As I see it, information governance includes making sure that employees are properly trained.
“Wrong Switch Led to Japan Jet’s Dive, Wall Street Journal, October 6, 2014 A13. Jet carrying 117 people nearly crashes after co-pilot hit wrong switch. Report shows co-pilot not trained in (a) dealing with high altitude flight upsets or (b) “‘upset recovery … accompanied with a stall warning.”
Confused over which switch controls the rudders and which switch opens the cockpit door? Gee, that could happen to anyone. Especially if you’re nervous about the captain trying to get back into the cockpit. What is the co-pilot in fact trained or expected to do? Knowing which switch opens the cockpit door would be on the list.
Is training people within the scope of information governance? Isn’t training one of the ways in which information is “used”? Does your risk assessment address risks or hazards that arise if your employees are not adequately trained?