An integrated framework to elevate information governance to a national level in South Africa

IF 0.8 Q3 INFORMATION SCIENCE & LIBRARY SCIENCE

Records Management Journal Pub Date : 2019-03-11 DOI:10.1108/RMJ-09-2018-0030

P. Mullon, M. Ngoepe

{"title":"An integrated framework to elevate information governance to a national level in South Africa","authors":"P. Mullon, M. Ngoepe","doi":"10.1108/RMJ-09-2018-0030","DOIUrl":null,"url":null,"abstract":"\nPurpose\nAs an emerging discipline, information governance (IG) presents a number of challenges to organisations and countries. For example, IG has not yet been clearly defined and current proponents present the concepts as records management, information management, enterprise content management, privacy (data protection), freedom of information, corporate governance, information risk, information security and e-discovery, to mention just a few areas. At an organisational level, initiatives focus on one of these aspects, often conflicting with the other elements, and are initiated because of some immediate business challenge, such as the introduction of the Protection of Personal Information Act (data protection or privacy legislation) in South Africa. This is compounded by the fact that the country creates many fragmented policies and pieces of legislation on the same IG aspects which are conducted in a disjointed manner. This study aims to present an integrated IG framework at the country level, comprising key success factors, required instruments (policy and legislation), principles and a proposed list of elements or disciplines, which should be managed in a cohesive manner.\n\n\nDesign/methodology/approach\nThis study adopted the Information Governance Initiative’s pinwheel facets of IG to design an integrated framework of elevating IG to country level. The pinwheel helped to identify different facets of information disciplines and the responsible oversight mechanism for implementation in South Africa. The study relied on data obtained through content analysis of policy documents, legislative frameworks, and literature review regarding the identified facets of IG in South Africa.\n\n\nFindings\nThe study established that only some aspects/domains/facets of IG are legislated and driven by policy in South Africa. These domains are at different levels of maturity and different stakeholder groups are responsible for each domain; for instance, the National Archives of South Africa is responsible for records management and the State Information Technology Agency is responsible for information technology, while the newly established Information Regulator is responsible for freedom of information and data privacy. There is generally no over-arching structure responsible for overall IG in South Africa as the elements are fragmented in various oversight mechanisms and institutions. As a result, domains compete for limited resources and often lead to “knee-jerk” responses to legislative, legal or risk drivers.\n\n\nResearch limitations/implications\nIt is concluded that if IG is not regulated and modelled at a country level, it is highly unlikely to filter down to organisations. Implementing IG at country level will go a long way in helping to filter it down to an organisation level.\n\n\nOriginality/value\nThe study is useful by presenting a framework to ensure that IG is implemented at the country level with a single coordinating body established for oversight mechanisms such as the Information Regulator (which currently has a narrow scope of privacy and freedom of information, although with limited resources).\n","PeriodicalId":20923,"journal":{"name":"Records Management Journal","volume":null,"pages":null},"PeriodicalIF":0.8000,"publicationDate":"2019-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1108/RMJ-09-2018-0030","citationCount":"20","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Records Management Journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1108/RMJ-09-2018-0030","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"INFORMATION SCIENCE & LIBRARY SCIENCE","Score":null,"Total":0}

