Project phase 2

STP IG PROGRAM IMPLEMENTATION – PHASE 1

Student’s name

Institutional affiliation

Date

Abstract

The data revolution is at a peak in this century. In a corporate world, an information governance (IG) program plays a key role that creates a discipline by bringing people and tools together to make the data work better for the business. In a data-driven world, it’s having numerous metrics in place to measure and validate the value of data and help manage the lifecycle of the data through a certain set of standards and policies that helps us to get the most out of it. To get most of the data benefits, we must focus its completeness, correctness, relevance, timeliness, consistent, meaningful and usability. In this project, we will analyze the risk, opportunity, and threat of current infrastructure of STP and build a road map to reduce STP’s exposure to vulnerabilities by increasing the overall security pro5le and reducing the risk profile

Team and Role Selection

According to (Smallwood, 2014), Information Governance leverages technologies to enforce policies and procedures to manage information which is risk in compliance with legal and litigation demand which will be compliant to both external regulatory requirementsand internal governance objectives. As the first process in building information governance, I will build a solid functional team, who can help me to achieve my project objective. I will select the below 10 people to help me with this IG project team.

· In-house Financial Analyst and Risk Manager

· Senior Records Manager

· IT Security Expert

· Overland Transport Manager

· Airway Transport Manager

· Overland Transport Manager

· Airway Transport Manager

· Southern Region General Manager (Houston, Florida)

· Western Region General Manager (San Diego, California

· Information Security Specialist.

For any data project whether it is big data, analytics or information governance, understanding the core data and how it currently resides, its correctness and completeness is the key to success. So, I will take the help of transport managers and records manager to understand the current process, risks, and existing data repositories. For the analysis of the data, I will take the help of financial analyst and risk manager for better modeling perspective. Keeping the security expert and IT security analyst will help me to do a current infrastructure study and future feasibility analysis. They will help me to decode the IT infrastructure, study its technological capability, file transfer mechanisms and understanding renewals. Above all, I need the SME support on information retention, sensitive data, and process flow diagrams to better build an infrastructure. Both western and southern regional managers are going to help me in that process. They both will work as Business Data Architects to guide the team in the gap analysis.

Research on State Data Retention and Privacy Laws

As data information grows, privacy rises significantly to be critical. Current business face challenges of data privacy with the growing list of regulations. Data protection laws have been made to curb cybercrimes in general all over the world and data protection given a priority. Several factors affect the recent influx of several legislative activities that report security breaches that compromise personal information. As STP is doing its business in 3 major states in the USA like KY (STP State home), CA and TX (STP primary hubs), it should comply with the federal as well as these state laws when it comes with information retention and privacy consideration.

Kentucky information retention and privacy laws:

As per KY revised status (18A.020), state that any civil employee is permitted to examine her files and records if fully pledged identification is done upon request. One is expected to make a written response in line with the file on request which is identified as the security measure placed on the file. These is made so that if any unlawful practices are committed they may be found without much hustle. Additionally, personal information and records would be kept for a certain period of time in the event that the employee is fired just in case the details maybe needed in the specified period. The information is therefore detained by the employer but still available to the employer at any time of need until the date of termination, (KY Commission on Human Rights Act-339.400).

California Information retention and privacy laws:

The California Consumer Privacy Act of 2018 was an initiative formed by privacy advocates professional who sought to provide consumers with visibility enter into groups that could control their personal information collected and sold by businesses maybe they were employed by, (”(California Consumer Privacy Act, 2018). The initiative faced substantial opposition from the technical industries despite its supporters and members signed and qualified to be certified for the November ballot (Mathews, 2018).

Texas Information retention and privacy laws:

In Texas, there are number of laws and regulations in place regarding document retention, privacy protection including tax audit procedures by the Internal Revenue Service (IRS), employment laws such as the Fair Labor Standards Act (FSLA). In addition to these federal laws, numerous state and local laws apply specifically to every business or organization. In 2011 the State of Texas also adopted a new law specifically pointing patent data privacy. The law, which will become active on September 1, 2012, incorporates the definition of the term “covered entity” in Texas’ existing health privacy law and could have a broad impact on many non-HIPAA covered entities (Lineman, 2012).

