An integrated framework to elevate information governance to a national level in South Africa

As an emerging discipline, information governance (IG) presents a number of challenges to organisations and countries. For example, IG has not yet been clearly defined and current proponents present the concepts as records management, information management, enterprise content management, privacy (data protection), freedom of information, corporate governance, information risk, information security and e-discovery, to mention just a few areas. At an organisational level, initiatives focus on one of these aspects, often conflicting with the other elements, and are initiated because of some immediate business challenge, such as the introduction of the Protection of Personal Information Act (data protection or privacy legislation) in South Africa. This is compounded by the fact that the country creates many fragmented policies and pieces of legislation on the same IG aspects which are conducted in a disjointed manner. This study aims to present an integrated IG framework at the country level, comprising key success factors, required instruments (policy and legislation), principles and a proposed list of elements or disciplines, which should be managed in a cohesive manner.

This study adopted the Information Governance Initiative’s pinwheel facets of IG to design an integrated framework of elevating IG to country level. The pinwheel helped to identify different facets of information disciplines and the responsible oversight mechanism for implementation in South Africa. The study relied on data obtained through content analysis of policy documents, legislative frameworks, and literature review regarding the identified facets of IG in South Africa.

The study established that only some aspects/domains/facets of IG are legislated and driven by policy in South Africa. These domains are at different levels of maturity and different stakeholder groups are responsible for each domain; for instance, the National Archives of South Africa is responsible for records management and the State Information Technology Agency is responsible for information technology, while the newly established Information Regulator is responsible for freedom of information and data privacy. There is generally no over-arching structure responsible for overall IG in South Africa as the elements are fragmented in various oversight mechanisms and institutions. As a result, domains compete for limited resources and often lead to “knee-jerk” responses to legislative, legal or risk drivers.

It is concluded that if IG is not regulated and modelled at a country level, it is highly unlikely to filter down to organisations. Implementing IG at country level will go a long way in helping to filter it down to an organisation level.

The study is useful by presenting a framework to ensure that IG is implemented at the country level with a single coordinating body established for oversight mechanisms such as the Information Regulator (which currently has a narrow scope of privacy and freedom of information, although with limited resources).