Jason R. Baron, Of Counsel at Drinker, Biddle & Reath LLP and Co-chair of the Information Governance Initiative, has published an article in Ethical Boardroom titled, “Information Governance Oversight: Questions for Board Members To Ask.” The article provides insight into the emergence of a variety of calls for boards of directors to be asking questions of their CEOs, CISOs and CIOs about how companies are preparing for breaches and how they will deal with their aftermath through agreed protocols.
While factoring in cyber risk as an increasingly real part of the corporate world, arguably there is an even more fundamental material weakness across the enterprise that boards of directors should be addressing: the company’s lack of a clear information governance strategy or framework for decision-making.
Information governance has been defined as “the activities and technologies that organizations employ to maximize the value of their information while minimizing risks and costs”. Of course, a part of the overall risk posed by data is the possibility of cyber breach. But there is much more to information governance than simply addressing one’s security concerns. At bottom, there are the questions of why and how data has been left to accumulate in the first place and what policies are in place to manage and control its continued growth.
There are a host of overlapping issues surrounding not only security and preservation of data but also touching on data sensitivities and privacy, access to data in litigation and investigations, regulatory compliance and, increasingly, performing analytics for the purpose of monetizing corporate data assets. Board focus on cyber breach issues alone is a start, but, high-level attention should be paid to a much broader range of technical and policy issues touching on all aspects of the overall corporate data environment.
Read Jason’s full comments in “Information Governance Oversight: Questions for Board Members To Ask.”