CHAPTER 1
The Information Governance Imperative

Effective information governance (IG) programs improve operational efficiency and compliance capabilities while leveraging information as an asset to maximize their value. Active IG programs are the hallmark of well-managed organizations, and increasingly IG has become an imperative, especially for global enterprises.

A “perfect storm” of compliance pressures, cybersecurity concerns, Big Data volumes, and the increasing recognition that information itself has value have contributed to a substantial increase in the number of organizations implementing IG programs.

Most significantly, the European Union (EU) General Data Protection Regulation (GDPR), which went into effect May 25, 2018, left companies across the globe scrambling to gain control over the consumer data they had housed. The GDPR legislation applies to all citizens in the EU and the European Economic Area (EEA), regardless of where they reside, and also visitors and temporary residents of the EU. So any global enterprise doing business with EU/EEA citizens—or even visitors—must comply with the legislation or face a major fine. The primary goal of GDPR is to give citizens control over their personal data.

Brought about in part because of GDPR compliance concerns, membership in the International Association of Privacy Professionals (IAPP) grew from around 25,000 members in 2017 to over 40,000 members in 2018, and it continues to grow.

A first step in the GDPR compliance process is to conduct an inventory of an enterprise's information assets to create a data map showing where all incidences of data are housed. This is commonly the first major implementation step in IG programs, so the IG discipline and support for IG programs made substantial strides in 2018 with the lead-up to GDPR going into effect. Then California passed its California Consumer Privacy Act (CCPA), which borrowed many concepts from GDPR and required that any company (of a certain size) handling the personally identifiable information (PII) of California residents (in specified volumes) comply by January 1, 2020. Suddenly US-based companies could no longer ignore privacy regulations, and the momentum for IG programs that could manage privacy compliance requirements accelerated.

During this same time frame, data breaches and ransomware attacks became more prevalent and damaging, and organizations adopted IG programs to reduce the likelihood of cyberattacks, and their impact. IG programs implement effective risk reduction countermeasures.

Added to that has been the continued massive increase on overall data volumes that organizations must manage, which results in managing a lot of unknown “dark data,” which lacks metadata and has not been classified. Organizations also retain large volumes of redundant, outdated, and trivial (ROT) information that needs to be identified and disposed of. Cleaning up the ROT that organizations manage reduces their overall storage footprint and costs, and makes information easier to fine, leading to improved productivity for knowledge workers.

IG programs are also about optimizing and finding new value in information. The concept of managing and monetizing information is core to the emerging field of infonomics, which is the discipline that assigns “economic significance” to information and provides a framework to manage, measure, and monetize information.1 Gartner's former analyst Doug Laney published a groundbreaking book in 2018, Infonomics, which delineates infonomics principles in great detail, providing many examples of ways organizations have harvested new value by finding ways to monetize information or leverage its value.

Early Development of IG

IG has its roots in the United Kingdom's healthcare system. Across the pond, the government-funded National Health Service (NHS) has focused on IG to ensure data quality and protect patient data since 2002. Although IG was mentioned in journals and scholarly articles decades ago, the UK is arguably the home of healthcare IG, and perhaps the IG discipline.2 Could this be the reason the UK leads the world in healthcare quality? Certainly, it must be a major contributing factor.

The United States has the most expensive healthcare in the world, the most sophisticated equipment, the most advanced medicines, the best-trained doctors—yet in a recent study of healthcare quality, the United States came in dead last out of 11 civilized nations.3 The UK, Switzerland, and Sweden topped the list.

The U.S. healthcare problem is not due to poor training, inferior equipment, inferior medicines, or lack of financial resources. No, the problem is likely primarily a failure to get the right information to the right people at the right time; that is, caregivers must have accurate, current clinical information to do their jobs properly. These are IG issues.

Since 2002 each UK healthcare organization has been tasked with completing the IG Toolkit, managed by NHS Digital for the UK Department of Health. Although the IG Toolkit has evolved over the years, its core has remained constant. However, in April 2018 it was replaced with a new tool, the Data Security and Protection Toolkit, based around 10 National Data Security Standards that have been formulated by the UK's National Data Guardian.4

Big Data Impact

According to the research group Gartner, Inc., Big Data is defined as “… high-volume, high-velocity and high-variety information assets that demand cost-effective, innovative forms of information processing for enhanced insight and decision making.”5 A practical definition should also include the idea that the amount of information—both structured data (in databases) and unstructured information (e.g. e-mail, scanned documents, PDFs, MS Office documents) is so massive that it cannot be processed using traditional database tools (e.g. DB2, SQL) and analytic software techniques.6

In today's information overload era of Big Data—characterized by massive growth in business data volumes and velocity—the ability to distill key insights from enormous amounts of data is a major business differentiator and source of sustainable competitive advantage. In fact, a report by the World Economic Forum stated that data is a new asset class and personal data is “the new oil.”7 And we are generating more than we can manage effectively with current methods and tools.

