A recent Advice from Counsel study sponsored by FTI Technology, entitled “The State of Information Governance in Corporations” found data security to be the top driver for information governance initiatives. The purpose of the study was to better understand the health and success of information governance programs within corporations. The respondents included approximately 25 in-house lawyers, interviewed from Fortune 1000 corporations and have responsibilities that focus on e-discovery and information governance.
The respondents broke data security down into four key areas:
-
Securing sensitive personally identifiable information for clients, patients and employees. Across all industries, respondents acknowledged a sense of responsibility for protecting the sensitive information of their customers and employees.
-
Securing sensitive company intellectual property.
-
Creating a tiered security network to protect against data breaches
-
Developing protocols and systems to ensure secure access to the network for partners and other approved third party providers.
Categorizing data security into these four buckets can help companies prioritize internal projects and continue to make forward progress. The key is to breakdown large projects into smaller and more manageable ones that are easier to accomplish.
Some projects companies could consider this year include:
-
Identify where sensitive company intellectual property is stored
-
Conduct an inventory of data repositories and document access permissions levels
-
Protect customer’s sensitive data including credit card information, social security numbers, etc.
-
Insure third party providers sign a non-disclosure agreement (NDA) if it’s known they will have access to sensitive company data, in particular customer data.
It’s true that some of these projects may require the purchase of new technology, engagement of other counsel and comprehensive training. However, it’s certainly well worth the effort.
[View source.]