Information management and the law

///Information management and the law
Information management and the law2019-03-15T09:24:43+02:00
  • records management and data governance

What do we mean by information management? It falls under the umbrella concept of information governance. Information governance in turn falls under the umbrella concept of IT Governance. An entire chapter has been devoted to IT Governance in the King Code, which states that “IT governance should focus on the governance of information” (our emphasis). Information management includes many things.

  • Records management and document management
  • Record retention
  • Enterprise Content Management (ECM)
  • Business Intelligence (BI)
  • Business Process Management (BMP)
  • Email Management

We look at concepts through a legal lens.

How help with the legal aspects of information management

We offer audits, advice and opinions on this focus area. We offer services which help organisations identify and manage the different types of information. We also review and draft information management policies.

Some types of information the law deals with

There are various types of information that the law specifically deals with, like:

  1. Records
  2. Sensitive information
  3. State information
  4. Personal information
  5. Special personal information
  6. Account numbers


Organisations cannot govern all information. There is simply too much. They should be selective and focus on important “information assets”: those that are critical to the business strategy, required by law or justified based on a cost–benefit analysis.  We help organisations identify and manage records through our records governance audit (including a document imaging audit).

Sensitive information

The King Code says that all sensitive information must be identified, classified and assigned appropriate handling criteria. We help organisations identify and manage “sensitive information” through our information sensitivity audit.

Personal information

The King Code says that “the board should ensure that there are systems in place for personal information to be treated by the company as an important business asset and that all “personal information” that is processed by the company is identified.” It also says that “personal information should be processed according to applicable laws”. We help organisations identify and manage “personal information”, in accordance with the provisions of the Protection of Personal Information Act (POPI).


If you are interested, please complete the form on the right or enquire now. We will contact you to find out more about your requirements and give you a quote.