What do we mean by information management? It falls under the umbrella concept of Information Governance. “Information Governance” in turn falls under the umbrella concept of “IT Governance”. An entire chapter has been devoted to IT Governance in the King Code. The King Code states that “IT governance should focus on the governance of information” (our emphasis). When we use the term “information management”, we are using it as an umbrella term, which includes:
- Records management and document management
- Record retention
- Enterprise Content Management (ECM)
- Business Intelligence (BI)
- Business Process Management (BMP)
- Email Management
We look at “information management” and “information governance” through a legal lens.
How we can help you with the legal aspects of Information Management
Types of Information the Law deals with
There are various types of information that the law specifically deals with, like:
- Sensitive information
- State information
- Personal information, special personal information and account numbers
We offer services which help organisations identify and manage these types of information. We also review and draft information management policies.
Organisations cannot govern all information. There is simply too much. They should be selective and focus on important “information assets”: those that are critical to the business strategy, required by law or justified based on a cost–benefit analysis. We help organisations identify and manage records through our records governance audit (including a document imaging audit).
The King Code says that all sensitive information must be identified, classified and assigned appropriate handling criteria. We help organisations identify and manage “sensitive information” through our information sensitivity audit.
The King Code says that “the board should ensure that there are systems in place for personal information to be treated by the company as an important business asset and that all “personal information” that is processed by the company is identified.” It also says that “personal information should be processed according to applicable laws”. We help organisations identify and manage “personal information”, in accordance with the provisions of the Protection of Personal Information Act (POPI).