In-House counsel advises on project planning:

Despite these complex laws and limitations, it is possible to create a useful and measurable set of goals for the legal department of STP to proactively scoping risks to the organization and its various business models and, more importantly, taking steps to deal with those risks associated to our project. We need to identify the grey areas after working with different operational departments to broadly classify this project scope or deliverable. Here are the things legal department or in-house counsel to-do list to work on these laws.

· We will work with STP’s human resource team to review and update company policies and employee agreements.

· Create process and a set of operations to effective manage legal department budget and planning for better analysis and spread awareness of IG

· Encourage company’s compliance health check periodically working with different departments.

· Review company websites, processes, and procedures around litigations and disruptive events.

· STP needs to encourage customer/client satisfaction survey and engage closely with the business to identify key-government related actions.

· Take/update an inventory of the company's intellectual property and con5den'alinforma'on.

· Create a calendar of actions and improve the quality of data, its archival procedures working closely with the legal department of STP.

Identifying Risk Pro8les and Mitigation plans

The primary objective of an effective information governance policy is to ensure we understand the associated risks well and frame suitable controls to effectively manage all type of risks, such that proper models are used to inform and influence management’s decision-making process. There is a clear business rationale for ensuring the control environment around decision making is robust. There is also numerous external stakeholder expectation that needs to be met and the Model Governance Policy will also be designed to minimize the risk of the parent-STP and partnering companies-ISAs. The framework itself needs to be risk-based and aligned with the enterprise Risk Management Strategy (RMS) to ensure an adequate balance between the governing efforts and practical usability of the governance policies.

The framework needs to cover the whole lifecycle of a typical policy from its inception, use and model retirement. It describes the positive effects of security and privacy, usability and reputation on consumer trust in a web site in the online banking context. Besides this, it also suggests that trust has a positive effect on consumer commitment (Casalo’ et al., 2007). The risk management should occur at every interval in the business management cycle. Risk management is very vital task of strategic and business planning and therefore, is embedded in the monitoring and evaluation of performance (Miller, 2015).

Conclusion:

Effectiveness and future sustainability of STP depend on its current IG plans. STP needs to comply with the set IG standards all the time as it’s a customer support industry i.e. customers being at the center of operation. The effectiveness of its ERM Framework is subject to review by internal and external audit at least annually to understand the vulnerability and all the operational gaps. The results of this review should be reported to the Business Risk Access and Control (BRAC) and the board of directors. They should continue to be responsible for the appropriate management of risks relating to non-compliant operations. I strongly believe risk-related matters continue to be reported and to adhere to the company’s RMS model code and privacy protection policies. As a project manager, all these above-said inputs and criteria are going to prove effective for successful project execution and delivery.

Reference

Smallwood, R. F. (2019). Information governance: Concepts, strategies, and best practices. Hoboken, NJ: John Wiley & Sons.

Kentucky Laws Requiring Retention of Employee Records. (KY Human Rights, 2012). Retrieved from https://louisville.edu/5nance/payroll/5les/kyreten'onlaws

Luis V. Casaló, Carlos Flavián, Miguel Guinalíu, (2007) "The role of security, privacy, usability and Reputation in the development of online banking", Online Information Review, Vol. 31 Issue: 5, pp.583-603, https://doi.org/10.1108/14684520710832315

Lineman, D. J. (2012, April 15). Data Protection Laws. Retrieved from https://texasceomagazine.com/departments/data-protec'on-laws/

Miller, S. (2015, June). Thomson Reuters Legal Solutions. Retrieved from https://store.legal.thomsonreuters.com/law-products/news-views/corporate-counsel/in-house-counsel-to-do-list-for-2016

Mathews, K. J. (2018, July 13). The California Consumer Privacy Act of 2018. Retrieved from https://privacylaw.proskauer.com/2018/07/ar'cles/data-privacy-laws/the-california-consumer-privacy act-of-2018/