(Originally published by ARMA)
The regulatory environment for how businesses manage information continues to grow in complexity and uncertainty. Information and records management professionals are now tasked with understanding the implications of laws and regulations such as GDPR, CCPA, HIPAA, SOX, FCPA and AML, and evolving standards such as the Generally Accepted Recordkeeping Principles, the Information Governance Body of Knowledge (IGBOK) and international standards from ISO and other regulatory bodies.
In addition to defining their own IG policies to comply with standards, many organizations face cybersecurity, data privacy and records retention requirements from clients, business partners and vendors that enact strict guidelines and frequent privacy and cybersecurity audits. In this environment, companies may no longer be able to accept the risks associated with an approach to IG which is tantamount to: Keep it forever because computer storage is cheap, and so is offsite hard-copy storage.