引用次数: 20

Abstract

Purpose As an emerging discipline, information governance (IG) presents a number of challenges to organisations and countries. For example, IG has not yet been clearly defined and current proponents present the concepts as records management, information management, enterprise content management, privacy (data protection), freedom of information, corporate governance, information risk, information security and e-discovery, to mention just a few areas. At an organisational level, initiatives focus on one of these aspects, often conflicting with the other elements, and are initiated because of some immediate business challenge, such as the introduction of the Protection of Personal Information Act (data protection or privacy legislation) in South Africa. This is compounded by the fact that the country creates many fragmented policies and pieces of legislation on the same IG aspects which are conducted in a disjointed manner. This study aims to present an integrated IG framework at the country level, comprising key success factors, required instruments (policy and legislation), principles and a proposed list of elements or disciplines, which should be managed in a cohesive manner. Design/methodology/approach This study adopted the Information Governance Initiative’s pinwheel facets of IG to design an integrated framework of elevating IG to country level. The pinwheel helped to identify different facets of information disciplines and the responsible oversight mechanism for implementation in South Africa. The study relied on data obtained through content analysis of policy documents, legislative frameworks, and literature review regarding the identified facets of IG in South Africa. Findings The study established that only some aspects/domains/facets of IG are legislated and driven by policy in South Africa. These domains are at different levels of maturity and different stakeholder groups are responsible for each domain; for instance, the National Archives of South Africa is responsible for records management and the State Information Technology Agency is responsible for information technology, while the newly established Information Regulator is responsible for freedom of information and data privacy. There is generally no over-arching structure responsible for overall IG in South Africa as the elements are fragmented in various oversight mechanisms and institutions. As a result, domains compete for limited resources and often lead to “knee-jerk” responses to legislative, legal or risk drivers. Research limitations/implications It is concluded that if IG is not regulated and modelled at a country level, it is highly unlikely to filter down to organisations. Implementing IG at country level will go a long way in helping to filter it down to an organisation level. Originality/value The study is useful by presenting a framework to ensure that IG is implemented at the country level with a single coordinating body established for oversight mechanisms such as the Information Regulator (which currently has a narrow scope of privacy and freedom of information, although with limited resources).

查看原文本刊更多论文

将南非的信息治理提升到国家层面的综合框架

作为一门新兴学科，信息治理(IG)给组织和国家带来了许多挑战。例如，IG尚未得到明确的定义，目前的支持者提出的概念包括记录管理、信息管理、企业内容管理、隐私(数据保护)、信息自由、公司治理、信息风险、信息安全和电子发现，仅举几个领域。在组织层面上，计划侧重于这些方面中的一个，经常与其他元素相冲突，并且由于一些直接的业务挑战而启动，例如在南非引入了个人信息保护法(数据保护或隐私立法)。这个国家在同一个IG方面制定了许多支离破碎的政策和立法，这些政策和立法以脱节的方式进行，这一事实使情况更加复杂。本研究旨在提出一个国家层面的综合IG框架，包括关键成功因素、所需工具(政策和立法)、原则和建议的要素或学科清单，这些要素或学科应以一种连贯的方式进行管理。设计/方法/方法本研究采用了信息治理倡议中IG的风车式方面来设计一个将IG提升到国家层面的综合框架。风车有助于确定新闻纪律和负责任的监督机制在南非的执行情况的不同方面。该研究依赖于通过对政策文件、立法框架的内容分析和关于南非IG确定方面的文献综述获得的数据。研究结果表明，在南非，只有IG的某些方面/领域/方面是由政策立法和推动的。这些领域处于不同的成熟度级别，不同的涉众组负责每个领域;例如，南非国家档案馆负责记录管理，国家信息技术机构负责信息技术，而新成立的信息监管机构负责信息自由和数据隐私。在南非，一般没有负责整体IG的总体结构，因为各个要素在各种监督机制和机构中是分散的。因此，域名争夺有限的资源，并经常导致对立法、法律或风险驱动因素的“下意识”反应。研究的局限性/意义得出的结论是，如果IG没有在国家一级进行监管和建模，它就极不可能过滤到组织。在国家层面实施IG将有助于将其过滤到组织层面。该研究提供了一个框架，以确保IG在国家层面上得到实施，并为信息监管机构(尽管资源有限，但目前隐私和信息自由的范围很窄)等监督机制建立了一个单一的协调机构。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Records Management Journal INFORMATION SCIENCE & LIBRARY SCIENCE-

CiteScore

3.50

自引率

7.10%

发文量

期刊介绍： ■Electronic records management ■Effect of government policies on record management ■Strategic developments in both the public and private sectors ■Systems design and implementation ■Models for records management ■Best practice, standards and guidelines ■Risk management and business continuity ■Performance measurement ■Continuing professional development ■Consortia and co-operation ■Marketing ■Preservation ■Legal and ethical issues