Insights hero banner (short)


Bringing our best ideas and thinking to you.

  • Blog Post
  • Information Management
  • Information Management
  • Information Governance

Blog Post

July 5, 2017

Share this page:

Information Governance is a risk management function

By John Desborough

Good information governance practices add value in so many key areas of risk reduction that it’s no longer possible for smart organizations to ignore. Success in the growing global economy, where data crosses borders, litigation and investigations cross jurisdictions, and corporate information is under frequent threat of data breaches and targeted hacks, is going to mandate increased levels of Information Governance to ensure that organizations make the best business decisions possible.

The increase variety of sources of information, including social, and the increased velocity and volume of data flowing at organizations has required firms to focus first on enabling the functionality of the information systems to handle the influx of data. Opening their systems to a larger number of entry points exposes those systems to greater risks - security becomes the weak link.

Data breaches are on the rise - especially with the leak of the NSA hacking tools. This exposes more organizations to being hacked and we are seeing this happen recently with the WannaCry and Petya virus attacks. Organizations need not only to improve their perimeter security, they have to make sure that their data is secure inside - including redundancy, archives and backup.

Data Privacy has been an overlooked component of Information Governance in the past. However, in light of the breaches and new legislation being enacted by countries around the globe, organizations are going to have to be much more diligent about incorporating privacy into the their information security and governance processes. More and more we are seeing the violation of personal privacy reported in the news as part of breaches - the "reputational risk" to the organization is not the only concern. Data privacy goes beyond the organization's interests to affect those of its customers, employees and others.

The most comprehensive privacy regulation, the European Union's General Data Protection Regulation (GDPR), takes effect on May 25 2018. With potential impacts to organizations anywhere in the world who collect and store information on EU citizens, the GDPR is forcing organizations to look at data privacy in a new light. Organizations without a solid information governance framework will struggle with being able to comply with the GDPR in time, increasing their risk.

Robust Information Governance frameworks, including Data Privacy, are going to be needed in order to compete in the global marketplace and to ensure that our clients and customers data is appropriately protected.

How does your organization stack up?



John Desborough is a Director, Consulting and Technology Solutions at MNP. He is an accomplished business solutions program manager and business transformation architect with 30+ years in the information and technology consulting domain. John has extensive background in information management and governance with both public and private sector clients on a global scale. Drop John a line to discuss this topic in more detail: [email protected]