The tech industry is riddled with buzzwords. New phrases get coined faster than old ones can go out of style. So it’s hardly surprising that when people hear ‘information governance’ they smile uncomfortably as they search for meaning in such a vaguely powerful term. Neither the concept nor the term information governance (IG) is loud or flashy, but it plays a crucial role in any large organization.
Information governance is a big picture idea with granular implications. It is challenging to picture the true scope of its impact, but I’ve broken it down below to start you on your journey. For the purposes of my illustration today, I’ll be focusing primarily on unstructured data (files, email, etc.). We can’t let structured data have all the fun now, can we?
Possession with Purpose
Let’s start by highlighting a common problem faced by many enterprises at scale. Imagine you send an email to 10 colleagues. That email contains an attachment with some confidential information it. Your email’s 10 recipients all save the attachment, and a few make edits. Someone even forwards it to another colleague, and who knows what they did with it? All of a sudden, the sensitive information you sent is now stored in multiple locations with no way of tracking it. This is a problem for any organization, but especially at large organizations, it happens at an insurmountable pace.
The problem only gets worse when dealing with business records. Records are kept to ensure accountability, but there’s also a practical component to consider. Multiple business units need access to each document, and each of them could be changing it. There are too many moving pieces for even the most organized, intelligent person to keep track of. And, making matters worse, most legacy email and records technologies are not properly equipped to handle it either.
Since World Cup fever is raging right now, a soccer analogy may be the best way to continue. In soccer, there’s one ball and 22 players. That makes the ball easier to keep track of—it’s what you do with it that matters.
But consider what would happen if we introduced multiple balls at once. Players wouldn’t know how to react. Unsure of their responsibilities, they’d scramble for the nearest ball and leave holes in the defense. Strategy would break down. Referees would have trouble keeping track in the turmoil, and rules would be broken without accountability. Chaos would ensue.
The same goes for information governance. With information duplicated and stored in various forms throughout an organization, records managers are left scrambling. As with soccer, you need to either get rid of the extra balls or rewrite the rules to the game.
Rewrite the Rules
With all the balls in play, it’s time to centralize governance. In simple terms, information governance is all about control. When you control your data, you can utilize it in new ways. Unified governance gives you that control.
Mismanaged information leaves companies vulnerable to privacy and security threats, both internally and externally. Likewise, it makes compliance with new regulations like GDPR impossible and increases exposure to fines. Perhaps most importantly, it creates a threat to the public perception of the company when something goes wrong.
Practically speaking, however, this can be difficult. Legal, compliance, HR, and IT all need access to information for very different reasons. So how can organizations ensure access to important information without propelling dangerous duplicates throughout their systems?
In short, lose the plural: make it “system”, not “systems”, at least behind the scenes. By leveraging the right technology and applying the right policies, data can de-duplicate itself on a system level without altering permissions or the users’ view of their data. The result is proper governance without the sacrifice of productivity.
The Final Score
Once the system applies the policies to all the information an organization has, it knows how to classify any new information created in the future. The effects of this are numerous: When litigation arises, legal teams immediately know all relevant information and can determine liability and strategize accordingly. IT has the ability to prepare for the worst case scenario – a data breach. If a breach were to occur and sensitive information has already been locked down or removed, the hackers make off with nothing of value. Policies set to flag communications that may violate compliance or HR policies ensure a safe and accountable workplace. All of this can be achieved by centralizing storage and management of information.
Change can be daunting, but I think a fresh perspective highlights the need for improvement to the way we’ve been handling our information. There’s a reason we play sports with one ball. Why do we expect different results in the workplace?