Compliance obligations driving information governance projects – The Mandarin
A new survey published by InfoGovANZ has revealed that the majority of enterprise-wide information governance (IG) projects are being driven by external regulatory, compliance or legal obligations.
In the survey of 338 organisations, 74% of respondents identified that external regulatory, compliance or legal obligations were driving IG projects. Other key drivers included good business management (68%) and internal technology restructuring or transition (50%).
InfoGovANZ executive director Susan Bennett said the trend was consistent with 2019 results, where government respondents were less likely (17.5%) than corporate respondents (43%) to indicate the new privacy regulatory environment was driving their IG projects.
“This is likely to be due to a greater number of corporate respondents handling personal information of EU data subjects and dealing with cross-border transfers of personal data as a result of the GDPR, CCPA and New Zealand’s Privacy Act 2020,” Ms Bennet said.
“Fewer participants indicated that privacy regulatory changes, such as the GDPR, CCPA, New Zealand’s Privacy Act 2020 and Australia’s NDB Scheme had been a driver of their current IG projects,” she added.
Of those organisations surveyed, two thirds used a formal IG framework with its own policies and procedures. Another three-quarters of the respondents said their organisations had IG projects planned or underway for the next 12 months.
“IG appears to have matured since our initial 2017 survey, with almost two-thirds assessing their IG programs as intermediate or advanced in maturity and more respondents considering their organisation having a proactive IG stance than a reactive one,” Ms Bennet said.
Despite this trend, the majority of corporate respondents felt their organisation had taken a reactive IG approach, which could be attributed to the changes in the business landscape from COVID-19.
Only one in five respondents answered that COVID-19 had been a driving factor for their IG projects. Forensics technology expert Peter Chapman, who is also a KPMG director and InfoGovANZ advisory board member, noted that the shift to more employees working from home since the pandemic meant cyber-criminals had further opportunity to strike.
“This finding aligns with the increased reporting of ransomware attacks and data exfiltration activity observed on the dark web over the last two years,” Mr Chapman said.
Get the Juice –
the Mandarin’s free daily newsletter delivered to your inbox.
You’ll also receive special offers from our partners. You can opt-out at any time.
“Attackers are certainly more active and the expansion of organisational IT boundaries to accommodate large scale remote working has provided additional vectors of attack for cyber-criminals.”
This is the third year that InfoGovANZ has conducted its survey to gauge the status, priorities and challenges of IG organisations in 12 months ahead.
Mr Chapman added that in comparison to findings of previous years, there has been a noticeable increase in data breaches, lawsuits and investigations acting as a driver for IG projects – particularly in the corporate sector.
While all federal government agencies are required to have a chief information governance officer, the survey also reported a consistent increase in organisations whose accountable IG person was a C-suite executive. About 42% of respondents indicated their organisation used a multidisciplinary IG steering committee.
“It’s pleasing to see that more than half of respondents feel that their organisation has addressed leadership in IG and data, but there is still room for improvement here,” Ms Bennet said.
“Highlighting why an enterprise-wide approach is needed, 27% of respondents indicated they didn’t know how many projects their organisation had undertaken in the past year and a third of IG professionals believe their organisations haven’t given sufficient training and knowledge to contribute effectively to IG activities.”