With all the data breach activity over the past several years, any organization or individual that hasn’t been affected in some way almost feels left out. According to the Department of Health and Human Services, 120 million people have been compromised in more than 1,100 separate breaches at organizations handling PHI (protected health information) since 2009. That number is almost a third of the U.S. population! Now is the time for organizations to take action! The data breach problem is very real and is going to get worse before it gets better.

Most organizations’ immediate reaction to such activity is to invest in some new type of data security technology or purchase a higher level of cyber insurance coverage. However, they should also be equally concerned with ensuring proper governance of their information. More often than not, the information compromised during such an activity shouldn’t have been stored there in the first place and having an information governance program in place can reduce such risks.

For instance, an information governance program will address the following items:

  1. Identify which stakeholders in the organization have access to sensitive information (PHI)
  2. Document the storage locations (repositories, servers, applications ,etc.) where sensitive information is stored
  3. Explain how long sensitive information is stored in both public and local environments
  4. Outline data storage requirements and guidelines for third-party vendor compliance
  5. Dispose of ROT (redundant, outdated, trivial) data to reduce discovery costs

No doubt, it’s crystal clear that information governance can reduce an organization’s risk in connection with a data breach. Of course, there are many other items that would fall under the information governance umbrella, but these surely provide a starting point. As with any endeavor, getting started is usually the hardest part.

Do you need help getting started with your information governance journey? If you would like to discuss information governance, please contact any of the team members here at R+C.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jim Merrifield Jim Merrifield

Jim Merrifield is Robinson+Cole’s Director of Information Governance & Business Intake, a member of the Data Privacy + Cybersecurity Team, and a non-attorney contributor to the Data Privacy + Security Insider blog. He has spent nearly 20 years helping organizations of all sizes…

Jim Merrifield is Robinson+Cole’s Director of Information Governance & Business Intake, a member of the Data Privacy + Cybersecurity Team, and a non-attorney contributor to the Data Privacy + Security Insider blog. He has spent nearly 20 years helping organizations of all sizes, including law firms and Fortune 500 companies, develop and implement practical information governance strategies, policies, and best practices. Jim is a well-respected expert in the information governance industry. With an extensive background in policy development and enforcement, enterprise program deployment, and technology solutions, he has earned a strong reputation as a knowledgeable practitioner and reliable consultant. His deep understanding of the space is reflected by his many publications, lectures, and consulting services for top-tier companies and law firms. Jim holds a bachelor degree in Legal Studies from Quinnipiac University and is a certified information governance professional (IGP).

Jim’s innovative thinking and commitment for the industry has enabled him to create the popular podcast, InfoGov Hot Seat, a platform for candid conversations featuring practitioners, consultants and solution providers – offering valuable perspectives to listeners about legal technology and managing information as an asset.