With all the data breach activity over the past several years, any organization or individual that hasn’t been affected in some way almost feels left out. According to the Department of Health and Human Services, 120 million people have been compromised in more than 1,100 separate breaches at organizations handling PHI (protected health information) since 2009. That number is almost a third of the U.S. population! Now is the time for organizations to take action! The data breach problem is very real and is going to get worse before it gets better.
Most organizations’ immediate reaction to such activity is to invest in some new type of data security technology or purchase a higher level of cyber insurance coverage. However, they should also be equally concerned with ensuring proper governance of their information. More often than not, the information compromised during such an activity shouldn’t have been stored there in the first place and having an information governance program in place can reduce such risks.
For instance, an information governance program will address the following items:
- Identify which stakeholders in the organization have access to sensitive information (PHI)
- Document the storage locations (repositories, servers, applications ,etc.) where sensitive information is stored
- Explain how long sensitive information is stored in both public and local environments
- Outline data storage requirements and guidelines for third-party vendor compliance
- Dispose of ROT (redundant, outdated, trivial) data to reduce discovery costs
No doubt, it’s crystal clear that information governance can reduce an organization’s risk in connection with a data breach. Of course, there are many other items that would fall under the information governance umbrella, but these surely provide a starting point. As with any endeavor, getting started is usually the hardest part.
Do you need help getting started with your information governance journey? If you would like to discuss information governance, please contact any of the team members here at R+C.