Compliance, Governance and Oversight Council

CGOC is a forum of over 3,600 legal, IT, records and information management professionals from corporations and government agencies. For over a decade, CGOC has been a thought leader advancing governance best practices across the industry.

Recent Resources

Data Privacy and Governance – CGOC New York highlights and trends

May 4, 2018

The past decade has produced an unprecedented accumulation of data. Organizations in general and business models in particular increasingly rely on data. Maintaining the privacy and confidentiality of this data, as well as meeting the requirements of a growing list of related compliance obligations, are top concerns for organizations and enterprises alike. Even though CGOC Regional…

Read More

GDPR Readiness Starts With Unified Governance

February 27, 2018

The EU’s General Data Protection Regulation (GDPR) goes into effect on May 25, 2018. According to Top Corporate Data Protection Challenges, a survey of 132 compliance officers from organizations around the world and across multiple industries, only 6 percent of respondents feel their organizations are currently compliant with the upcoming regulation.

Download this resource guide to discover how a Unified Governance program can create the foundation for successful GDPR compliance, while enabling improved business insight, increased productivity, and reduced cost and risk. Start your compliance journey today.

Read More

The Demand for Unified Governance – Experts Weigh In

February 21, 2018

Making the business case for an ongoing and unified data management and information governance program Data management teams must recognize they can’t ensure accurate, secure data without proper governance. On the other side, information governance teams must accept their mission has dramatically expanded from simply proving regulatory compliance to helping businesses achieve a single version of the truth, expose and extract value from information assets, and reduce a variety of risks.

Meet our Faculty and Speakers:

Jake Frazier, Senior Managing Director – FTI Consulting

Clare Sadler, Managing Director– Information Squared

Caroline Sweeney, Global Director, E-Discovery & Client Technology – Dorsey

View Now!

Read More

News and Events

CGOC Regional Meeting on October 17, 2018 – Seattle, WA

Save the date for the CGOC Regional Meeting: October 17, 2018, in Seattle, Washington.

Details about the CGOC Speakers will be shared via emails and posted on our social channels, so be sure to join our community or follow us on social media.

Data Privacy and Governance – CGOC New York highlights and trends

Corporate leaders from IT, Legal, Privacy and RIM attended this one-day executive meeting on data privacy and governance. Topics included analytics and the current security landscape, using machine learning and governance to meet business objectives and more!

Data Protection in the Modern Enterprise – CGOC London highlights and trends

November 14, 2017

Corporate leaders from IT, Legal, Privacy and RIM attended this one-day executive meeting on data protection in the modern enterprise. Topics included how to mobilize a GDPR program, data protection, and more.

On-Demand Webinar – Cross-Border Information Governance: Setting Yourself Up for Compliance

Watch the on-demand webinar on Cross-Border Information Governance: Setting Yourself Up for Compliance to learn the risks that arise when controlling and processing personal data.

Legal and compliance teams critical to machine learning success

August 8, 2018

This Q&A with Jake Frazier, CGOC Faculty Member and senior managing director at FTI Consulting on how machine learning is shaping the enterprise. For this article, I asked Jake about the new and complex challenges around the adoption of machine learning technologies in enterprises. Machine learning offers business users an unprecedented opportunity to take advantage of the massive amount of data they are collecting. However, machine learning is also increasingly important to legal and compliance teams.

Read the article

Machine Learning: The New Imperative For Your Governance Strategy

August 5, 2018

If you’ve been working toward General Data Protection Regulation (GDPR) compliance over the last couple of years, you are probably feeling like your data compliance environment is in good shape. You’ve identified what information exists, where it is and how it flows, and in the best-case scenario, you’re eliminating data silos that otherwise hamper end-to-end compliance processes. While improving these processes will continue to be a top priority, it’s time to find other ways to use these new data governance capabilities to help the business.

These days, I’m regularly being pulled into machine learning projects to offer some assurance that the personal and sensitive information pouring into these innovative applications for research and development (R&D), marketing and sales is being used in a compliant way. Certainly, good GDPR hygiene is a tremendous asset in this effort, but there is a lot more to consider when it comes to machine learning (ML).

Read the article

Opinion 5 keys to innovating without sacrificing privacy, security or compliance

June 1, 2018

In an era of increasing regulatory complexity, including around data privacy, no business that wants to survive can tolerate recklessness. But that does not mean abandoning rapid innovation. Companies have been innovating without being reckless forever – and just because Facebook benefited from its irresponsibility for a while, no company should risk its existence by equating the two.

How do you create an environment to support rapid innovation while protecting the company from its own excesses? Consider the following five keys to moving fast without breaking things.

Read the article

5 keys to innovating without sacrificing privacy, security or compliance

May 29, 2018

How do you create an environment to support rapid innovation while protecting the company from its own excesses? Consider the following five keys to moving fast without breaking things.

Read the article

GDPR could be Facebook’s toughest data management test yet

May 8, 2018

Europe is more attuned to data privacy and security issues than other areas and takes a much more no-nonsense approach to technology companies and how they handle customer data. And indeed, Facebook is taking heat from government leaders there.

Read the article

Privacy pundits finally get their day in the sun

April 13, 2018

As Facebook’s Mark Zuckerberg testifies during Congressional and Parliamentary hearings about his company’s business practices and consumers begin to wake up to the reality of how much of their personal information has been collected and mishandled, privacy researchers and developers are finally being listened to.

Read the article

Privacy By Design Is Important For Every Area Of Your Business

April 10, 2018

As implementation of the EU’s General Data Protection Regulation (GDPR) approaches, organizations may be tempted to regard privacy as a regulatory burden and focus solely on mechanisms of compliance. Protecting private information has vital and obvious implications for everyday life, and the only way companies can successfully do this is to create a culture of privacy.

Read the article

6 GDPR Myths That Must Be Busted

April 3, 2018

If you’re one of these companies scrambling to meet the May 25th deadline, it is essential you not fall into the trap of believing any of the myths that have risen about the regulation – which can lead to overconfidence, poor risk assessments, wasted effort and ultimately noncompliance.

Read the article

Are You Ready for GDPR? Guidance for getting up to speed

March 15, 2018

Heightened security threats lead to heightened regulation, however, organizations are not always quick to comply. Though the world was forewarned two years ago that the European Union’s General Data Protection Regulation (GDPR) was on its way, a recent survey found …

Read the article

Press Release: CGOC’s GDPR Resource Guide Provides Essential Guidance on Compliance Journey

February 28, 2018

The CGOC (Compliance, Governance and Oversight Council) today announced the availability of the GDPR Resource Guide, a compendium of unique resources developed by and for members of the CGOC to help organizations understand and chart their GDPR compliance journey.

Read the article

Making a successful case for a unified governance program

February 26, 2018

Modern big data and digital transformation initiatives depend on three underlying conditions. Data must be accurate and current. Data must be secure. And data must comply with evolving and increasingly complex regulations. This is especially true in the area of data privacy, given the impending implementation of the EU’s General Data Protection Regulation (GDPR).

Read the article

Stop Dragging Your Feet: GDPR Compliance Can Make You More Competitive

December 15, 2017

The May 2018 deadline for the EU’s General Data Protection Regulation (GDPR) should have organizations scrambling to roll out GDPR-readiness programs. After all, the regulation applies to most organizations doing business in the EU, non-compliance can result in severe fines, and getting ready for compliance will likely take significant time and effort.

Read the article

If GDPR Compliance Doesn’t Start With Information Governance, You’ll Probably Fail

December 9, 2017

Most discussions regarding the EU’s impending General Data Protection Regulation (GDPR) — scheduled for implementation in May 2018 — focus squarely on consent management (i.e., making sure organizations have permission to use the data they are collecting and processing).

Read the article

Most companies ill-prepared for EU data protection requirements

November 10, 2017

Known as the General Data Protection Regulation or GDPR, the EU describes the new requirements as “the most important change in data privacy regulation in 20 years.” Intended to replace the current European Data Protection Directive and standardize the laws governing data privacy across the EU’s member countries, it is meant to reshape the way organizations across the region deal with data privacy.

Read the article

Really? Only 6 Percent Of Companies Ready For GDPR

November 9, 2017

A survey of top corporate data protection challenges has found only 6 percent of companies are prepared to be compliant with the EU’s General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018. The Compliance, Governance, and Oversight Council (CGOC) released the results of the survey, which gathered the results from 132 compliance officers from organizations around the world. Those organizations were across multiple industries.

