information that might be required to be produced in litigation, or in response to a governmental audit, and potentially houses private information relating to individuals that is susceptible to a breach. Organizations are reluctant to eliminate digital debris because they: • Don’t know where to start • Can’t bring information stakeholders to the table • Can’t demonstrate urgency • Can’t clearly demonstrate negative cost and risk impacts • Can’t build a compelling business case Experts at Berkeley Research Group address these issues on behalf of an organization and communicate relevant findings to appropriate decision makers. Building a compelling business case by demonstrating costs and risks is not difficult in light of the current information growth and changes in laws relating to it. BRG experts focus on both costs of inaction (COI) and returns on investment (ROI). The following graph illustrates risks and costs associated with the inability to dispose of information that no longer serves an organization’s interests. Source: Interview with Deidre Paknad, Corporate Counsel (March 28, 2013)
BRG experts will advise an organization’s stakeholders in the development of an information governance framework and then identify appropriate stakeholders who need to be involved in its implementation. Our experts will work with the stakeholders in creating an information governance roadmap to meet the initial, critical goal of defensible disposition. Attempts to create a solid IG framework will bring those tasked with this formidable challenge face to face with three converging scenarios that must be addressed simultaneously: PRIVACY AND SECURITY In the United States, data breaches of private and personally identifiable information (PII), as well as hacking of business and trade secrets, have become commonplace. Organizations have scrambled to determine whose information has been compromised and to notify individuals of such breaches. C-level executives have lost jobs over their companies’ mishandling of breaches. In addition, damage to a company’s reputation due to the scrutiny of its inadequate information governance serves to motivate others to remedy inadequate IG frameworks. While U.S. organizations are bound by state laws specifying the time requirements for breach notification, companies doing business with European Union (EU) citizens will be bound by stricter notification timeframes and more defined requirements for the handling of PII. Broader definitions of PII imposed by the proposed SIMPLIFY: Approximately 70 percent of information maintained by an organization is information debris. 69% 1% 25% 5% CORPORATE INFORMATION According to a 2012 Compliance, Governance and Oversight Council (CGOC) survey, at any given time, 1 percent of corporate information is on litigation hold, 5 percent is in a records category, and 25 percent has current business value.
EU Directive, expected to pass in late 2015, could have profound impacts if “dark” data contains information considered PII. Since PII is being defined by the EU as any data that can be combined with other data to identify an individual, more information will need to be captured in a controlled environment. Retention schedules will be required. EU protection levels underscore the need to mask all non-active PII to prevent the catastrophic results possible from a data breach. Moreover, insurance companies are beginning to perform audits on how PII is handled to determine premiums. The areas of particular concern are the ability to comply with breach notification laws; the sophistication of data classification schemes for isolating information that needs to be protected through encryption, masking, etc.; and the presence of an implemented records scheduling system to ensure the timely disposition of information that no longer serves a business purpose but increases exposure if breached. RECORDS MANAGEMENT With increased regulation, expansion of record types, global reach, and organizations’ general failure to adequately identify information of value, most organizations lack a scheme that will enhance the operation of daily business while protecting against liability on a variety of fronts. A sound records management system would: • Support event- and time-based retention rules according to global, federal, state, and local laws • Create a structured file plan to organize records and enforce complex policies/rules • Enable legal holds, effective audits, and electronic evidence discovery • Ensure record authenticity, integrity, and contextual relationships • Adequately preserve records and ensure reliability • Enable quick record access and retrieval • Prevent unauthorized deletion • Ensure timely disposition and complete record deletion, when appropriate • Ensure privacy and record security policy management • Support physical records DEFENSIBLE DISPOSITION Storage costs that once seemed like a bargain are becoming prohibitively expensive. In addition, large amounts of stored data increase the amount of information required to be produced in litigation or during regulatory audits (and costs associated with production), inhibit the ability to determine the merits of a cause of action, may lead to production of information detrimental to a business’s interests that could have been legitimately discarded, and increase the chances that relevant information cannot be located. Information of value to the organization’s operations becomes more difficult to access if housed in burgeoning data repositories. A reduction in storage costs can be achieved by developing an IG framework that ensures defensible disposal of up to 70 percent of currently stored data. Analysis of physical documents and their continued value to the business is likely to result in further cost reductions. The application of analytics to legacy data and stored active data can lead to more-efficient data storage, with successful storage reduction leading to a reduction in employee costs, in the total cost of ownership of storage and IT infrastructure, and in litigation and compliance risk. To address the critical areas of privacy and security, records management, and the storage costs and information chaos resulting from Big Data, BRG offers the following services:
ASSESSMENT OF AN ORGANIZATION’S CURRENT IG STATE To assess the state of an organization and its readiness to defensibly delete information, BRG experts evaluate the maturity level of processes throughout its departments. The goal then becomes to help each area meet the maturity level required to assure that all information that needs to be saved will be. When all areas have reached their maturity level, large-scale deletion will be defensible. POLICY CREATIONS BRG experts can create policies based on a solid understanding of a business’s information needs, statutory and regulatory requirements, and effective legal holds. They can review and recommend changes and/or updates to current policies related to privacy and security, records management, data classification, data quality, email management, “bring your own devices,” Internet of Things, etc. RECORDS MANAGEMENT SCHEDULING Our professionals can identify records that should be included within a records schedule, document the categorization of current and suggested records, develop schedules and determine the best source for applying retention requirements, and implement chosen schedules. EDISCOVERY PREPAREDNESS: LEGAL- HOLD WORKFLOW DEVELOPMENT AND IMPLEMENTATION Our experts can ensure that legal holds are implemented in a legally defensible manner by confirming that a system is in place to ensure adequate holds of relevant data once litigation or regulatory action is reasonably anticipated. SECURITY AND PRIVACY MANAGEMENT BRG professionals can provide privacy assessment and advice regarding data privacy and data security issues. All active data containing PII needs to be housed in a manner that allows immediate access and action to comply with state data breach laws. Our experts can assess weaknesses in privacy security that could lead to future breaches, and aid in classification measures to ensure both security and quick access to sensitive information. Our team can also develop response plans in the event of a breach to limit potential liability.
DATA CLASSIFICATION TO SUPPORT PRIVACY PROTECTION, SECURITY, AND RECORDS SCHEDULING Current best practices require the classification of data according to its sensitivity (i.e., is it for internal use only, public, confidential, or secret?). Providing accurate data classifications leads to the ability to meet statutory legal notification requirements. BRG experts can advise your organization in determining the best methodology to effect sound data classification and aid in ensuring that appropriate employees are aware of their responsibility in creating and maintaining a secure data system. BRG professionals work with clients in developing a framework that captures necessary metadata and other criteria to meet the needs of eDiscovery, records management, defensible disposition, data privacy and security, and knowledge management, while ensuring compliance with all relevant statutes and regulations. ASSESSMENT OF THE VALUE OF LEGACY DATA Our professionals can leverage data analytics to identify document value and risk. Most organizations’ repositories are too large to be analyzed solely by using current staff. Analytical software packages exist to sift through large amounts of data to determine content based on predetermined criteria. It is important to determining what software would serve an organization best in analyzing its own data most effectively with the least amount of cost. BRG experts can aid in the choice of this tool as a vendor-neutral consultant. TRANSFORMATION MANAGEMENT: MANAGING AND IMPLEMENTING POLICY AND PROCEDURAL CHANGE Adoption of a solid information governance framework may require a fundamental change in culture and processes throughout the organization. Achieving the necessary level of process maturity requires interrelationships that may not have existed. BRG experts can advise in identification of the primary stakeholders required to participate in the transformation of processes and ensure they are aware of the steps they need to take for successful transformation. We can also train all levels of the organization. KNOWLEDGE MANAGEMENT: ORGANIZING ACCESS AND RETRIEVAL OF CRITICAL WORK PRODUCT AND/OR BUSINESS INFORMATION Our experts know that much hesitation to dispose of information is based on the fact that previous work is contained within a targeted repository. We work to identify and ensure easy access to work product perceived as having continuing value to the organization. (Often, this is achieved by accurately identifying business records within the records management system.) Creating a knowledge bank not only makes professionals more comfortable about deleting unnecessary information, but also preserves work that can be used in future representations or other dealings, enhancing the ability to create quality work at less cost, with less time and less effort. SOFTWARE ACQUISITION ADVISORY SERVICES With the growth of Big Data, many aspects of information governance can no longer be handled by adapting processes and training people. BRG stays abreast of technology that addresses current needs in all aspects of information governance. Working with an organization’s current technological environment, our experts advise in software acquisition and negotiating the optimal price.
ABOUT BRG Berkeley Research Group, LLC is a leading global strategic advisory and expert consulting firm that provides independent advice, expert testimony, litigation and regulatory support, authoritative studies, and document and data analytics to major law firms, Fortune 500 corporations, government agencies, and regulatory bodies around the world. BRG is headquartered in Emeryville, California, with offices across the United States and in Asia, Australia, Canada, Latin America, and the United Kingdom. Berkeley Research Group, LLC, including its subsidiaries, is not a CPA firm and does not provide audit, attest, or public accounting services. BRG is not a law firm and does not provide legal advice. BRG is an equal opportunity employer. 1.877.210.5246 THINKBRG.COM

