Looks like we'll have to agree to disagree. Whilst I understand you
viewpoint I think it is fundamental that IG, RM and Risk are restructured
and I believe that the key to it all is RM. I do take your point about the
hierarchy becoming incidental, but until the importance of RM is realized
and acted upon I think there will always be compliance risks that cannot be
mitigated.
I say this as a non-Record Manager.
Simon Howarth.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Donald Henderson
Sent: 19 November 2009 12:11
To: [log in to unmask]
Subject: [SPAM] Re: [data-protection] Data Protection and Information
Security Policies
Interesting, but I have to disagree with you, Simon.
Information Governance (or Management) has to sit over all the other
subjects, including Records Management. It has to cover a wide range of
topics including DP/FOI, but also (real) Archives, ICT, Data Quality,
Information Security and even the recorded stuff that won't really ever
be part of a "record".
I do agree, however, that it is essential that information is viewed and
managed consistently and properly throughout an organisation. In
practical terms, if this is happening then the hierarchy is probably
irrelevant.
Donald Henderson
Information Compliance Manager
Perth & Kinross Council
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Simon Howarth
Sent: 19 November 2009 11:57
To: [log in to unmask]
Subject: Re: [data-protection] Data Protection and Information Security
Policies
To some extent I agree with what Paul is saying and the NHS have "got
around" this issue by adopting "Information Governance" which
incorporates all the requirements of information compliance, security,
confidentiality and corporate assurance. More recently it's taking on
more of a risk assurance role.
www.igt.connectingforhealth.nhs.uk
If you want to construct a hierarchy then it's my belief that
Information Governance (and therefore DP and other stuff) should
actually fall under Records Management. The reason for this is that
unless information (records) is properly managed you do not know what
you do not know (Rumsfeld?) and therefore cannot be sure of complying
with DP, FOI or confidentiality requirements. It is my view that Records
Managers have been too silent on this issue and should be championing
more their critical role in information management and whilst there is
no "right" way to structure information management in an organization it
is my firm belief that until RM is implemented properly and oversees
records and information in an organization, that information management
is not being done properly.
Simon Howarth.
<snip>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|