By Ryan Britton
If I were running a retail business and told you that I didn’t think that it was necessary to manage inventory closely – you would consider it terrible business practice. Likewise, we would never consider running a business without being able to account for every dollar running through the organization with generally accepted accounting practices. In a digital economy where information is becoming the de facto currency on which business value is made, differentiation is established, and the intellectual property of an organization developed – we are reaching a point where similar systems are becoming necessary from an information governance perspective.
To take the accounting metaphor a step further, we recognize that some financial transactions are not as consequential as others and should be recorded in a Petty Cash Journal…and that it is important to carefully record an organization’s assets on a Balance Sheet, where they can be depreciated and written off when they are no longer providing value to the operation. Failure to follow financial regulations can result in significant liability for the organization and its stakeholders.
Likewise in the information governance space, we are seeing an increase in information regulation on a global scale, and organizations are attracting significant fines as a result of mismanagement of information. Cyber insurance has arisen as a way for organizations to mitigate the financial liability – but there is still significant exposure in terms of reputational damage, and a very real danger that individuals and organizations may have legal recourse in the event that their information is mismanaged. At the same time, there has been an increase in illegal activity from criminals seeking to steal an organization’s informational assets – either holding them for ransom or selling them.
But how do we manage our informational assets? In most organizations of all sizes today – the biggest problem is that critical business information is unstructured, uncategorized, and growing exponentially in this manner. To make this point – according to the DataBerg Report, on average, 12% of an organization’s information is business-critical, 23% is ROT (Redundant, Obsolete and Trivial) and around 65% represents “Dark Data” (information existing on networks, devices and personal repositories which is neither quantifiable nor tracked by IT). Can you point to the 12% of critical data in your organization? Can you measure ROT? Can you estimate your organizational liability based on these classifications?
In most cases, the answer to these questions is “no”. Organizations are generally aware that information is an asset but are overwhelmed by the growth and volume of their data – and perhaps unsure of where to start…and so they just keep everything. Even where the organization has a Records Schedule and Enterprise Records System – we find that there is generally a low level of compliance within the organization. Historically organizations could get away with this – but with the advent of highly searchable cloud platforms (where a search would return files from an employee’s OneDrive, for instance) and increasingly draconian regulations, the need to provide a more robust system for managing information is becoming critical.
“So What is the Answer?”
Well, currently there are a number of technological advancements which will assist organizations in auto-classifying sensitive information within their repositories, governance systems that attempt to reduce the admin burden for IT staff, and integrations that enable hybrid, or in-place records management (bringing information governance to collaboration systems which historically lacked it). In my experience – the answer is not a technological one, though.
In the same way that keeping a giant storeroom where we stack all our “inventory and consumables” would ultimately lead to a messy storage space where we cannot find anything, where assets are stacked next to fire hazards, and where no number of helpful “tools” will help us manage the mess – so the case is with an organization’s information. We must supply digital shelves where items of the same type can be stored together, indexes which make things easier to find, expiry dates which identify stock which needs to be retired, and stock control processes to manage and track stock movement.
The process of doing this from an informational perspective involves creating a classification taxonomy, identifying document types which are important to the business, aligning the document types with the Records Schedule, documenting the Document Lifecycle (through collaboration, retention and disposition), Identifying how teams work with that information through Team Lifecycles (including sharing, co-authoring, security context, publishing, versioning), and creating blanket policies for documents that don’t fall within these classifications.
“That sounds Expensive…”
Yes, there is an expense involved in pursuing this type of due diligent approach to information governance and management. Often, we find that the thought of tackling such an enormous task is unattractive to organizations…. but what is the liability and cost of *not* properly managing your information? How much worse will the situation be in 5 years?
A better approach is to measure the size of the problem (which would give you a litmus of your organization’s liability in this regard already), determine the cost of implementing a solution, and build an Informational ROI to address the issue. There are plenty of metrics that we can use to build a business case (reduced storage costs, reduced compliance liability, decreased costs for ancillary workloads like business intelligence, increased discoverability, decreased IT administration costs, increased productivity, reduced hardware costs, reduced informational security costs etc.)
There is a cost associated with proper stock control and financial compliance…but we would never consider doing business without the proper controls in place in those departments. So too, it has become with information governance.
