Book contents
- Frontmatter
- Contents
- Acknowledgements
- Acronyms and abbreviations
- Glossary of terms
- 1 Introduction
- 2 The laws and regulations
- 3 Data quality management
- 4 Dealing with threats
- 5 Security, risk management and business continuity
- 6 Frameworks, policies, ethics and how it all fits together
- Discussion points and exercises
- Index
2 - The laws and regulations
Published online by Cambridge University Press: 08 June 2018
- Frontmatter
- Contents
- Acknowledgements
- Acronyms and abbreviations
- Glossary of terms
- 1 Introduction
- 2 The laws and regulations
- 3 Data quality management
- 4 Dealing with threats
- 5 Security, risk management and business continuity
- 6 Frameworks, policies, ethics and how it all fits together
- Discussion points and exercises
- Index
Summary
Introduction
In this chapter, we will examine the external drivers which influence organizations towards practising good information governance. These are pieces of legislation, regulation and standards which are imposed from outside the organization, and which either must be complied with in order to avoid penalties, or which define benchmarks against which the practices and performance of the organization can be judged.
Sometimes these, in particular the pieces of legislation, are themselves referred to as ‘information governance’, in that they impose rules which govern what organizations do with information. However, as we've seen in Chapter 1, a more constructive way of understanding the term is to think of ‘information governance’ as those practices which lead to efficient, effective and ethical use of information. The fact that we also avoid legal repercussions simply means that the law recognizes our practices as being correct.
The specific laws and regulations dealt with in this chapter will be those which apply in the UK, as space does not permit discussion of equivalent legislation in other legislatures, but it will be found that similar legislation exists in a large number of countries – in March 2013, Rwanda became the 94th country to pass a Right to Information Act (Freedominfo.org, 2013). The equivalence of EC countries’ data protection laws to those in the UK is discussed in the section ‘The eighth principle’ (page 32), as is the list of ‘third’ countries recognized by the EC as having equivalent legislation. Other states, including the 21 members of the Asia-Pacific Economic Co-operation Group (APEC) have agreed on privacy principles, and Argentina, Canada, Hong Kong, Israel and Russia have based their laws on the European model (Kuner, 2010).
The USA has had a Freedom of Information Act since 1966. It applies to records held by federal agencies, such as the Department of Justice and the Department of Health and Human Services, and gives individuals the right to access any agency record, except for those protected from public disclosure for reasons of national security, for example. It also requires the agencies to automatically publish other information, including lists of frequently asked questions and answers to them (FAQs).
- Type
- Chapter
- Information
- Information Governance and AssuranceReducing risk, promoting policy, pp. 9 - 46Publisher: FacetPrint publication year: 2014