What is Information Governance? It’s not just GDPR.

I attended a training session for small businesses at a local university the other day, having introduced myself as an Information Governance Consultant, the trainer looked at the floor, and said “I don’t even know what that is.” Being in a learning situation, I took the opportunity to educate,

“There are many different aspects of Information Governance, the most commonly promoted being data privacy. This is the practical application of the legalities and regulations around how and when your personal data can and can’t be processed. Information Governance Professionals, assess information related risks, ensure policy is in place and procedures back these up to mitigate those risks. We train staff to ensure they know how to act in accordance with good Information Governance, audit that this is happening and, when it goes wrong, we manage breaches of information law to conclusion.

We have knowledge of data protection and the Common Law of Confidentiality, which is case law where the right to ensure personal data is kept private has been legally assessed, ensuring that data is managed and processed as it should be.

For example, you may think that the data controller of your medical data is the NHS but no organisation like that actually exists, it is each hospital, each GP, each medical centre, pharmacist etc’, that controls your personal data. The sharing of that data is managed through different clinical systems, all trying (and succeeding, in the most part) to get your personal information to where it needs to be to treat your broken toe or for other uses, if you have given consent, e.g. for research purposes. 
  • Text Hover
Information Governance also ensures that you can request copies of personal data relating to you, see which organisations have viewed and shared your data and, if you have any concerns, there is a Data Protection Officer at each organisation who is there to help you. Not to forget, the Information Commissioner's Office who are the policing body for information related law – you can contact them directly too.

But it is not just medical data, information governance is what keeps your financial data from being stolen and your identity from being used by a 10 year old in Korea to buy his mum a house with a swimming pool and room for a pony.

Something as simple as good password management comes under the guise of Information Governance (did you know that passphrases are the way to go – TomorrowISAnotherDay.) That's part of Information Security, which encompasses the technical and physical ways we ensure that data is not misused, from using identity badges to access your work place to encrypting personal data transfers from your GP to your pharmacist and everything in between.

Did you also know that ensuring the Freedom of Information Act is managed appropriately within public bodies is also part of the same subject area? This act gives you the right to request non-identifiable information from these public bodies, for example, you can find out what your local MP gets paid or why the local hospital has been shut down.

Statistical information or Big Data is valuable when used to it’s full potential so Information Governance ensures that ethics of information use are at the forefront of people’s minds.

Then there's Records Management, in all types of organisations, ensuring that the records are created accurately (no extra zeros on your bank account balance, I'm afraid) and managing those records to ensure that the right information is where it should be, at the right time and available to only the right people.

It's a really varied and exciting subject area which is only going to become more pertinent as we continue to move further into the world of digital data.

I could go on but instead join us on our All you need to know; Information Governance course to learn more. 


Louise PaddockLouise Paddock

Louise Paddock

Louise has worked in Information Governance (IG) for over 10 years, mainly in the NHS, private healthcare and healthcare technology sectors. Her focus is on protecting the patient (or any data subject) through ensuring the practical application of good IG. Alongside her work with Leadership Through Data, Louise owns a data privacy and security consultancy, is the Data Protection Officer for a small healthcare technology company and is Head of IG for a leading healthcare technology company. When she finds some free time, she enjoys singing, spending time with her cats and walking in the Yorkshire countryside, near home.