You learn from the media that a memory stick containing personal data has been left on the 8.10 train out of Birmingham. The police are involved and the data relates to customers and employees of your company. What are the consequences? How will the business be hit? Who will lose their job? And will the reputation of the business be affected, impacting customers and a large proportion of the workforce?
Information has real business value. The challenge is that the commercial value of information assets does not appear on the balance sheet and therefore is not always secured and protected.
However, we all know how costly the mismanagement of information can be if tapes, discs, CDs or other memory devices are lost, or inappropriate or unauthorised access to data occurs. The impact on the brand, cost of remediation, the possibility of regulatory and/or legal fines, a downturn in equities, negative PR and loss of business are all metrics that underline the high cost of not recognising the value of securing information assets.
Security will be an ever-increasing issue as more data is managed by outsourcers, in the cloud and offshore. Information governance must be addressed by the owners of the information, not simply left to contracted partners.
Virtualisation will also raise issues around how information is being managed. Knowing where the data resides, how it is being accessed, updated, migrated or moved will be a management requirement.
As a result, information managers and CIOs will have to consider security and data protection options covering all data repositories, from the laptop, PDA or mobile phone through to the datacentre. They will have to deliver systems that keep information continuously available while being secure from hackers or data loss. Information governance involves everyone; it has business value and spans every organisation.
Hamish Macarthur is founder and CEO of Macarthur Stroud International,