While the past twelve months have been filled with a whirlwind of news stories and controversies from both presidential candidates, Hillary Clinton’s e-mail scandal has been of particular interest to those in the data governance field. Though thoroughly covered, one element in particular has been overlooked by the media at large. Early on in the scandal, the Clinton campaign and the State Department complained that the issue was largely the result of classification disagreements between the state department and intelligence communities. This is actually not as absurd as it sounds.
To most onlookers the concept of government classification seems relatively straightforward: important government secrets are marked as classified to restrict access to only those who need to know them. In reality however, each federal department applies its own standards of classification and controls its own access permission lists.
Departments are encouraged to honor the clearances of other agencies, however there is no hard and fast rule requiring it. This system can thus cause considerable confusion when departments handle overlapping material such as drone strikes or diplomacy channels. If say, the State Department feels that drone strike information should not be classified, while the CIA feels those same details should be top secret, the result can be a confusing mess.
The issues this setup presents however go beyond simple confusion. A security system is only as strong as its weakest link, and thus classified information is only as secure as its lowest level of classification. Without government wide standards, departments with looser classification requirements represent potential exploits for those seeking to access sensitive government records. Worse still, different departments may have no idea that their classification levels are out of sync with those of their fellow government agencies, resulting in a breakdown of proper data control.
While these issues are substantial, they are areas in which the information governance space can offer qualified assistance. Cleaning up inconsistent classification standards is functionally no different than the administration of retention policies or access control lists, challenges that large enterprises have been grappling with for years.
Unified data governance tools are commonly used in the business world to tear down the divisions between departments, allowing a single point of control to handle document access. If applied to the federal government, this would in principle minimize security risks from classification discrepancies as well as provide a greater degree of clarity with regard to organizational priorities.
Obviously, the government has security concerns far beyond those of the business world, so bringing the entirety of Federal records under one roof is likely out of the cards. If however certain principles of information governance, such as a single standard of classification, are applied, the government as a whole would still stand to gain considerable ground in the field of security and access control. A lofty goal to be sure, but one can dream.