The Big Data numbers are overwhelming: Estimates and projections vary, but it has been stated that 90% of the data existing worldwide today was created in the past two years,8 and that every two days more information is generated than was from the dawn of civilization until 2003.9 This trend will continue.

Certainly, there are new and emerging opportunities arising from the accumulation and analysis of all that data we are busy generating and collecting. New enterprises are springing up to capitalize on data mining and business analytics opportunities. Back in 2012, the US federal government joined in, announcing $200 million in Big Data research programs.10

However, established organizations, especially larger ones, are being crushed by this onslaught of Big Data: it is just too expensive to keep all the information that is being generated, and unneeded and ROT information becomes a sort of irrelevant sludge of data debris for decision makers to wade through. They have difficulty knowing which information is accurate and meaningful “signal,” and which is simply irrelevant “noise.” This means they do not have the precise information on which they can base good business decisions.

And it has real costs: the burden of massive stores of information has increased storage costs dramatically, caused overloaded systems to fail, and increased legal discovery costs.11 Furthermore, the longer that data is kept the more likely that it will need to be migrated to newer computing platforms, driving up conversion costs; and legally, there is the risk that somewhere in that mountain of data an organization keeps is a piece of information that represents a significant legal liability.12

This is where the worlds of Big Data and business collide. For Big Data proponents, more data is always better, and there is no perceived downside to the accumulation of massive amounts of data. In the business world, though, the realities of legal e-discovery mean the opposite is true.13 To reduce risk, liability, and costs, it is critical for unneeded or useless information to be disposed of in a systematic, methodical, and “legally defensible” (justifiable in legal proceedings) way, when it no longer has legal, regulatory, or business value.

Organizations are struggling to reduce and right-size their information footprint by discarding superfluous and redundant data, e-documents, and information. But the critical issue is devising policies, methods, and processes, and then deploying information technology (IT) to sort through the information and determine what is valuable and what no longer has value and can be discarded.

IT, compliance, and legal representatives in organizations have a clear sense that most of the information stored is unneeded, raises costs, and poses risks. According to a survey by the Compliance, Governance and Oversight Council (CGOC), respondents estimated that approximately one-quarter of information stored in organizations has real business value, while 5% must be kept as business records, and about 1% is retained due to a litigation hold.14 This means that [about] 69% of information in most companies has no business, legal or regulatory value. “Companies that are able to dispose of this debris return more profit to shareholders, can use more of their IT budgets for strategic investments, and can avoid excess expense in legal and regulatory response” [italics added].

With a smaller information footprint, organizations can more easily find what they need and derive business value from it.15 They must eliminate the data debris regularly and consistently, and to do this, processes and systems must be in place to cull out valuable information and discard the data debris. An IG program sets the framework to accomplish this.

The business environment has also underscored the need for IG. According to Ted Friedman at Gartner, “The recent global financial crisis has put information governance in the spotlight…. [it] is a priority of IT and business leaders as a result of various pressures, including regulatory compliance mandates and the urgent need for improved decision-making.”16

And IG mastery is critical for executives: many CIOs in regulated industries have been fired from their jobs for failed IG initiatives.17

Defining Information Governance

Information governance is a sort of “super discipline” that has emerged as a result of new and tightened legislation governing businesses, privacy concerns, legal demands, external pressures such as hacking and data breaches, and the recognition that multiple overlapping disciplines were needed to address today's information management challenges in an increasingly regulated and litigated business environment.18

IG is a subset of corporate governance, and includes key concepts from information security, data privacy and protection, records and information management (RIM), content management, IT and data governance, risk management, litigation readiness, regulatory compliance, long-term digital preservation (LTDP), and even analytics and information economics, (infonomics). This also means that it includes related technology and discipline subcategories such as document management, enterprise search, knowledge management, and disaster recovery (DR)/business continuity (BC).

