Records and Information Management (RIM) Month - Celebrating Tera Ladner
Records and Information Management (RIM) month is observed in the month of April every year to highlight the purpose and importance of RIM across organizations. First observed by the Association of Records Managers and Administrators (ARMA) in the year 1995, the event brings together IG and IM professionals to spread awareness within the global RIM community.
To commemorate this year’s RIM month, Meru Data would like to showcase a few renowned IG professionals, especially women in IG, and share their professional journey.
This week, we are highlighting Tera Ladner, Global Practice Lead and Vice President of Information Risk Management and Governance at Aflac. Tera possesses expertise in a wide range of subjects like security governance policy/standards, technology risk assessment and management, and data classification and protection among many. She has a proven track record in third-party risk assessments, application and infrastructure assessments, security awareness and training, e-discovery, etc.
What do you love the most about your profession?
I think what I love most about what I do is that every day is a new challenge. Information is what drives every process, organization, and business decision. Information is dynamic in nature, it changes every day. The way we gather information changes, the formats of information changes, the way we use it changes. So, it's one of those career paths where you can hone your skills, but it's not a skill that you can just hone and then stand on or sit on for the next 20 years. It is something you have to constantly work at. It is not for the faint of heart and it is not for someone who wants to come in and ask the famous “paper or plastic” question and then go home. It just is not that kind of a career. But, for me, if I had to come in and do the same thing every day, I certainly wouldn't last very long in that job.
How has your career evolved in the last two to three years? And how has IG helped shape your career?
I am responsible for information governance, but I'm also responsible for a lot of the classical security governance functions that exist within the information security program. Functions like third-party risk management, security awareness, compliance, and all of the formal governance processes that encircle information security. All of these are part of my role now along with information governance. My career has definitely evolved from just information governance to a much broader information management space that has expanded my reach and has been a really positive experience for me.
Why do you think information governance, third-party security, and privacy are essential for an organization? How have your skills helped you be successful in your role?
We talked about the fact that information is the heart and soul of an organization. As you grow up in the records space and start getting into information governance, you begin to understand that all information is not created equal. You need to balance the value of using the information, vs the cost and risk of having that information.
For instance in our organization Microsoft One Drive is available at no additional cost, so the teams think we can just migrate content there with no need to clean it up. But they aren’t considering the value vs. the risks and cost of keeping too much data.
The skillset that I learned as a records manager at the beginning of my career taught me the ability to look at situations like new software or business opportunities, as a balance of cost and risk vs. reward. It taught me my risk assessment skillset that I can carry over into the information security space because now I know how to look at things from more than one perspective.
For example, let’s consider the data that we use for analytics. There may be a request to use the data in a way that hasn’t before been considered by the organization. But how do we balance their requests for using that information against security, CCPA, and all of the other privacy regulations?
And considering our efforts around ESG, how should we balance it against what we should be doing with that information. There are so many existing and emerging perspectives that drive how we use information. And it is not that one need necessarily outweighs the other, but it is the balance between rewards, costs, and risks that drives the overall vision for information management.
From your experience, what skills are essential in what you do?
First and foremost, I think you