Information Management and the Law

///Information Management and the Law
Information Management and the Law 2017-12-07T07:00:59+00:00

What do we mean by information management? It falls under the umbrella concept of Information Governance. “Information Governance” in turn falls under the umbrella concept of “IT Governance”. An entire chapter has been devoted to IT Governance in the King Code. The King Code states that “IT governance should focus on the governance of information” (our emphasis). When we use the term “information management”, we are using it as an umbrella term, which includes:

  • Records management and document management
  • Record retention
  • Enterprise Content Management (ECM)
  • Business Intelligence (BI)
  • Business Process Management (BMP)
  • Email Management

We look at “information management” and “information governance” through a legal lens.

How we can help you with the legal aspects of Information Management

We offer audits, policiesadvice and opinions on this focus area.

Types of Information the Law deals with

There are various types of information that the law specifically deals with, like:

  1. Records
  2. Sensitive information
  3. State information
  4. Personal information, special personal information and account numbers

We offer services which help organisations identify and manage these types of information. We also review and draft information management policies.


Organisations cannot govern all information. There is simply too much. They should be selective and focus on important “information assets”: those that are critical to the business strategy, required by law or justified based on a cost–benefit analysis.  We help organisations identify and manage records through our records governance audit (including a document imaging audit).

Sensitive information

The King Code says that all sensitive information must be identified, classified and assigned appropriate handling criteria. We help organisations identify and manage “sensitive information” through our information sensitivity audit.

Personal information

The King Code says that “the board should ensure that there are systems in place for personal information to be treated by the company as an important business asset and that all “personal information” that is processed by the company is identified.” It also says that “personal information should be processed according to applicable laws”. We help organisations identify and manage “personal information”, in accordance with the provisions of the Protection of Personal Information Act (POPI).


If you are interested, please complete the form on the right or enquire now. We will contact you to find out more about your requirements and give you a quote.