August 23, 2021

Last Updated on January 16, 2024

One of the biggest impacts of proliferating privacy legislation is that it’s forcing businesses to really understand what data they have and how they’re using it. The mandate to map data for compliance gives companies a record of processing activities (ROPA) that tells them where data comes from, what systems, processes and people can access and/or act on the data, where it’s stored, and how to delete it if needed.

But is all that work only helpful in avoiding fines and sanctions? Could there be even more at stake?

On a recent episode of The Virtual CISO Podcast, David Gould, Chief Customer Officer at EncompaaS, shared a long-range view of core issues around information governance and data privacy. Pivot Point Security CISO and Managing Partner, John Verry, hosts the show as always.

Information governance now relates directly to brand image

David relates: “When I first got into the content analytics business at Hewlett Packard, which I ran for many years, we had a solution called Control Point that essentially allowed you to do the discovery and also the analytics on content. The tools we have on EncompaaS take that and bring it to a much greater depth of capability and functionality; almost on steroids, so to speak.”

“But I think this is an issue that organizations still struggle with, because there’s real challenges in this. And it’s not necessarily about fine avoidance—it really goes to the heart of brand reputation,” David points out.

If a business can’t demonstrate to customers, employees, and other stakeholders that it’s taking good care of their data, trust in the brand erodes. Fines can be onerous. But if people don’t want to entrust their data to you, the business risk is off the charts.

Information governance failures can cause far more than fines

“Working with the largest consultancies and advisories in the world, and also talking directly to C-level managers and executives at large enterprises, brand reputation is probably the number one issue that has to be addressed here,” David clarifies. “Organizations can’t fundamentally provide good service to customers without a strong brand in the background. And that strong brand is not only based on marketing spend. It’s based on how you treat information, how you manage information, and how you allow organizations to access information.”

“While those things aren’t really apparent to consumers, they really add up behind the scenes—and it all comes screaming out the other end if you don’t do a good job,” David cautions.

Ready to hear more about information governance and how it relates to security, privacy, and business success? Tune into this podcast episode with David Gould.

To hear this episode all the way through, subscribe to The Virtual CISO Podcast on Apple Podcasts, Spotify, or our website.

Successful vCISO = All Security Roles Filled

This document outlines the 3 critical roles and responsibilities of a Virtual Chief Information Security Officer: Architect, Builder, and Operator.
Download the free inforgaphic now!