Policy enforcement is a challenging task for most organizations – more so for those in regulated industries that have a highly complex legal and compliance profile. The more regulated or more geographically diverse a corporation, the more burdened it will be with nuanced policies and compliance requirements. For companies that have taken the step of getting information governance programs up and running, their legal and compliance teams are typically accountable to garner some ROI from them, having spent sizeable resources to implement. However, all too often, even after an investment into IG has been made, many projects are not monitored for success or kept evergreen, thus falling short of leadership’s expectations.
While technology is a necessary piece in ensuring that IG programs are sustainable and enforceable, there are also best practices that should be taken into consideration at the outset of any IG effort. I recently contributed a two-part article to Corporate Counsel discussing some of these practices. Highlighting the importance of strategic technology execution, change enablement and training, the articles outlined the most effective ways IG stakeholders can ensure that the policies they invest in are not left collecting dust and unenforced. Recommendations included the following: