Blending Privacy and Strong Information Governance
We all share common fears about others gaining access to our private information, stealing our identity, or just knowing things about us we don’t want them to. And, those fears are justifiable. Today this is big business for criminals and organizations are held to strict practices to protect the handling of private information.
We expect that when our information is shared with others that they in turn will follow reasonable and appropriate measures to ensure our information remain private. Federal laws and mandates have been created to govern and regulate the use and misuse of private information. These laws establish specific guidelines for how organizations are required to manage and dispose of information about the organization itself, its employees, health records, payment card data, financial information, and so forth. While these laws and regulations are helpful and define expectations, the task of enforcing these rules for compliance within an organization is still a tremendous challenge.
Records managers play an integral role in upholding the integrity of an organization’s privacy program. By enforcing policies, processes, controls, systems, records retention and by facilitating training, the records manager adds value to the privacy program and the overall information governance model. Let’s look at some of these key areas and how it will benefit your information inventory and privacy.
The foundational building block of records information management (RIM) is the identification of the company’s information assets, managed through the information inventory. This activity provides critical inputs for the records retention schedule. Having a comprehensive information inventory is the key to knowing where your information assets live and it provides you with a listing of all your organizations records.
To accomplish this you need a systematic way for records managers to easily identify the organization’s personally identifiable information (PII). The ability to map out and view information about your information, its metadata, is a large part of the value-add in information mapping and rules for compliance. I’ll have a lot more to say about this in the future.