Practicing good IG is the essential foundation for building legally defensible disposition practices to discard unneeded information, and to secure confidential, sensitive, and secret information, which may include trade secrets, strategic plans, price lists, blueprints, or personal information subject to privacy laws. Good IG provides the basis for consistent, reliable methods for managing, securing, controlling, and optimizing information.

Having trusted and reliable records, reports, data, and databases allows managers to make key decisions with confidence.19 And accessing that information and data analytics insights in a timely fashion can yield a long-term sustainable competitive advantage, creating more agile enterprises.

To do this, organizations must standardize and systematize their handling of information, and audit their processes to ensure so. They must analyze and optimize how information is accessed, controlled, managed, shared, stored, preserved, and audited. They must have complete, current, and relevant policies, processes, and technologies to manage and control information, including who is able to access what information, and when, to meet external legal and regulatory demands and internal governance policy requirements. The idea is to provide the right information to the right people at the right time—securely. Security, control, and optimization of information; this, in short, is IG.

Information governance is a subset of corporate governance, which has been around as long as corporations have existed. IG is a rather new multidisciplinary field that is still being defined, but has gained significant traction in the past several years. The focus on IG comes not only from privacy, cybersecurity, compliance, legal, and records management functionaries, but also from executives who understand they are accountable for the governance of information, and that theft or erosion of information assets has real costs and consequences. It can cause corporate brand equity to collapse, and stock price to tumble.

IG is an all-encompassing term for how an organization manages the totality of its information.

Information governance programs are about minimizing information risks and costs, while maximizing its value. IG is control of information to meet business, legal, regulatory, and risk demands.

Stated differently, information governance is “a quality-control discipline for managing, using, improving, and protecting information.”20

Unpacking the definition further: “Information governance is policy-based management of information designed to lower costs, reduce risk, and ensure compliance with legal, regulatory standards, and/or corporate governance.”21 IG necessarily incorporates not just policies and processes, but information technologies to audit and enforce them. The IG team must be cognizant of information lifecycle issues, and be able to apply the proper retention and disposition policies, including digital preservation, where e-records of documents need to be maintained for long periods.

IG Is Not a Project, But an Ongoing Program

IG is an ongoing program, not a one-off project. IG provides a policy umbrella to manage and control information. Since technologies change so quickly, it is necessary to have overarching policies that can manage the various information technology (IT) platforms that an organization may use.

Compare it to a workplace safety program; every time a new location, team member, piece of equipment, or toxic substance is acquired by the organization, the workplace safety program should dictate how that is handled, and, if it doesn't, the workplace safety policies/procedures/training that are part of the workplace safety program need to be updated. Regular reviews are conducted to ensure the program is being followed and make adjustments based on your findings. The effort never ends.22 The same is true for IG programs. They should continually be evaluated against established metrics, and should continue to expand and extend deeper into the enterprise.

IG is not only a tactical program to meet regulatory, compliance, and litigation demands. It can be strategic, in that it is the necessary underpinning for a management strategy that maximizes knowledge worker productivity, while minimizing risk and costs. Further, it treats information as an asset and seeks to maximize its value—perhaps even finding and harvesting newfound value.

Why IG Is Good Business

IG is a tough sell. It can be difficult to make the business case for it, unless there has been some major compliance sanction, fine, legal loss, or colossal data breach. Doug Laney calls this “blunderfunding” in that organizations wait until a major blunder before they fund a program. In fact, the largest impediment to IG adoption is simply identifying its benefits and costs, according to The Economist Intelligence Unit. Sure, the enterprise needs better control over its information, but how much better? At what cost? What is the payback period and the return on investment (ROI)?23

It is challenging to make the business case for IG, yet making that case is fundamental to getting IG efforts off the ground.

Here are 10 reasons why IG makes good business sense:

  1. We can't keep everything forever. IG makes sense because it enables organizations to get rid of unnecessary information in a defensible manner. Organizations need a sensible way to dispose of information in order to reduce the cost and complexity of the IT environment. Having unnecessary information around only makes it more difficult and expensive to harness information that has value.
  2. We can't throw everything away. IG makes sense because organizations can't keep everything forever, nor can they throw everything away. We need information—the right information, in the right place, at the right time. Only IG provides the framework to make good decisions about what information to keep.
  3. E-discovery. IG makes sense because it reduces the cost and pain of discovery. Proactively managing information reduces the volume of information exposed to e-discovery and simplifies the task of finding and producing responsive information.
  4. Your employees are screaming for it—just listen. IG makes sense because it helps knowledge workers separate “signal” from “noise” in their information flows. By helping organizations focus on the most valuable information, IG improves information delivery and improves productivity.
  5. It ain't gonna get any easier. IG makes sense because it is a proven way for organizations to respond to new laws and technologies that create new requirements and challenges. The problem of IG will not get easier over time, so organizations should get started now.
  6. The courts will come looking for IG. IG makes sense because courts and regulators will closely examine your IG program. Falling short can lead to fines, sanctions, loss of cases, and other outcomes that have negative business and financial consequences.
  7. Manage risk: IG is a big one. Organizations need to do a better job of identifying and managing risk. The risk of information management failures is a critical risk that IG helps to mitigate.
  8. E-mail: reason enough. IG makes sense because it helps organizations take control of e-mail. Solving e-mail should be a top priority for every organization.24
  9. Privacy compliance. With the advent of the EU GDPR legislation, and increasing privacy concerns globally, forward-thinking enterprises are implementing IG programs.
  10. Infonomics. Enterprises are looking for innovative ways to leverage information as an asset and to find new value.

Failures in Information Governance

Associates in Psychiatry and Psychology

This first example is a result of weaknesses in cybersecurity and IG procedures, but some good steps were taken in advance to reduce the impact of any cyberattack. And the response is perhaps a model for how organizations should handle a ransomware attack.

Associates in Psychiatry and Psychology (APP) in Rochester, Minnesota, revealed that a ransomware attack occurred in March 2018. The ransomware attack affected patient information for over 6,500 individuals, although, in the preliminary investigation, it appeared that the information was not in a “human-readable” format and that the protected health information wasn't accessed or copied by the attackers.

APP had a prompt response to the attack, taking their systems offline. Doing so in a timely manner likely stopped the spread of the attack and limited possible encryption of personal data and data theft, completing the “ransom” aspect of the ransomware attack.

APP, in a Q&A regarding the incident, reported that it was a “Triple-M” ransomware attack. This variation uses the RSA-2048 encryption protocol, which utilizes long keys in order to encrypt the data. A ransom was paid, as the backups with the restore files couldn't be accessed based on the attack. The initial ransom demand of 4 Bitcoin ($30,000) was not paid and instead negotiated down to .5 BTC ($3,800). With the systems and data now restored, APP installed additional layers of security as well as new remote-access policies.

Ransomware attacks are not unique, especially within the healthcare sector. What was fascinating about this attack is the amount of information shared with affected patients and the openness with which APP talked about the breach. Most breaches go unnoticed in the public eye because very little information is shared with the general public, even those directly affected, especially if the data wasn't accessed or copied. APP's transparency provides affected parties the ability to understand how the breach affects them and what they can do to protect themselves.

Other organizations should stand up and take notice: APP's response should become the standard.

Chipotle Mexican Grill

Chipotle Mexican Grill strives to serve “food with integrity” that is fresh, not genetically modified, and never frozen. It is their corporate mantra. This is why the multiple reports of foodborne illnesses at some Chipotle stores from 2016–2018 were so damning. And the stock market value reflected this, dropping over 40% in just three months during 2016. That's something like $5 billion in value that vanished due to the reputational damage wrought on the Chipotle brand. The stock had hit a high of about $750 in 2015, but as of August 2018 it had yet to break $500, after hitting a low of $255 earlier in the year.

Billions in value lost. That is huge. And it was the result of poor IG practices at Chipotle. But Chipotle did finally recover as of late 2019 when the stock was back up over $800.

There were reports that the food poisonings may have been the result of industrial espionage, and they may well be true. It is not so far-fetched—just such a scenario was played out in the Showtime series Billions where a new soft drink was tainted. Multiple parties benefited from Chipotle's losses at the time, so who had the most to gain? A hedge fund manager shorting the stock may have raked in billions. Competitors were able to improve their market standing during Chipotle's losses. And even some alternative (traditional) suppliers gained ground. Knowing that this risk was out there should have forced Chipotle executives to focus on taking measures to reduce that risk, but they did not do so quickly or completely enough until 2019.

And what was the crux of the matter? Information risk coming home to roost from poor IG. Chipotle managers did not have the proper level of detailed information to track exactly where in their supply chain their ingredients have been contaminated, which is a result of weaknesses in their IG and recordkeeping practices. In their 2016 investigation, the FBI pointed out that Chipotle's recordkeeping system was actually hindering the health authorities’ investigation in locating the sources of the various infections.