Recommended

Governing the Chaos
Governing the ChaosGoverning the Chaos
Governing the ChaosJohn Hansen
 
Ekwensi ACC article
Ekwensi ACC articleEkwensi ACC article
Ekwensi ACC articleRonke Ekwensi
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incDruva
 
Data Protection: Process Information
Data Protection: Process InformationData Protection: Process Information
Data Protection: Process InformationCristina Villavicencio
 
Igs animation s;lide
Igs animation s;lideIgs animation s;lide
Igs animation s;lideRecommind
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsEryk Budi Pratama
 
10 Steps Toward Information Governance Nirvana
10 Steps Toward Information Governance Nirvana10 Steps Toward Information Governance Nirvana
10 Steps Toward Information Governance NirvanaChristian Buckley
 
Information Governance – What Does a Modern Program Look Like?
Information Governance – What Does a Modern Program Look Like?Information Governance – What Does a Modern Program Look Like?
Information Governance – What Does a Modern Program Look Like?Winston & Strawn LLP
 

Recommended

Governing the Chaos
Governing the ChaosGoverning the Chaos
Governing the ChaosJohn Hansen
 
Ekwensi ACC article
Ekwensi ACC articleEkwensi ACC article
Ekwensi ACC articleRonke Ekwensi
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incDruva
 
Data Protection: Process Information
Data Protection: Process InformationData Protection: Process Information
Data Protection: Process InformationCristina Villavicencio
 
Igs animation s;lide
Igs animation s;lideIgs animation s;lide
Igs animation s;lideRecommind
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsEryk Budi Pratama
 
10 Steps Toward Information Governance Nirvana
10 Steps Toward Information Governance Nirvana10 Steps Toward Information Governance Nirvana
10 Steps Toward Information Governance NirvanaChristian Buckley
 
Information Governance – What Does a Modern Program Look Like?
Information Governance – What Does a Modern Program Look Like?Information Governance – What Does a Modern Program Look Like?
Information Governance – What Does a Modern Program Look Like?Winston & Strawn LLP
 
A Primer on U.S. Privacy and Security Law for Business
A Primer on U.S. Privacy and Security Law for BusinessA Primer on U.S. Privacy and Security Law for Business
A Primer on U.S. Privacy and Security Law for BusinessParsons Behle & Latimer
 
Information governance
Information governanceInformation governance
Information governanceGerardo Medina
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpraudrey miguel
 
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...IDERA Software
 
Impact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A SecurityImpact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A SecurityEQS Group
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowThe Capital Network
 
Data protection process information
Data protection process informationData protection process information
Data protection process informationyourlegalconsultants
 
HIPAA Security Trends and Future Expectations
HIPAA Security Trends and Future ExpectationsHIPAA Security Trends and Future Expectations
HIPAA Security Trends and Future ExpectationsPYA, P.C.
 
Forrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the StandardForrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the StandardSecurityScorecard
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & SecurityEryk Budi Pratama
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceSarah Fox
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll BureauBrightPay Payroll and Auto Enrolment Software
 
12 steps to prepare for GDPR
12 steps to prepare for GDPR12 steps to prepare for GDPR
12 steps to prepare for GDPRGary Chambers
 
Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)Gerson Trigueiros
 
Data goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copyData goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copySandra (Sandy) Dunn
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR readyPremier EPOS
 
Principles of Holistic Information Governance
Principles of Holistic Information GovernancePrinciples of Holistic Information Governance
Principles of Holistic Information GovernancePHIGs Information Management Consulting Inc.
 