GDPR is a growing concern for companies in the life sciences industry. A session at DIA’s annual meeting in Chicago in June 2017 brought the issue to the attention of many pharma executives in the audience. Violations of the regulation can result in a penalty of €20 million or 4 percent of worldwide revenue.

Read the article

Press Release: CGOC Survey of Top Corporate Data Protection Challenges Reveals Only 6 Percent of Companies Feel Ready for GDPR Compliance

October 31, 2017

The CGOC (Compliance, Governance and Oversight Council) today released the results of a survey and accompanying infographic that reveals most enterprises are not ready to comply with the EU’s General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018. According to Top Corporate Data Protection Challenges, a survey of 132 compliance officers from organizations around the world and across multiple industries, only 6 percent of respondents feel their organizations are currently compliant with the upcoming regulation. The results also indicate most organizations are concerned about their poor data disposal practices and ability to demonstrate compliance, key elements of GDPR readiness. Organization size had no significant impact on readiness levels. Read more for the complete Top Data Protection Challenges Survey results and to download the infographic.

Read the article

Press Release: Registration Open for CGOC Regional Meeting in London on Nov 14, 2017

October 17, 2017

MEDIA ADVISORY, Oct. 17, 2017 (GLOBE NEWSWIRE) — The CGOC (Compliance, Governance and Oversight Council) announced that registration is now open for the Council’s regional meeting in London, England on November 14, 2017.

“This year’s CGOC event in London will provide attendees the vital information they need to navigate today’s most pressing data challenges, including incidence response to a security breach, mobilizing a GDPR program and aligning GDPR with other regulations,” said Heidi Maher, Executive Director, CGOC. “It also provides a rare opportunity to network with some of the top experts in privacy, compliance and information governance.”

Read the article

Successful Big Data Initiatives Live At The Intersection Of Insight And Compliance

October 16, 2017

Consider how many organizations embark on a big data initiative. They purchase the right technology and begin pooling data from disparate systems into data lakes or data warehouses. But how do they know which data stores to use? How sure can they be of the lineage and integrity of their data? What can they do to ensure that their data lake doesn’t become a data swamp? The answer is simple: Start with a unified governance approach.

Read the article

Internal Investigations: 10 Ways To Be A Cyber Sleuth

August 17, 2017

Cyberattacks aren’t the only significant threats facing enterprises today. Companies often find themselves needing to conduct extensive and costly investigations into employee behavior. For example, I was recently involved in an internal investigation that was estimated to cost a global Fortune 500 company more than $1 million just for the investigation itself. Of course, costs can run much higher when settlements and other legal fees are included. According to the Mintz Group, Foreign Corrupt Practices Act penalty amounts totaled $1.8 billion for the period from implementation of the FCPA in 1977 to May 2016. The financial impact to companies, as well as the damage to their reputations and business disruption, can be staggering, and possible litigation following an investigation can cause further financial and reputational harm.

Read the article

Five Essential Steps to GDPR Survival

August 4, 2017

Less than a year away from the implementation of the European Commission’s General Data Protection Regulation (GDPR) and stakes for companies are high. This article outlines important steps companies can take right now to make significant progress toward creating a data infrastructure that dramatically reduces the likelihood of non-compliance.

Read the article

10 Critical Steps to Create a Culture of Cybersecurity

July 26, 2017

Although eliminating all cyber incidents is impossible, a “unified governance” approach that combines security with data management and information governance can help create a business culture that promotes a strong defense. CGOC Faculty Member Ed McAndrew offers 10 steps you can follow to create a culture of cybersecurity.

Read the article

Preparing for Ransomware Attacks: Your Company Is a Target

April 3, 2017

Like any significant cyber incident, a successful ransomware attack can give rise to an increasingly broad array of legal, regulatory and financial impacts. Planning ahead is essential, and legal teams should consider these nine tips when assessing their companies’ readiness.

Read the article

New IGPMM Essential in Confronting Data Challenges

March 3, 2017

The risk and cost benefit analysis of 22 key processes allows organizations to practically deal with the torrid growth of digital data, a complex regulatory environment, and increasing adoption of cloud computing and machine learning.

