In case you missed the recent webinar hosted by the Information Governance Initiative, “Introducing the Chief Information Governance Officer – A New Information Leader for a New Era,” here is a recap of the three main gaps addressed by the role of the Chief Information Governance Officer (CIGO):
Who owns the information problem? The Chief Information Officer (CIO) focuses on infrastructure. The Chief Financial Officer (CFO) looks at IT and information from an accounting perspective. The Chief Information Security Officer (CISO) is more about cybersecurity and firewalls while the Chief Digital Officer (CDO) tends to stay on the marketing side. The CIGO would fill this leadership gap by being accountable for structured and unstructured information, responsible for the execution of information fundamentals - identification, classification, protection, disposition, life cycle management - on a discrete budget, and to spot information opportunities and risks that nobody else can identify and assess. The CIGO must have the authority and mandate to lead information related activities, address holes in policy, bring order to unassessed “dark” data, foster communication between stakeholders, and address any missing or underdeveloped facets of the IG program.
Coordination of Information-Related Functions
Information is a business asset that is important across all functions of an enterprise since not only can the information lifecycle cross functions, but each function manages their own information with their own lifecycles. Coordination among departments allows an organization to make effective use of all of its information, regardless of ownership, particularly in this era of Big Data.
The CIGO brings together the functional areas of Information Governance (IG) such as IT, Legal, Records & Information Management, Privacy, Information Security, and Compliance. These functions often intersect, for example, a born digital record (IT) could be under legal hold (Legal), contain Personally Identifiable Information (Privacy), and require access for only named users (Information Security).
The CIGO is the person who ensures the facets of IG across an enterprise are working together to achieve the common goal of gaining value from information while also balancing risk. If these IG facets are not working together it can lead to a data bloat, compliance risks, and a silo mentality where a lack of sharing and cooperation will lead to operational inefficiencies and waste time, money, and resources.
Balancing & Prioritizing Risk and Value
Information is a business asset that has both value and risk. First you need to know what information your enterprise manages. Once you know what you have you can then focus on protecting the organization’s most important information since it’s impossible to secure all information equally.
- What do you absolutely need right now?
- What might be important down the line?
- What is garbage that will only stink worse the longer you retain it?
The CIGO can enable the business decisions to balance and prioritize the costs, risks, benefits, and value of information assets. Keep in mind that the CIGO role is not a one size fits all solution. The CIGO will have some different responsibilities depending on factors such as the amount of litigation and regulations in an industry, size of a company, and geographic location.
Information Governance will also be at various levels at different organizations. This is demonstrated by the Maturity Framework for the CIGO role which has three levels:
Therefore a CIGO at one company may be building a foundation for IG from the ground up while a CIGO elsewhere is maintaining and fine tuning processes and technologies that are already in place. The CIGO title itself may not always be the same and could include: Risk, Privacy, Records, eDiscovery, General Counsel and more. The CIGO role is also flexible enough that it could be taken by others in the C-suite - CIO, CFO, CISO, CDO - without actually creating a new board level position. What matters is that these three gaps are filled by a senior executive with the proper experience who is willing to take on the responsibilities of information leadership, coordination of information amongst key stakeholders, and decision-making based on an understanding of both the risk and value of information.
If you are not already a member of the Information Governance Initiative (IGI), join today! Your free membership will give you access to up to date IG resources, informative reports, such as the CIGO Task Force Report, and current events from the IGI and its partners and supporters, http://iginitiative.com