GDPR 12 Steps infographic
GDPR 12 Steps infographic GDPR 12 Steps infographic
GDPR 12 Steps infographic Ermine Amies
 
SME- Developing an information governance strategy 2016
SME- Developing an information governance strategy 2016 SME- Developing an information governance strategy 2016
SME- Developing an information governance strategy 2016 Hybrid Cloud
 
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...David Kearney
 

More Related Content

What's hot

A Primer on U.S. Privacy and Security Law for Business
A Primer on U.S. Privacy and Security Law for BusinessA Primer on U.S. Privacy and Security Law for Business
A Primer on U.S. Privacy and Security Law for BusinessParsons Behle & Latimer
 
Information governance
Information governanceInformation governance
Information governanceGerardo Medina
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpraudrey miguel
 
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...IDERA Software
 
Impact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A SecurityImpact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A SecurityEQS Group
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowThe Capital Network
 
Data protection process information
Data protection process informationData protection process information
Data protection process informationyourlegalconsultants
 
HIPAA Security Trends and Future Expectations
HIPAA Security Trends and Future ExpectationsHIPAA Security Trends and Future Expectations
HIPAA Security Trends and Future ExpectationsPYA, P.C.
 
Forrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the StandardForrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the StandardSecurityScorecard
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceSarah Fox
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
12 steps to prepare for GDPR
12 steps to prepare for GDPR12 steps to prepare for GDPR
12 steps to prepare for GDPRGary Chambers
 
Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)Gerson Trigueiros
 
Data goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copyData goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copySandra (Sandy) Dunn
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR readyPremier EPOS
 
GDPR 12 Steps infographic
GDPR 12 Steps infographic GDPR 12 Steps infographic
GDPR 12 Steps infographic Ermine Amies
 

What's hot (20)

A Primer on U.S. Privacy and Security Law for Business
A Primer on U.S. Privacy and Security Law for BusinessA Primer on U.S. Privacy and Security Law for Business
A Primer on U.S. Privacy and Security Law for Business
 
Information governance
Information governanceInformation governance
Information governance
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpr
 
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...
 
Impact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A SecurityImpact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A Security
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to Know
 
Data protection process information
Data protection process informationData protection process information
Data protection process information
 
HIPAA Security Trends and Future Expectations
HIPAA Security Trends and Future ExpectationsHIPAA Security Trends and Future Expectations
HIPAA Security Trends and Future Expectations
 
Forrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the StandardForrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the Standard
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR compliance
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
12 steps to prepare for GDPR
12 steps to prepare for GDPR12 steps to prepare for GDPR
12 steps to prepare for GDPR
 
Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)
 
Data goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copyData goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copy
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR ready
 
Principles of Holistic Information Governance
Principles of Holistic Information GovernancePrinciples of Holistic Information Governance
Principles of Holistic Information Governance
 
GDPR 12 Steps infographic
GDPR 12 Steps infographic GDPR 12 Steps infographic
GDPR 12 Steps infographic
 

Similar to BRG_TAP_IG_20150826_WEB

SME- Developing an information governance strategy 2016
SME- Developing an information governance strategy 2016 SME- Developing an information governance strategy 2016
SME- Developing an information governance strategy 2016 Hybrid Cloud
 
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...David Kearney
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
 
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfData Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfCIOWomenMagazine
 
Information governance presentation
Information governance presentationInformation governance presentation
Information governance presentationIgor Swann
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
ISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentBill Lisse
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uaeRishalHalid1
 
Looking Beyond GDPR Compliance Deadline
Looking Beyond GDPR Compliance DeadlineLooking Beyond GDPR Compliance Deadline
Looking Beyond GDPR Compliance Deadlineaccenture
 
Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgeManaging Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgePerficient, Inc.
 
Big data security
Big data securityBig data security
Big data securityAnne ndolo
 
Big data security
Big data securityBig data security
Big data securityAnne ndolo
 
Three big questions about AI in financial services
Three big questions about AI in financial servicesThree big questions about AI in financial services
Three big questions about AI in financial servicesWhite & Case
 
Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?Druva
 
Convergence Compliance E Discovery Rim.Doc
Convergence Compliance E Discovery Rim.DocConvergence Compliance E Discovery Rim.Doc
Convergence Compliance E Discovery Rim.DocDavid Haines
 
What is GDPR Data Flow Mapping
What is GDPR Data Flow MappingWhat is GDPR Data Flow Mapping
What is GDPR Data Flow MappingVISTA InfoSec
 
