It is tempting to consider your information as being your own and entirely under your own control. Of course, that isn't the case. Information from within the deepest vaults of the organization can be demanded by individuals (through various privacy rules), government regulators, courts, auditors, and any number of other potential stakeholders. Government agencies or departments often have the additional obligation to provide information based on various forms of Freedom of Information legislation and similar open government initiatives.

Every enterprise, regardless of its sector, needs a strategy to confidently know who should have access to every piece of information and to be comfortable that they understand what will be found now or in the future. Such a strategy needs to include information that goes beyond current access privileges and anticipates general requirements of the future. The history of privacy, freedom of information, and more targeted regulations, such as the Sarbanes-Oxley Laws, is that re-engineering systems to provide information on request after the event is an extremely expensive exercise.

Even in the absence of such requirements, having additional data early only increases the information available to decision makers, which is always a good thing. Organizations complying with the Sarbanes-Oxley rules have typically discovered weaknesses in their own processes as well as rich data sets associated with earlier activities that ...