Compliance program naming creates confusion

Data protection, RIM, information governance—so many names…

“What we have here is a failure to communicate.” These lines from Cool Hand Luke were not referring to compliance programs, but they probably should have been. Everyone, it seems, calls their compliance program by slightly different name, encompassing slightly different disciplines. I’m ready to give up calling anything “anything.”

I should explain. Records Management is, of course, about saving records. Yet this term is becoming dated, as many records professionals refer to it as Records & Information Management (RIM) (We can, as I have, engage in a long discussion on whether ampersand or the word “and” should be used.) RIM programs can be slightly different than Document Retention (DM) programs, with the former focusing on records and the later on records and documents. Clear so far?

Next, let’s include data privacy. Data Privacy can include Personally Identifiable Information (PII), Protected Healthcare Information (PHI), or Payment Card Industry (PCI) data standards. Within a given industry these terms are sometimes used interchangeably. Unless of course we are referring to Europe, where what Americans call data privacy is referred to Data Protection. The European usage of data protection is coming to America, similar to Dutch elm disease.

European Data Protection should not be confused with storage professionals’ use of the term Data Protection, which means the ability to ensure access to data in the event of a disk or server failure (think backup). Of course, a few years ago some in the industry started moving away from backup and toward Information Lifecycle Management (ILM), and this term was very much in vogue until it wasn’t. Recently, I met a large company that referred to what I would consider records managements—oops, I meant records & information management—as ILM. Now I’m getting confused.

Then things get mixed up. Storage professionals use a process of Data Classification to separate their data backup requirements. Unless of course you are talking to a security expert, for which Data Classification means something completely different—classifying data for security and sensitivity.

At least the e-discovery is safe. Unless e-discovery is being practiced proactively—then it becomes Litigation Readiness.

Many wise minds in the industry that have been grappling with these naming problems and have come up with a fix. The newer, catch-all term is now Information Governance, which includes records & information governance, e-discovery and data privacy. Except when it doesn’t, and only includes just one or two of those terms. In that case, it becomes Data Governance, which applies only to the governance of data, not of information (which is of course, nearly all data). And as long as we are doing Data Governance, some claim this is really Master Data Management (MDM), which some use interchangeably with Information Governance. Clearly we do have a failure to communicate.

What is most problematic is that those who use these terms believe they are being perfectly clear. “Can we talk about data classification?” someone recently asked me. When I responded “Yes, but can you tell me what you mean by data classification,” they looked at me like I was an ignoramus from Mars. Like I said, I’m ready to give up calling anything “anything.”


author image

Mark Diamond

Mark Diamond, Founder & CEO of Contoural, Inc., is a regular contributor to Inside Counsel on Litigation Readiness and Records Information Management. You can e-mail...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.