Closing the Governance Gap - Enabling Governed Self-Service Analytics
Closing the Governance Gap - Enabling Governed Self-Service AnalyticsClosing the Governance Gap - Enabling Governed Self-Service Analytics
Closing the Governance Gap - Enabling Governed Self-Service AnalyticsPrivacera
 
LS_WhitePaper_NextGenAnalyticsMay2016
LS_WhitePaper_NextGenAnalyticsMay2016LS_WhitePaper_NextGenAnalyticsMay2016
LS_WhitePaper_NextGenAnalyticsMay2016Anjan Roy, PMP
 

Similar to BRG_TAP_IG_20150826_WEB (20)

SME- Developing an information governance strategy 2016
SME- Developing an information governance strategy 2016 SME- Developing an information governance strategy 2016
SME- Developing an information governance strategy 2016
 
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
 
3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
 
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfData Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
 
Information governance presentation
Information governance presentationInformation governance presentation
Information governance presentation
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law
 
ISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentISSA Data Retention Policy Development
ISSA Data Retention Policy Development
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uae
 
Looking Beyond GDPR Compliance Deadline
Looking Beyond GDPR Compliance DeadlineLooking Beyond GDPR Compliance Deadline
Looking Beyond GDPR Compliance Deadline
 
Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgeManaging Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
 
Big data security
Big data securityBig data security
Big data security
 
Big data security
Big data securityBig data security
Big data security
 
Three big questions about AI in financial services
Three big questions about AI in financial servicesThree big questions about AI in financial services
Three big questions about AI in financial services
 
Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?
 
Convergence Compliance E Discovery Rim.Doc
Convergence Compliance E Discovery Rim.DocConvergence Compliance E Discovery Rim.Doc
Convergence Compliance E Discovery Rim.Doc
 
What is GDPR Data Flow Mapping
What is GDPR Data Flow MappingWhat is GDPR Data Flow Mapping
What is GDPR Data Flow Mapping
 
Closing the Governance Gap - Enabling Governed Self-Service Analytics
Closing the Governance Gap - Enabling Governed Self-Service AnalyticsClosing the Governance Gap - Enabling Governed Self-Service Analytics
Closing the Governance Gap - Enabling Governed Self-Service Analytics
 
LS_WhitePaper_NextGenAnalyticsMay2016
LS_WhitePaper_NextGenAnalyticsMay2016LS_WhitePaper_NextGenAnalyticsMay2016
LS_WhitePaper_NextGenAnalyticsMay2016
 

