EWeek has a great editorial titled “The Governance Edge” in the current edition which does a great job of drawing the connection between between controls in IT infrastructure and corporate ethics. As they put it:
“Without information management, there can be no corporate governance of any kind, good or bad.”
and later in the same editorial:
IT people will have to take part in the good governance of their own companies, through helping to implement Sarbanes-Oxley, the Patriot Act, SEC 17a-4 and HIPAA compliance solutions. The tools that vendors are offering IT managers to meet these compliance guidelines give IT managers the power to preserve data and audit it when need be. IT managers need to harness this technology to make good governance a day-to-day practice within their companies.
The problem we face as an industry is that we have to work governance issues into software engineering practices and eventually good governance principles need to be “baked in” to the products and services that are offered to customers.
What does this have to do with privacy management? Everything. Privacy management, financial data controls (Sox), HIPAA (medical privacy), COPPA (child protection), are all about placing controls on how and when data can be used, all of which fall under the umbrella term, “Data Governance.”