No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

New IGPMM Essential in Confronting Data Challenges

by Heidi Maher
March 3, 2017
in Featured, Governance
woman moving items to trash icon on tablet

The Risk and Cost Benefit of Maturing 22 Key Processes

The Information Governance Process Maturity Model (IGPMM), developed by the Compliance, Governance and Oversight Council (CGOC) in 2012, has become a standard foundation for starting and revising enterprise information governance programs. The CGOC has now released a new version of the model to help organizations deal with today’s information realities.

Back in 2012, visionary members of the Compliance, Governance and Oversight Counsel (CGOC) recognized the need for a comprehensive process model to help organizations establish and maintain a more robust information governance (IG) program. They developed the first Information Governance Process Maturity Model, which has become a standard foundation for starting and revising enterprise IG programs. Since that time, however, the torrid growth of digital data, an increasingly complex and costly regulatory environment, cloud adoption and machine learning have put an ever-increasing strain on enterprise IG efforts, leading the CGOC to issue an update to the Maturity Model that reflects today’s more complex data challenges.

The total volume of information around the world is now doubling every two years and is expected to reach 180 zettabytes by 2025. According to one estimate, 2.5 exabytes of data are now produced every day, the equivalent of 530 million songs or 250,000 Libraries of Congress. Many large organizations are already storing a petabyte or more of data, which can cost them up to $2.8 million every three years. Thousands of other organizations are catching up quickly, and the problem will only get worse as business users struggle to find the information they need and make optimal use of it.

Of even greater concern to many organizations is the complexity of evolving regulations around the world and the increasing cost of data breaches and compliance failures. The EU, for example, has adopted the General Data Protection Regulation (GDPR), which has substantial fines for noncompliance and applies to any company around the world doing business in the EU. Even without the implementation of the GDPR in May of 2018, the 2016 Ponemon Institute Cost of Data Breach Study revealed the average cost for each lost or stolen record containing sensitive and confidential information has increased from $154 to $158. This means that even a breach of a relatively modest 30,000 records can cost more than $4.6 million. Many breaches, such as those at Yahoo, Home Depot and Premera Blue Cross, have run into the tens of millions of records and negatively impacted share price. In the case of Yahoo, the breach may even affect its terms of acquisition by Verizon.

Two other developments are reshaping IG practices, as well. First, organizations are increasingly relying on the cloud for applications and data storage, introducing IG challenges around classification, over-retention, shadow IT and geo-location. Second, an increasing amount of planning around the use of analytics and machine learning for major data initiatives is taking place without adequate consideration of the legal, ethical and compliance consequences.

Minimizing Enterprise Risks and Ensuring Ongoing Compliance

The basic proposition of the CGOC Information Governance Process Maturity Model is that as information ages, its value declines – while the cost to manage it stays relatively constant (increasing as the amount of data increases), and the cost of e-discovery and compliance risks actually rise. This widening gap between the business value information provides and the costs and risks associated with it should compel organizations to focus on improving their “information economics.”

Improving information economics depends on maturing 22 processes that help identify – and improve the management of – information value, cost and risk. The processes reflect the needs of the key information stakeholders, including legal, records information management (RIM), privacy and security, lines of business and IT. The maturation for each business process moves through four stages:

  • Stage 1: Ad hoc and inconsistent
  • Stage 2: Siloed and manual
  • Stage 3: Siloed, consistent and instrumented
  • Stage 4: Integrated, instrumented and optimized.

As they work through each process, stakeholders and the organization as a whole are better able to determine information value, align cost to the changing value over time, minimize legal and regulatory risk and lower overall costs.

For example, the Maturity Model includes a process for information disposal and decommissioning that deals with IT’s inability to properly dispose of data and decommission information systems that may be causing unnecessary risk and legal or business expense.

  • In Stage 1, the most immature, IT “keeps everything” because there is simply no systematic way to determine regulatory obligations or business value.
  • In Stage 2, IT can manually configure systems to retain, hold, collect or dispose of data. Legal requirements can also be manually configured in some systems.
  • In Stage 3, IT is able to deduplicate files, dispose of log files and respond to business requests to decommission applications. IT and legal routinely work together to determine if any open legal matters affect the decommissioning.
  • In Stage 4, data is automatically deleted at the end of its retention period when no legal hold has been specified, and backup data is routinely and systematically overwritten. IT consistently analyzes the data source catalog to identify systems with low business value to proactively determine savings opportunities. Data disposal is transparently done based on documented preservation and retention obligations.

For IG professionals already familiar with the Information Governance Process Maturity Model, the key updates are in the areas of:

  • Privacy and Security. A “Privacy and Data Protection Obligations” section addresses evolving data privacy concerns, including the impact of the GDPR, and a new cost lever, “Data Security: Cost Reduction through Process Maturity,” helps organizations measure the extent to which process improvements can lower the per capita cost of a data breach. Finally, three processes have been added relating to data security best practices:
    • “External Intrusion” focuses on creating a framework for deterring, thwarting and identifying external bad actors.
    • “Accidental Data Leakage” allows for developing safeguards around classifying confidential information and preventing it from leaving via the network or employee devices.
    • “Insider Theft of Data” helps prevent employees from stealing information assets.
  • Cloud Computing. A new “Cloud Computing” process is designed to ensure IG safeguards are applied to nontraditional procurement and provisioning channels such as cloud services.
  • Data Quality. This “Data Quality and Data Lineage” process can help organizations ensure that data is accurate and serves its intended business or compliance purpose.

To download the new Model, please sign in as a member or complete the easy membership sign-up.


Tags: Data GovernanceGDPR
Previous Post

Sun May Be Rising for Community Banks

Next Post

2017: A Transformational Year for GRC

Heidi Maher

Heidi Maher

Heidi Maher is an attorney and a legal technology specialist who has advised hundreds of organizations on information governance around data security, compliance and eDiscovery. She is the Executive Director of the Compliance, Governance and Oversight Council (CGOC), a forum of over 3,800 legal, IT, records and information management professionals from corporations and government agencies. For over a decade, CGOC has been advancing governance practices and driving thought leadership across the industry. Previously, Heidi was a legal subject matter expert for a fortune 150 technology company, a felony prosecutor, a litigator, and an assistant state attorney general. She is Certified Information Privacy Manager.

Related Posts

banks information sharing_f

Sharing Is Caring? Lessons From Dutch Banks’ Data-Sharing Program

by Sukirt Singh
March 22, 2023

With federal investigations pending, the autopsy of Silicon Valley Bank and resulting cascade of bank failures is only just beginning....

risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

by Jim DeLoach
March 15, 2023

Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. An underpinning...

gdpr

UK Resurrects Data Protection Reforms, EU Court Rules on GDPR in Civil Cases

by Jonathan Armstrong and André Bywater
March 15, 2023

Recent courtroom and legislative action in Europe will likely have ripple effects around the world for companies subject to regulations...

data breach

Sobering Reality: Drizly Order Indicates Officers May Face Personal Liability for Data Breaches

by Baker Donelson
February 1, 2023

The FTC says Drizly’s CEO James Cory Rellas was alerted to a potential security loophole two years before a data...

Next Post
hand writing GRC on whiteboard

2017: A Transformational Year for GRC

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT