MOD loses more data

The loss of an MOD laptop containing personal information on 600,000 people interested in joining Britain’s armed forces, suggests that large organisations need assured compliance with well structured data governance policies, according to Adrian Butcher, director of strategic content at software vendor, Open Text.

According to Butcher: “The issue of content governance has already reached the boardroom as a key topic, not just in the public sector, but in private companies as well. Even before all these high profile data losses, leaders of major organisations had become concerned about the issue,”

“Banks are some of the more obvious examples; modern payment methods mean that tens of thousands of companies that once traded on a cash-or-cheque basis now hold vital financial information about customers Furthermore, financial details are not the only kind of sensitive information - mishandling of personal, commercial and legal content can be equally damaging,” added Butcher.

“At the end of the day, senior managers know their responsibilities and are serious about addressing them. The trick is to ensure that the good intentions of top management are fulfilled at junior level – and as much as possible, that you can prove it. This is often more critical in the public sector because the burden of disclosure is so much higher – and career risks for individuals perhaps commensurately so,”

‘With appropriate data governance systems in place, however, we can eliminate most data losses and pinpoint them when they do occur, making corrective action quicker to identify and execute.’

‘Governance means process and to many this will imply a hindrance to day-to-day efficiency. On the contrary, good governance, like good management, is about having absolute clarity as to who is responsible for what and when. Most employees want to discharge their duties well. If the organisation is visibly and auditably clear and precise in not just the existence of policy, but also its effective, assured delivery to every appropriate individual, the diligent employee is fully supported and the less diligent one is inescapably aware of his/her responsibilities. Organisations depend on personal responsibility even at junior level, so complete elimination of error is hard to predict, but we can help eliminate most of it and pinpoint errors when they do occur, making corrective action quicker to identify and execute.’

Butcher continued: “Whilst governance procedures and polices certainly exist today, they necessarily evolve over time, and so does the level of adherence to them. The people who wrote employee guidance move on – others augment it. Responsibility is departmentally owned, so the guidance finds its way into departmental systems which are vulnerable to re-organisation. Access rights may become out-dated, making content hard to find. So the organisation cannot be confident that policy is complete, up-to-date, appropriately available – and auditably delivered – to all employees,”

“To overcome this a number of organisations have chosen to build reference libraries of procedures, using ECM to ensure they are well-managed and up-to-date. It is a straightforward matter to provide management reporting to show which employees have – or have not – accessed a particular piece of guidance, allowing management to monitor, manage and prove good discipline,” he concluded.