All of this could have been prevented not only with improved food quality testing, but the detailed tracking of ingredient lot numbers and video surveillance. The fact that this information was not available to Chipotle managers was the result of a failure to construct proper records and information management (RIM) systems.

It was a failure of IG-but Chipotle eventually got back on track.

Anthem, Inc.

In 2016, a year after the largest healthcare data breach to date, where almost 80 million confidential records of members and employees at Anthem, Inc. were hacked, little had been learned about the nature, motivations, implications, and real costs of the breach.25 According to Anthem the data breach affected several of its brands, including Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, and UniCare.

Anthem, the nation's second largest health insurer, had insurance themselves—cyber-insurance. Perhaps that was why executives felt confident prior to the attack. Most of the initial costs were likely absorbed by a $100 million AIG cyber-insurance policy. But many class action lawsuits were filed, and “unresolved legal issues likely have stifled further disclosure of what is known.”26

By law, Anthem was not required to encrypt the personally identifiable information (PII), although this is a standard industry best practice. Certainly, victims sued Anthem just on the basis that Anthem did not take proper care of their PII while in their custody.

The PII compromised included names, addresses, birthdates, social security numbers, medical IDs, e-mail addresses, and salary and employment information.27 Anthem provided two years of credit monitoring for those who were affected. This was a mild measure, as hackers usually wait years to sell compromised data.

Certainly, Anthem's reputation was damaged, and the massive breach led to acquisition target Cigna questioning Anthem's IG posture, data privacy and security measures, and the resultant legal impact. In a letter, Cigna's CEO and former Board Chairman wrote, “Trust with customers and providers is critical in our industry, and Anthem has yet to demonstrate a path towards restoring this trust. We need to understand the litigation and potential liabilities, operational impact and long-term damage to Anthem's franchise as a result of this unprecedented data breach, as well as the governance and controls that resulted in this system failure.”28

Anthem took steps to shore up its information security practices (blunderfunding), hiring cybersecurity firm Mandiant just after the attack. In addition, the National Association of Insurance Commissioners (NAIC) commissioned a “market conduct and financial exam” of the breach, but the report is classified.

Ford Motor Company

The failure to implement and enforce IG can lead to vulnerabilities that can have dire consequences. Ford Motor Company is reported to have suffered a loss estimated at $50–$100 million as a result of the theft of confidential documents by one of its own employees. A former product engineer who had access to thousands of trade secret documents and designs sold them to a competing Chinese car manufacturer. A strong IG program would have controlled and tracked access and prevented the theft while protecting valuable intellectual property.29

FBI

Law enforcement agencies have also suffered from poor IG. In a rather frivolous case in 2013 that highlighted the lack of policy enforcement for the mobile environment, it was reported that US FBI agents used government-issued mobile phones to send explicit text messages and nude photographs to coworkers. The incidents did not have a serious impact, but did compromise the agency and its integrity, and “adversely affected the daily activities of several squads.”30 Proper mobile communications policies were obviously not developed and enforced.

Accenture

IG is also about information security and privacy, and serious thought must be given when creating policies that allow access to highly confidential information, as some schemes to compromise or steal information can be quite deceptive and devious, masked by standard operating procedures—if proper IG controls and monitoring are not in place. To wit: granting remote access to confidential information assets for key personnel is common. Granting medical leave is also common. But a deceptive and dishonest employee could feign a medical leave while downloading volumes of confidential information assets for a competitor—and that is exactly what happened at Accenture, a global consulting firm. During a fraudulent medical leave, an employee was allowed access to Accenture's Knowledge Exchange (KX), a detailed knowledge base containing previous proposals, expert reports, cost-estimating guidelines, and case studies. This activity could have been prevented by monitoring and analytics which would have shown an inordinate number of downloads—especially for an “ailing” employee. The employee then went to work for a direct competitor and continued to download the confidential information from Accenture, estimated to be as many as 1,000 critical documents. While the online access to KX was secure, the use of the electronic documents could have been restricted even after the documents were downloaded, if IG measures were in place and newer technologies (such as information rights management software or IRM) were deployed to secure them directly. With IRM, software security protections can be employed to seal the documents and control their use—even after they leave the organization. More detail on IRM technology and its capabilities is presented further on in this book.

The list of breaches and IG failures could go on and on, more than filling the pages of this book. It is clear that it is occurring and that it will continue. IG controls to safeguard confidential information assets and protect privacy cannot rely solely on the trustworthiness of employees and basic security measures. It takes up-to-date IG policies and enforcement efforts and newer technology sets. It takes active, consistent monitoring and program adjustments to continue to improve.

Executives and senior managers can no longer avoid the issue, as it is abundantly clear that the threat is real and the costs of taking such avoidable risks can be high. A single security breach is an information governance failure and can cost the entire business. When organizations suffer high-profile data breaches, particularly when they involve consumer privacy, they suffer serious reputational damage, losses in market value, and are faced with potential fines or other sanctions.31

Form IG Policies, Then Apply Technology for Enforcement

Typically, some policies governing the use and control of information and records may have been established for financial and compliance reports, and perhaps e-mail. But they are often incomplete and out-of-date, and have not been adjusted for changes in the business environment, such as new technology platforms (e.g., Web 2.0, social media), changing laws (e.g., California Consumer Privacy Act, U.S. FRCP 2006, 2015 changes), and additional regulations.

Further adding to the challenge is the rapid proliferation of mobile devices like tablets and smartphones used in business—information can be more easily lost or stolen—so IG efforts must be made to preserve and protect the enterprise's information assets.

Lasting and durable IG requires that policies are flexible enough not to hinder the proper flow of information in the heat of the business battle, yet strict enough to control and audit for misuse, policy violations, or security breaches. This is a continuous iterative policy-making process, which must be monitored and fine-tuned. Even with the absolute best efforts, some policies will miss the mark and need to be reviewed and adjusted.

Getting started with IG awareness is the crucial first step. It may have popped up on an executive's radar at one point or another and an effort might have been made, but many organizations leave these policies on the shelf and do not revise them on a regular basis.

IG is the necessary underpinning for a legally defensible disposition program that discards data debris and helps narrow the search for meaningful information on which to base business decisions. IG is also necessary to protect and preserve critical information assets, before their value can be exploited. An IG strategy should aim to minimize exposure to risk, at a reasonable cost level, while maximizing productivity and improving the quality of information delivered to knowledge users.

But a reactive, tactical project approach is not the way to go about it—haphazardly swatting at technological, legal, and regulatory flies. A proactive, strategic program, driven from the top-down with a clear, accountable executive sponsor and IG lead and an ongoing plan, auditing, and regular review process, is the only way to continuously adjust IG policies to keep them current so that they best serve the organization's needs.

Some organizations have created formal governance bodies to establish strategies, policies, and procedures surrounding the distribution of information inside and outside the enterprise. These IG governance bodies, steering committees, or teams may include members from many different functional areas, since proper IG necessitates cross-functional input from a variety of stakeholders. Representatives from privacy, security, legal, IT, records management, risk management, compliance, operations, legal, finance, and perhaps analytics/data science, knowledge management, and human resources (for training and communications) are typically a part of IG teams. Often these efforts are jump-started and organized by an executive sponsor who utilizes third-party consulting resources that specialize in IG efforts, especially considering the newness of IG and its emerging best practices.

In this era of ever-growing privacy and security concerns, increased regulation, Big Data volumes, and infonomics opportunities, IG programs are playing an increasing role. Leveraging IG policies to focus on retaining the information that has real business value, while discarding the majority of information that has no value and carries associated increased costs and risks, is critical to success for modern enterprises. This must be accomplished in a systematic, consistent, and legally defensible manner for IG programs to succeeed.

