Last Updated on January 15, 2024
If you want to see peoples’ eyes glaze over, just say these two words: information governance. That’s an esoteric, labyrinthine chore that only specialist nerds in the employ of the biggest businesses need to worry about… Right?
You wish. Information governance is now mission-critical for every company that is subject to data privacy legislation, as well as a vital, interlaced component of your cybersecurity program. Which means it directly and massively impacts your brand reputation and customer loyalty.
So now that we have your attention, what is information governance?
To provide the perfect overview of information governance and its criticality to your organization, we invited David Gould, Chief Customer Officer at EncompaaS, to join a recent episode of The Virtual CISO Podcast. Hosting the show as always is John Verry, Pivot Point Security CISO and Managing Partner.
What is information governance?
If you were to ask me [about information governance] five years ago, I would have said it was something that organizations ought to think about doing,” David notes. “Today it’s something that organizations must absolutely do.”
“And the reason why I say that is [partly] the security issues that we face in running large-scale enterprises, which obviously are on the front page of every newspaper almost on a daily basis,” adds David. “But, more importantly, it’s about issues around privacy that lead directly to brand reputations of organizations.”
The “big questions” of information governance
“Being able to identify and manage the data that you need to keep, and then being able to identify and dispose of the data that you don’t need to keep—those are the two questions that we see organizations struggling with globally, even with tools in place,”
shares David. “[This is driven by] privacy regulations here in the US. The California Consumer Privacy Act (CCPA) was a bell-ringer for many organizations. Virginia now has just passed its own [privacy] legislation. Canada has new legislation. Of course, if you do business in Europe there’s GDPR.”
“These privacy regulations have put a lot more focus in on data discovery, analytics around data, and then the disposition of data,” states David. “And to me that’s at the core of information governance.”
“Organizations have to be as good about disposing of data as they are about creating data,” David emphasizes.
If your company is subject to privacy laws, this show with David Gould will bring you up to speed on how information governance fits into your compliance, cybersecurity and brand reputation picture.
To hear this episode all the way through, subscribe to The Virtual CISO Podcast on Apple Podcasts, Spotify, or our website.