The Sedona Conference® recently released a public comment version of its Commentary on Information Governance, a project of The Sedona Conference Working Group One on Electronic Document Retention & Production (WG1).
A new definition of Information Governance
The Commentary adds another definition of ‘information governance’ to our lexicon. According to The Sedona Conference®, information governance is “an organization’s coordinated, interdisciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information value.”
Breaking down the silos
The Commentary emphasizes the need to break down silos and achieve coordination among an organization’s information-focused disciplines such as RIM, data privacy, information security, and e-discovery to ensure “a top-down, overarching framework, informed by the information requirements of all information stakeholders . . . [to] enable an organization to make decisions about information for the good of the overall organization and consistent with senior management’s strategic directions.”
The 11 principles at a glance
To assist organizations in developing and implementing that framework, the Commentary provides “a comprehensive set of basic principles to guide the development and operation of a robust Information Governance program in any organization.” The eleven principles are:
- Organizations should consider implementing an Information Governance program to make coordinated decisions about information for the benefit of the overall organization that address information-related requirements and manage risks while optimizing value.
- An Information Governance program should maintain sufficient independence from any particular department or division to ensure that decisions are made for the benefit of the overall organization.
- All information stakeholders should participate in an organization’s Information Governance program.
- The strategic objectives of an organization’s Information Governance program should be based upon a comprehensive assessment of information-related practices, requirements, risks, and opportunities.
- An Information Governance program should be established with the structure, direction, resources, and accountability to provide reasonable assurance that the program’s objectives will be achieved.
- The effective, timely, and consistent disposal of physical and electronic information that no longer needs to be retained should be a core component of any Information Governance program.
- When information governance decisions require an organization to reconcile conflicting laws or obligations, the organization should act in good faith and give due respect to considerations such as privacy, data protection, security, records and information management, risk management, and sound business practices.
- If an organization has acted in good faith in its attempt to reconcile conflicting laws and obligations, a court or other authority reviewing the organization’s actions should do so under a standard of reasonableness according to the circumstances at the time such actions were taken.
- An organization should consider reasonable measures to maintain the integrity and availability of long-term information assets throughout their intended useful life.
- An organization should consider leveraging the power of new technologies in its Information Governance program.
- An organization should periodically review and update its Information Governance program to ensure that it continues to meet the organization’s needs as they evolve.
Each principle is discussed in detail in the body of the document.
Appendices address the synergies – and conflicts – in the intersections of IG stakeholders (i.e. RIM, privacy, security, and e-discovery), a maturity continuum as it relates to an information function’s level of independence maturity, the risks associated with digital assets, and the quantitative/ROI business case for IG in terms of optimizing corporate value, risk reduction, hard cost avoidance, and soft cost avoidance.
Opportunity to comment
Because the document is a public comment version, comments and suggestions for improvement are welcome. You can join the dialogue online (paid and free accounts are available) or submit comments by email to firstname.lastname@example.org