Notes

  1. 1.   Doug Laney, Infonomics: How to Monetize, Manage, and Measure Information as an Asset for Competitive Advantage (New York: Bibliomotion/Taylor & Francis, 2018), 9.
  2. 2.   Andrew Harvey and Barry Moult, e-mail to author, February 25, 2018.
  3. 3.   Jenn Christensen and Elizabeth Cohen, CNN Health, May 4, 2016, http://edition.cnn.com/2016/05/03/health/medical-error-a-leading-cause-of-death/.
  4. 4.   Ibid.
  5. 5.   Gartner, Inc., “IT Glossary,” www.gartner.com/it-glossary/big-data/ (accessed April 15, 2013).
  6. 6.   Webopedia, “Big Data,” www.webopedia.com/TERM/B/big_data.html (accessed April 15, 2013).
  7. 7.   Personal Data: The Emergence of a New Asset Class, An Initiative of the World Economic Forum, January 2011, http://www3.weforum.org/docs/WEF_ITTC_PersonalDataNewAsset_Report_2011.pdf.
  8. 8.   Deidra Pacnad, Defensible Disposal: You Can't Keep All Your Data Forever,” July 17, 2012, www.forbes.com/sites/ciocentral/2012/07/17/defensible-disposal-you-cant-keep-all-your-data-forever/.
  9. 9.   Susan Karlin, “Earth's Nervous System: Looking at Humanity through Big Data,” www.fastcocreate.com/1681986/earth-s-nervous-system-looking-at-humanity-through-big-data#1 (accessed March 5, 2013).
  10. 10. Steve Lohr, “How Big Data Became So Big,” New York Times, August 11, 2012, www.nytimes.com/2012/08/12/business/how-big-data-became-so-big-unboxed.html?_r=2&smid=tw-share&.
  11. 11. Kahn Consulting, “Information Governance brief” sponsored by IBM, www.delve.us/downloads/Brief-Defensible-Disposal.pdf (accessed March 4, 2013).
  12. 12. Barclay T. Blair, “Girding for Battle,” Law Technology News, October 1, 2012, www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?id=1202572459732&thepage=1.
  13. 13. Ibid.
  14. 14. Deidra Pacnad, “Defensible Disposal: You Can't Keep All Your Data Forever,” July 17, 2012, www.forbes.com/sites/ciocentral/2012/07/17/defensible-disposal-you-cant-keep-all-your-data-forever/.
  15. 15. Randolph A. Kahn, November 28, 2012, https://twitter.com/InfoParkingLot/status/273791612172259329.
  16. 16. “Gartner Says Master Data Management Is Critical to Achieving Effective Information Governance,” January 19, 2012, www.gartner.com/newsroom/id/1898914.
  17. 17. Ibid.
  18. 18. Monica Crocker, e-mail to author, June 21, 2012.
  19. 19. The Economist Intelligence Unit, “The Future of Information Governance,” www.emc.com/leadership/business-view/future-information-governance.htm (accessed March 10, 2012).
  20. 20. Arvind Krishna, “Three Steps to Trusting Your Data in 2011,” CTO Edge, posted March 9, 2011, www.ctoedge.com/content/three-steps-trusting-your-data-2011.
  21. 21. Laura DuBois and Vivian Tero, IDC White Paper, sponsored by EMC Corp., “Practical Information Governance: Balancing Cost, Risk, and Productivity,” August 2010, https://docplayer.net/6122601-Emc-perspective-emc-sourceone-email-management.html.
  22. 22. Monica Crocker, e-mail to author, June 21, 2012.
  23. 23. Barclay T. Blair, “Making the Case for Information Governance: Ten Reasons IG Makes Sense,” ViaLumina Ltd, 2010. Online at http://barclaytblair.com/making-the-case-for-ig-ebook/.
  24. 24. Barclay T. Blair, “8 Reasons Why Information Governance (IG) Makes Sense,” posted June 29, 2009, http://aiim.typepad.com/aiim_blog/2009/06/8-reasons-why-information-governance-ig-makes-sense.html.
  25. 25. Bob Herman, “Details of Anthem's Massive Cyberattack Remain in the Dark a Year Later,” Modern Healthcare, March 30, 2016, www.modernhealthcare.com/article/20160330/NEWS/160339997.
  26. 26. Ibid.
  27. 27https://en.wikipedia.org/wiki/Anthem_medical_data_breach.
  28. 28. Bob Herman, “Details of Anthem's Massive Cyberattack Remain in the Dark a Year Later,” Modern Healthcare, March 30, 2016, www.modernhealthcare.com/article/20160330/NEWS/160339997.
  29. 29. Peter Abatan, “Corporate and Industrial Espionage to Rise in 2011,” Enterprise Digital Rights Management, www.enterprisedrm.info/post/2742811887/corporate-espionage-to-rise-in-2011 (accessed March 9, 2012).
  30. 30. BBC News, “FBI Staff Disciplined for Sex Texts and Nude Pictures,” February 22, 2013, www.bbc.co.uk/news/world-us-canada-21546135.
  31. 31. “Gartner Says Master Data Management Is Critical to Achieving Effective Information Governance,” January 19, 2012, www.gartner.com/newsroom/id/1898914.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.217.8.82