7 Myths in Information Governance (IG) and Privacy Execution

Data leaks and breaches have become rampant in recent times. Though the protection of data is a high priority for companies, CIOs, and Information Governance (IG) professionals, there are a few myths and misconceptions that impede effective IG and privacy efforts.


Let us debunk some of these myths and discuss best practices for a robust IG program.


Myth #1: I am aware of the location of my data

Understanding the flow of your data and the location of your data is a crucial first step for an effective IG program. Most companies believe they know where their data resides and how it flows within and outside the organization. But to monitor the data footprint across employees, contractors, multiple devices, different servers, and the cloud requires the right mix of tools and expertise.


A great illustration of this was when a CIO of a midsized company recently mentioned in a conversation that all their employee data was on Prem. But an analysis of the actual flow of data with the company revealed 60% of the employee information was held with service providers outside the organization.


A comprehensive data map will be invaluable and provide in-depth knowledge about the state of the data in the organization and how sensitive and confidential information is actually managed. It will also be very helpful to understand and detect other vulnerabilities around data.