Source: Ernst & Young, partner of PRIMO Europe
Information serves as an integral part of most business processes. Organizations cannot survive without information and the supporting systems, third parties and manual activities that collect, derive, process, store and make available the information. Organizations rely on information and, therefore, are at risk when the information is degraded. In addition, information often imposes obligations to the organization, whether because a law or regulation requires it, or fiduciary duty demands it.
Enterprise governance, risk and compliance (GRC) represents the actions that an organization takes to achieve its performance objectives and manage risk. This includes information risk and the organization’s obligations over the information it owns, produces, uses and makes available to others. Organizations use different kind of information – financial, business, intellectual property, etc. — each with its own unique governance, risk and compliance considerations. Personal information is one such information category, and in this publication we take a closer look at the specifics of personal information and privacy risk.