Sovan Bin, CEO and founder of the Paris and San Francisco-based Odaseva, which offers Data Governance Cloud, a suite of data governance apps, explained, "Information governance is about making deliberate decisions about how your organization plans to holistically manage the business-critical information that it generates and ultimately relies upon for business-critical applications."

IG, Bin noted, includes establishing an accountability framework that not only classifies the sensitivity and value of information, but also dictates the meticulousness of the data's management and security. "Information governance also requires establishing the necessary policies, procedures and metrics to ensure appropriate behavior and storage throughout the data life cycle – from creation through archiving and deletion."

Martinez-Carey said she perceives a strong relationship between data governance, the general management of the accessibility, accuracy, security and practicability of an organization's data, and IG. "Information governance is the umbrella underneath data governance."

Maria Martinez-Carey

According to Martinez-Carey, very few credit unions nationally – especially small- to medium-sized institutions – recognize and understand what information governance is and how it relates to their members. Credit unions will have to play catch up to other industries already applying information governance, she advised. "Anchored by the industry's people helping people philosophy, credit unions will want to begin using information governance to their advantage as they face competition from fintechs, banks, and the scrutiny of data management and security by regulators and auditors."

The Alt + F0 founder, who has spent more than 25 years in operations risk mangement, including time at a corporate credit union, said information governance goes beyond outmoded records-administration and holds the key to leveraging future membership growth, risk management, data asset-value and competition within financial services. "We're at the very early stages of information governance capturing the attention of key decision makers within the credit union industry as we transition into a new year and a new decade," Martinez-Carey said.

"The traditional 'records management' and 'data management' seen in our industry over the past several years won't cut it for addressing credit unions' increasingly sophisticated compliance needs, regulatory demands, and the urgency to retain members and innovate with the future," said Martinez-Carey. She noted her company's LOCK platform, an audit readiness application, is drawing interest from a handful of early credit union adopters including a California institution and a Midwest CUSO. She also said credit unions need to look at how third parties actually secure and manage information.

Sovan Bin

"When consumers select a credit union, they opt for a more customer-friendly model," Bin said. He pointed out that in doing so, they entrust the institution with their personal information and financial details. For a credit union, the presence of member-sensitive information requires adherence to data privacy laws and regulations such as the Fair Credit Reporting Act, the California Consumer Privacy Act and even GDPR.

"The core tenant is that privacy is a fundamental right," Bin said, adding under a regulation such as the CCPA, a member has the following rights:

Right to know: You must tell a consumer what personal information you collect before or as you collect it.

Right to correct: You must provide a consumer the ability to manipulate their data and set preferences on data use, including the ability to request deletion of personal information.

Right to object: You must give consumers control over their data's processing including the ability to object to the sale of information to a third party.

"Financial institutions and credit unions should be concerned with information governance as it is a strategy for managing information throughout its lifecycle. Information governance is especially critical for financial institutions and credit unions due to the sensitive customer data that they are entrusted with securing and managing," Chris Hertz, chief risk officer for cybersecurity firm DivvyCloud, which allows customers to automate governance of their cloud and container infrastructure, said.