Read the article

Corralling Data During a Restructuring

February 23, 2017

If you think IG is tough at a typical enterprise, wait until you go through a corporate restructuring in today’s environment, when the risks are magnified, the challenges are stark, and IG failures frequently blow up both the budget and timeline set for the restructure, undercutting business goals.

Read the article

The Financial Case for a Data Privacy Program

January 24, 2017

To increase the business value of data while reducing cost and risk, finance departments must become stakeholders in the development and implementation of data privacy programs.

Read the article

Press Release: Latest CGOC Information Governance Process Maturity Model Details How to Reduce Cost and Risk in the Age of Massive Data Stores

January 24, 2017

Helps mature key processes related to global privacy compliance, data quality assurance, data leakage and theft, and more. “The hardest part of an IG program is getting started, and the CGOC Maturity Model provides the structure on which to build an effective IG program.” – Anthony Diana, Partner at Reed Smith.

Read the article

Building a Business Case for a Data Privacy Program

January 23, 2017

Organizations understand that they must establish and maintain a comprehensive, enterprise-wide data privacy program built on a solid business case that defines its specific requirements. To begin the journey, explore these 10 foundational requirements for operationalizing a data privacy program.

Read the article

The Cost of Ransomware Attacks Can Reach Far Beyond the Ransom Payment Itself

January 3, 2017

Healthcare providers must take deliberate steps to prevent and mitigate the impact of ransomware attacks. While not exhaustive, the steps enumerated in this article can help better position companies for successful navigation through these high-pressure and often high-stakes situations.

Read the article

Press Release: Registration Open for Compliance, Governance and Oversight Council (CGOC) Regional Meeting in London

September 22, 2016

Speakers include senior executives from BlackRock, CME Group, Deutsche Bank, eDisclosure Information Project, FTI, HGP/GlaxoSmithKline, IBM, JPMorgan Chase, Reed Smith, Wolseley and others.

Read the article

Counsel Essential to Leading Info Gov Through M&A Minefields

August 25, 2016

Heidi Maher, CGOC Executive Director, and Jake Frazier, CGOC Faculty Chair and Senior Managing Director at FTI, discuss why IG can be more challenging during mergers and acquisitions (M&As) and other restructures. The potential for increased eDiscovery, cybersecurity and compliance issues can create a host of problems for a parent organization.

Read the article

How to ensure your A.I. gets good nutrition

July 21, 2016

Businesses increasingly acknowledge the potential of A.I. to accelerate decision making, but many have serious concerns about what is happening inside the black box. The quality of any A.I. can only be as good as the data it processes. Of course, “garbage in, garbage out” has long been an analytics refrain, but it’s even more important for A.I.

Read the article

The Saga Continues… From Data Creation to Data Consumption to Data Exposure

June 21, 2016

James Schellhase, worldwide business executive, information governance expert and CGOC faculty member, discusses the role of information governance in reducing risks associated with third-party data governance.

Read the article

How Companies Can Work with the US Government on Cyber Threats

April 4, 2016

From the malicious to the unintentional, cyber incidents continue to increase in frequency, severity, and cost to companies. CGOC Faculty member, Edward McAndrew discusses eight steps to help mitigate the impact of an incident by constructive engagement of law enforcement and regulators

Read the article

Draw Up the Perfect Info Gov Game Plan

March 30, 2016

While the operational goals of compliance, privacy, security and e-discovery practices are different, their processes and technologies overlap, and it is increasingly difficult to successfully conduct one practice without successfully conducting the others. Aligning compliance, privacy, security and e-discovery practices can lower risk. (Free Registration Required)

Read the article

Data Privacy: Key Elements Of An Information Governance Plan

February 2, 2016

Today, big data initiatives using customer data are driving new personalized services, innovative insights, optimized operations and new business models. That all sounds terrific, but there’s a dark side to big data, and if you don’t get a handle on it, your company’s new analytics projects may cause far more problems than they solve.

Read the article

Data Everywhere: The Risk to Shareholder Value

December 7, 2015

About 69% of an organization’s data is unnecessary and has no value. Aside from taking up precious space, this excess information poses a great risk. Security expert, Heidi Maher, gives advice and put together 10 questions for board members to ask when developing a detailed and holistic approach.

