IT Leaders: Game-Changers for Governance, SecurityBy Guest Author | Posted 2014-02-05 Email Print
In 2014, IT leaders must establish themselves as leaders in their organizations and work diligently to align all employees to achieve effective data governance.
Specifically, the roles and responsibilities of the DGC include:
· Establishing direct reporting to the appropriate, most-senior governance level of the company, since there should be accountability for data governance and oversight at the organization’s highest levels.
· Evaluating and responding to internal proposals about the use of data and information in connection with data mining, behavioral targeting and data analysis.
· Monitoring implementation and compliance, and when appropriate, proposing revisions to all data governance policies adopted by the company.
· Providing oversight to senior management, the CTO and the employees in their efforts to reinforce good business practices and maintain legal requirements applicable to the company.
· Staying informed on a regular and timely basis about compliance activities, training activities, communications programs, compliance audit reports, and summaries of any other reports of alleged violations of the company's data governance policies.
· Conducting annual evaluations of the company's data governance practices.
· Consulting with necessary advisors to ensure that the company conducts its business activities in compliance with the law.
Training and Education
Training and education are key components of any program. IT leaders should be out front and visible, and they should set the tone for training in data governance areas. Training and education programs should effectively communicate to corporate employees the risks that can arise from poor information security and poor data management practices.
Any training program also should include specific recommendations about the manner in which data is to be managed, retained or destroyed. In addition, it should explain the specific policies that apply to employees, and why these policies must be enforced by managers and other corporate leaders.
Establishing a Relationship with General Counsel
A strong relationship with the organization’s general counsel can be extremely effective in helping IT leaders articulate risks to the business.
IT leaders should further develop this relationship and partner with the legal department to develop sound policies, communicate the importance of creating good data management practices among employees, and explain the serious consequences of underfunding this important—and often legal—obligation of the company.
The stakes for data governance continue to be high for 2014. Very large advances can be made in this area, given the high degree of scrutiny companies face regarding privacy and information security.
IT leaders should not waste any opportunities to step up as leaders in their organizations by establishing accountability; training and educating all employees; and making adjustments where needed—whether that means initiating changes to an existing program or establishing a new one.
Failure to address these issues now will have long-term consequences for an organization—none of which would be pleasant.
David Katz is a partner with Nelson Mullins Riley & Scarborough LLP in Atlanta. His practice focuses on regulatory compliance, consumer privacy and data security compliance, information governance, ethics, corporate governance and enterprise risk management. He can be reached at firstname.lastname@example.org.