Prepare to free your information

The past few years have seen a raft of corporate governance regulations aimed at making company dealings more transparent. And...

The past few years have seen a raft of corporate governance regulations aimed at making company dealings more transparent. And rightly so.

But the same regulations have created headaches for IT directors who have had to ensure disparate data systems are linked and the information in them is accurate.

At first glance the Freedom of Information Act, which came into effect on 1 January, may not seem to be something that affects private sector companies.

It gives organisations and members of the public unprecedented access to information held about them by more than 100,000 public bodies.

But the legislation is not exclusively aimed at government organisations - it also takes schools, universities, museums and publicly listed companies into account.

Potentially, any organisation that acts as a supplier to local or national government could be asked to meet a request for personal data within 20 days.

Organisations that will be affected by the act should have already started to examine how they will address their new role as information provider.

Those that have not begun to do this need to do so as a matter of urgency. If they do not they risk being hit hard by fines - not a nice way to start the new year. However, this is not the time for a knee-jerk reaction.

Spending millions of pounds on a new IT infrastructure will be of limited use unless you have taken the time to closely examine the way your business works.

IT will only help to address specific problems when it is in tune with business processes.

Picture the scene: Mrs Jones in South Wales is concerned about what information company X holds about her. She has been a customer for the past 15 years, so it holds a wealth of data in many different formats - letters, faxes, e-mails and even recorded telephone conversations.

Some of these records are archived on hard drives, some in filing cabinets and some of it is even on microfiche. Company X needs to deliver this information to her in a format of her choosing within 20 days.

When Mrs Jones calls with her request, her call could provoke company-wide panic.

Organisations should conduct an audit of the business processes that push information around their companies and the accompanying IT systems.

Some systems can be modified to meet the demands of information requests, and manual tasks can be automated relatively cheaply.

Following these steps will help IT directors reduce their stress levels before the end of the year.

Mark Reynolds is managing director at communications provider Topcall UK

Read more on IT risk management