Read the article

Strong Data Security Is not Optional

November 12, 2015

The average cost of a data breach has increased 11% from last year to now total $6.53 million for a single U.S. organization. Strong data security is critical for protection and financials. Six key elements have been identified as requirements for establishing strong security and reducing the risk of a breach.

Read the article

Information Governance and the Cloud

October 6, 2015

Hoarding is a psychological disorder—usually thought of as an unhealthy attachment to possessions. It causes clutter. Does hoarding of data have the same detriment to businesses? The need to maintain and delete data is greater than ever with data being created at unprecedented levels.

Read the article

How to Transition from Data Hoarder to Data Factory

September 14, 2015

With data overload, Rossi argues that a new foundation for collecting and using data is needed so businesses can develop and implement a strong structure for their growing data. His article highlights 4 key components to consider when making the transition from data hoarder to data factory.

Read the article

Managing data in a mobile and cloud world

August 25, 2015

The benefits to moving data to the cloud and mobile are impressive—lower costs, better efficiency—but it comes at the price of complexity and loss of control for your IT, legal and compliance teams. Expert Richard Kessler suggests these challenges can be overcome by standardizing information metadata.

Read the article

7 Questions for Information Governance, Analytics and Business Value

July 21, 2015

Organizations that manage their data as an asset can use analytics to pull significant value from the information they have stored—but not all data is useful, in fast, using irrelevant data can distort the analysis. Here are 7 questions that are important in determining the value of your information.

Read the article

Getting the most out of big data

April 21, 2015

Companies like Google and Amazon rely on collecting data and analysis as a way to stay competitive. These companies have allocated resources to investing in technologies but now, affordable big data solutions allow organizations of all sizes to benefit from the same data-driven perspective.

Read the article

A Simple Proposal for Making Data More Accessible and Valuable to the Enterprise

January 12, 2015

A strong foundation from the beginning of the data life cycle can dramatically reduce business costs and risk, while improving decision making. Kessler proposes 4 simple standard setup attributes to all new business systems so data can be easily aligned.

Read the article

Getting real about information governance

December 17, 2014

Setting up an enterprise information governance (IG) program can be daunting—but a simple, step-by-step approach to creating an effective IG makes the possibility a reality. Make the change as simple as possible with four key factors designed for long-term success.

Read the article

Best Practices for Information Governance

October 23, 2014

Existing business practices and many other factors make it difficult to have a holistic, disciplined approach to information governance. With these 5 outlined IG best practices, an organization can make appropriate decisions, and understand the value of their information.

Read the article

Burn After Reading? A Better Approach to Securing Shared Information

September 24, 2014

In this interesting article, Gascon addresses the pros and cons of different approaches to securing sensitive shared information, but proposes, what he believes, is a better approach—the “Share-and-Protect” strategy based on encryptions.

Read the article

Taking control of data debris

September 15, 2014

The growth of data is out of control. But successful companies are turning to information life-cycle governance programs to delete old data at the same rate they are creating new data. A properly managed program allows for long-term growth and the potential savings of millions of dollars.

Read the article

Thwart ‘dark data’ risk with data classification tools

July 29, 2014

About 90% of digital data is “dark”: unstructured, untagged and untapped data that organizations know very little about. This data complicates information governance, with the risk growing bigger with every piece of additional dark data. Address the issue with classification tools that index the data.

Read the article

Tackle BYOD challenges with mobile data management tools

July 8, 2014

In this Ask the Expert, Derek Gascon, executive director of the CGOC, talks about obstacles facing mobile data management and how to overcome the pressing issues. Equip your company with the right policies and tools as outlined by the experts of mobile information governance.

Read the article

5 Tips for Getting a Handle on Information Growth

March 20, 2014

Not all information is created equal—some is highly valuable, whereas other data is unnecessary. These 5 tips ensure that information growth will be benefit your organization instead of adding to the burden of excess data.

Read the article

Data management strategy good for business and a boost to compliance

January 8, 2014

This Q&A with information governance expert, Derek Gascon, answers many pressing concerns like smarter data management, better business practices, and improving security while maintaining compliance.

Read the article