Information Governance has slowly but surely demonstrated its importance to organizations. The initial impetus varies, but the end goal is generally accepted among professionals: They want to control data by (1) knowing where it is, (2) controlling who should see it, and (3) knowing when it should go away. Easier said than done, so how should organizations go about this?
Divide and Conquer
Stop trying to make it happen in one fell swoop. We consider “proactive” methodology as the ideal InfoGov strategy; governing data before anything goes wrong to in order to maximize long-term value. However, getting to that stage often needs to be reactive in nature. IG professionals in different divisions need to work within the confines of decisions that have already been made, and build upon that structure. Always understand that full-scale InfoGov is a war won by progress through separate, incremental battles internally.
The EDRM did a good job of “process-izing” a solution to the eDiscovery problem. The new issue is that Information Governance is just one box of that process, without any explanation. A shift in perspective could help – we need to stop aligning IG initiatives for IG’s sake, and start aligning it with existing business initiatives. For example, we get about 15 times as many RFPs for eDiscovery, RIM, Complaince, and Analytics, than we do for pure “Information Governance.” There’s a reason for that. IG is a noble goal in itself, but that’s not really the way most businesses work. It needs to be threaded through other initiatives, and collaboration in organization is the key to success.
Choose Your Battles, Pick Your Targets
Keeping in line with this military theme, any strong InfoGov program is earned by creating allies. Getting the word out among business groups is a good place to start, and following through with those folks on the same page should do wonders. There are undeniable problems with IG: people don’t care; those who do care, don’t know where to start; and all strategies are different. Rounding the troops, then, is all the more important. I spoke with one Director of Information Governance at a Fortune 500 company that was surprised by the buy-in he had from his marketing team, of all people. It really helps to have numbers aligned with you in the organization.
My first suggestion for a targeted ally is the cyber security group. One of the biggest risks to data breaches is an overflow of content, making it hard to control as a means of the first step for true management. Even with this known issue, it’s still underestimated. Analysts have consistently predicted 11% growth of data within organizations year-by-year. We’ve seen that number to be as high as 34%, and average about 24% across organizations. That should raise some eyebrows in the Security group. Going off simply existing examples, anyone with a combination of technical and legal background is probably a good start.
I’m friends with an Insurance Salesman in the Bay Area. He’s constantly using earthquakes throughout the state and country as a reminder for the quake of ’89 and as a warning about the impending Big One. Often times, his potential customers feel the need to remind him that he makes money off of insurance. His response? That doesn’t negate the fact that you’d need protection in the case of an earthquake.
The same thing goes for InfoGov. Headlines are full of data breaches and massive legal costs which could have been avoided with the proper IG program. At those organizations, it results in immediate remediation projects, and it causes ripple effects for their peers – consultants, audits, etc. which yield even more projects. Don’t be bashful about the warnings. It could happen to you!
Men Lie, Women Lie, Numbers Don’t
Do your best to develop and know your ROI. Be open to the idea of Quantified Information Governance: the application of smart technology and evidence-based practices to the governance of information. Defining essential facts, and ensuring that your organization has those facts about your information and your operating environment are crucial.
Allow your decision-making to be data-driven, instead of guessing what (or where) something is. Information governance decisions are fundamentally business decisions, so don’t let legal drive everything. No legal obligation in the world requires companies to hold onto data when they don’t know what’s in there.