BRG_TAP_IG_20150826_WEB

  • 2. “The rise of big data, social networking, and mobile interactions, coupled with an accelerating increase in the amount of structured and unstructured information enabled by cloud-based technologies, is forcing organizations to focus on the enterprise information that is most relevant, value generating and risk related. Gartner predicts that by 2017, 33% of Fortune 100 organizations will experience an information crisis, due to their inability to effectively value, govern and trust their enterprise information.” (Gartner, May 2014)
  • 3. Organizations attempting to implement a viable information governance framework that will ensure long-term health must comply with applicable statutes and regulations. Information must be managed so legal holds can be implemented consistent with the good faith and reasonableness required by courts and regulatory agencies, while protecting the privacy of information maintained on individuals. For both ease and efficiency in obtaining a viable IG framework, information should be eliminated when it no longer serves a valid legal or business purpose. The largest organizations often respond to a query regarding their retention policies with, “We keep it all.” Decision makers may mean well, given the impact of the Sarbanes-Oxley Act and sanctions imposed by courts when evidence cannot be delivered, but such action is likely to have detrimental impacts on the organization. Maintaining large amounts of data and physical information not only is expensive but also creates difficulties in locating information critical to the ongoing business. It creates vast amounts of information that might be required to be produced in litigation, or in response to a governmental audit, and potentially houses private information relating to individuals that is susceptible to a breach. Organizations are reluctant to eliminate digital debris because they: • Don’t know where to start • Can’t bring information stakeholders to the table • Can’t demonstrate urgency • Can’t clearly demonstrate negative cost and risk impacts • Can’t build a compelling business case Experts at Berkeley Research Group address these issues on behalf of an organization and communicate relevant findings to appropriate decision makers. Building a compelling business case by demonstrating costs and risks is not difficult in light of the current information growth and changes in laws relating to it. BRG experts focus on both costs of inaction (COI) and returns on investment (ROI). The following graph illustrates risks and costs associated with the inability to dispose of information that no longer serves an organization’s interests. Source: Interview with Deidre Paknad, Corporate Counsel (March 28, 2013)
  • 4. BRG experts will advise an organization’s stakeholders in the development of an information governance framework and then identify appropriate stakeholders who need to be involved in its implementation. Our experts will work with the stakeholders in creating an information governance roadmap to meet the initial, critical goal of defensible disposition. Attempts to create a solid IG framework will bring those tasked with this formidable challenge face to face with three converging scenarios that must be addressed simultaneously: PRIVACY AND SECURITY In the United States, data breaches of private and personally identifiable information (PII), as well as hacking of business and trade secrets, have become commonplace. Organizations have scrambled to determine whose information has been compromised and to notify individuals of such breaches. C-level executives have lost jobs over their companies’ mishandling of breaches. In addition, damage to a company’s reputation due to the scrutiny of its inadequate information governance serves to motivate others to remedy inadequate IG frameworks. While U.S. organizations are bound by state laws specifying the time requirements for breach notification, companies doing business with European Union (EU) citizens will be bound by stricter notification timeframes and more defined requirements for the handling of PII. Broader definitions of PII imposed by the proposed SIMPLIFY: Approximately 70 percent of information maintained by an organization is information debris. 69% 1% 25% 5% CORPORATE INFORMATION According to a 2012 Compliance, Governance and Oversight Council (CGOC) survey, at any given time, 1 percent of corporate information is on litigation hold, 5 percent is in a records category, and 25 percent has current business value.
  • 5. EU Directive, expected to pass in late 2015, could have profound impacts if “dark” data contains information considered PII. Since PII is being defined by the EU as any data that can be combined with other data to identify an individual, more information will need to be captured in a controlled environment. Retention schedules will be required. EU protection levels underscore the need to mask all non-active PII to prevent the catastrophic results possible from a data breach. Moreover, insurance companies are beginning to perform audits on how PII is handled to determine premiums. The areas of particular concern are the ability to comply with breach notification laws; the sophistication of data classification schemes for isolating information that needs to be protected through encryption, masking, etc.; and the presence of an implemented records scheduling system to ensure the timely disposition of information that no longer serves a business purpose but increases exposure if breached. RECORDS MANAGEMENT With increased regulation, expansion of record types, global reach, and organizations’ general failure to adequately identify information of value, most organizations lack a scheme that will enhance the operation of daily business while protecting against liability on a variety of fronts. A sound records management system would: • Support event- and time-based retention rules according to global, federal, state, and local laws • Create a structured file plan to organize records and enforce complex policies/rules • Enable legal holds, effective audits, and electronic evidence discovery • Ensure record authenticity, integrity, and contextual relationships • Adequately preserve records and ensure reliability • Enable quick record access and retrieval • Prevent unauthorized deletion • Ensure timely disposition and complete record deletion, when appropriate • Ensure privacy and record security policy management • Support physical records DEFENSIBLE DISPOSITION Storage costs that once seemed like a bargain are becoming prohibitively expensive. In addition, large amounts of stored data increase the amount of information required to be produced in litigation or during regulatory audits (and costs associated with production), inhibit the ability to determine the merits of a cause of action, may lead to production of information detrimental to a business’s interests that could have been legitimately discarded, and increase the chances that relevant information cannot be located. Information of value to the organization’s operations becomes more difficult to access if housed in burgeoning data repositories. A reduction in storage costs can be achieved by developing an IG framework that ensures defensible disposal of up to 70 percent of currently stored data. Analysis of physical documents and their continued value to the business is likely to result in further cost reductions. The application of analytics to legacy data and stored active data can lead to more-efficient data storage, with successful storage reduction leading to a reduction in employee costs, in the total cost of ownership of storage and IT infrastructure, and in litigation and compliance risk. To address the critical areas of privacy and security, records management, and the storage costs and information chaos resulting from Big Data, BRG offers the following services:
  • 6. ASSESSMENT OF AN ORGANIZATION’S CURRENT IG STATE To assess the state of an organization and its readiness to defensibly delete information, BRG experts evaluate the maturity level of processes throughout its departments. The goal then becomes to help each area meet the maturity level required to assure that all information that needs to be saved will be. When all areas have reached their maturity level, large-scale deletion will be defensible. POLICY CREATIONS BRG experts can create policies based on a solid understanding of a business’s information needs, statutory and regulatory requirements, and effective legal holds. They can review and recommend changes and/or updates to current policies related to privacy and security, records management, data classification, data quality, email management, “bring your own devices,” Internet of Things, etc. RECORDS MANAGEMENT SCHEDULING Our professionals can identify records that should be included within a records schedule, document the categorization of current and suggested records, develop schedules and determine the best source for applying retention requirements, and implement chosen schedules. EDISCOVERY PREPAREDNESS: LEGAL- HOLD WORKFLOW DEVELOPMENT AND IMPLEMENTATION Our experts can ensure that legal holds are implemented in a legally defensible manner by confirming that a system is in place to ensure adequate holds of relevant data once litigation or regulatory action is reasonably anticipated. SECURITY AND PRIVACY MANAGEMENT BRG professionals can provide privacy assessment and advice regarding data privacy and data security issues. All active data containing PII needs to be housed in a manner that allows immediate access and action to comply with state data breach laws. Our experts can assess weaknesses in privacy security that could lead to future breaches, and aid in classification measures to ensure both security and quick access to sensitive information. Our team can also develop response plans in the event of a breach to limit potential liability.
  • 7. DATA CLASSIFICATION TO SUPPORT PRIVACY PROTECTION, SECURITY, AND RECORDS SCHEDULING Current best practices require the classification of data according to its sensitivity (i.e., is it for internal use only, public, confidential, or secret?). Providing accurate data classifications leads to the ability to meet statutory legal notification requirements. BRG experts can advise your organization in determining the best methodology to effect sound data classification and aid in ensuring that appropriate employees are aware of their responsibility in creating and maintaining a secure data system. BRG professionals work with clients in developing a framework that captures necessary metadata and other criteria to meet the needs of eDiscovery, records management, defensible disposition, data privacy and security, and knowledge management, while ensuring compliance with all relevant statutes and regulations. ASSESSMENT OF THE VALUE OF LEGACY DATA Our professionals can leverage data analytics to identify document value and risk. Most organizations’ repositories are too large to be analyzed solely by using current staff. Analytical software packages exist to sift through large amounts of data to determine content based on predetermined criteria. It is important to determining what software would serve an organization best in analyzing its own data most effectively with the least amount of cost. BRG experts can aid in the choice of this tool as a vendor-neutral consultant. TRANSFORMATION MANAGEMENT: MANAGING AND IMPLEMENTING POLICY AND PROCEDURAL CHANGE Adoption of a solid information governance framework may require a fundamental change in culture and processes throughout the organization. Achieving the necessary level of process maturity requires interrelationships that may not have existed. BRG experts can advise in identification of the primary stakeholders required to participate in the transformation of processes and ensure they are aware of the steps they need to take for successful transformation. We can also train all levels of the organization. KNOWLEDGE MANAGEMENT: ORGANIZING ACCESS AND RETRIEVAL OF CRITICAL WORK PRODUCT AND/OR BUSINESS INFORMATION Our experts know that much hesitation to dispose of information is based on the fact that previous work is contained within a targeted repository. We work to identify and ensure easy access to work product perceived as having continuing value to the organization. (Often, this is achieved by accurately identifying business records within the records management system.) Creating a knowledge bank not only makes professionals more comfortable about deleting unnecessary information, but also preserves work that can be used in future representations or other dealings, enhancing the ability to create quality work at less cost, with less time and less effort. SOFTWARE ACQUISITION ADVISORY SERVICES With the growth of Big Data, many aspects of information governance can no longer be handled by adapting processes and training people. BRG stays abreast of technology that addresses current needs in all aspects of information governance. Working with an organization’s current technological environment, our experts advise in software acquisition and negotiating the optimal price.
  • 8. ABOUT BRG Berkeley Research Group, LLC is a leading global strategic advisory and expert consulting firm that provides independent advice, expert testimony, litigation and regulatory support, authoritative studies, and document and data analytics to major law firms, Fortune 500 corporations, government agencies, and regulatory bodies around the world. BRG is headquartered in Emeryville, California, with offices across the United States and in Asia, Australia, Canada, Latin America, and the United Kingdom. Berkeley Research Group, LLC, including its subsidiaries, is not a CPA firm and does not provide audit, attest, or public accounting services. BRG is not a law firm and does not provide legal advice. BRG is an equal opportunity employer. 1.877.210.5246 THINKBRG.COM