Glossary

Information governance

Information governance is how an organisation manages information as an asset throughout its life — the policies, roles and controls that keep data accurate, secure, accessible to the right people, and used lawfully. It sits alongside, but is broader than, data protection.

Last updated

Part of our topic guide on AI Governance & Data Strategy.

Information governance is how an organisation manages information as an asset throughout its life — the policies, roles and controls that keep data accurate, secure, accessible to the right people, and used lawfully. It covers everything from how records are created and stored to when they're deleted, and it sits alongside (but is broader than) data protection, which deals specifically with personal data.

Why it matters

Get information governance wrong and the damage isn't abstract: it's a data breach that lands on the front page, a decision made on records nobody can trust, or a regulator's letter you can't answer well. Good information governance is what lets a business actually use its data with confidence — you can't build reliable reporting, analytics or AI on information nobody's kept straight.

In our view, this is exactly why digital and data literacy deserves to sit alongside English and maths as a basic workplace skill, not a specialist add-on. Whoever handles data in a role — not just the person with "data" in their job title — benefits from understanding how information should be governed, because good governance depends on everyone touching the data doing their bit properly.

How it works

Information governance typically runs across a few connected areas:

  • Policy and accountability — who owns which information, and who's responsible for how it's classified, retained and disposed of.
  • Security and access control — making sure only the right people can see or change information, and that there's a record of who did what.
  • Data quality — keeping information accurate, complete and fit for the decisions it supports.
  • Compliance — meeting legal obligations such as the UK GDPR and the Data Protection Act 2018, overseen by the Information Commissioner's Office (ICO).
  • Records management — how long information is kept, and how it's securely disposed of once it's no longer needed.

These pieces work together: a policy is only as good as the access controls that enforce it, and compliance depends on records being managed consistently, not just written down.

Common questions

What is a Level 4 Data Protection and Information Governance Practitioner?

This is the name of a specific apprenticeship standard in England, set at Level 4 — roughly equivalent to the first year of a degree. It trains someone to handle an organisation's data protection and information governance responsibilities, including compliance, risk and records management, and — like other apprenticeships — is assessed through an end-point assessment set out in the standard's own assessment plan, not a single fixed format.

Is there an information governance apprenticeship?

Yes — in England, information governance is covered by the Data Protection and Information Governance Practitioner apprenticeship standard, currently set at Level 4. As with any apprenticeship standard, the right fit is judged against the standard's actual knowledge, skills and behaviours, not just whether "information governance" appears in someone's job title — plenty of roles that never use that phrase still cover the ground it describes.

What does an information governance apprentice actually do?

Day to day, an apprentice on this route works on real organisational information — helping classify records, support compliance with data protection law, manage access and retention, and respond to information requests — under the guidance of people already doing that work. Apprenticeships are learned and assessed on real work rather than in an exam hall, so the practical tasks an apprentice handles are the same ones a qualified practitioner would be doing.

Related terms