Making the Case for Information Governance

In my last column, IT’s Time for Information Governance, I provided an introduction to the concept of information governance (IG) and why it is an urgent and relevant concept for CIOs.

As promised, in this column, I am going to start to sketch out the case for IG. This is critical, because success in IG requires fundamental changes to the way that companies think about information and how they should manage it. This means that IG, more than anything, is a change management exercise. And change management requires powerful simple messages to drive it. That’s what I hope to provide here and in my next few columns.

Reason #1: We can’t keep everything forever

“Information workers, who comprise about 63% of the U.S. work force, are each bombarded with 1.6 gigabytes of information on average every day through emails, reports, blogs, text messages, calls and more.” – “Don’t You Dare Email This Story,” Wall Street Journal

IG makes sense because it enables organizations to get rid of unnecessary information in a defensible manner. Organizations need a sensible way to dispose of information in order to reduce the cost and complexity of IT environment. Having unnecessary information around only makes it more difficult and expensive to harness information that has value.

Most statistics on the volume of digital information organizations create contain numbers so large that they are hard to comprehend (for example, “the digital universe” is estimated by IDC at 281 exabytes in size or 1 EB = 1,000,000,000,000,000,000 (1018 bytes) = 1 million terabytes = 1 billion gigabytes). Organizations experience 30, 50, or even 100 percent annual growth in the volume of information they store. And the trend doesn’t seem to be slowing down.

Although the cost of storage hardware continues to drop, storage hardware costs are just the beginning. According to IDC, the total cost of storage ownership “far outweighs the initial purchase price” of the hardware, and includes factors such as migration, outage, performance, information governance, environmental, data protection, maintenance, and staff costs.

Organizations often claim that they are just keeping a piece of information “for now.” Without a firm plan in place, this really means “keeping it forever.” After all, unless you plan on keeping a piece of information forever, you will need to make a destruction decision about it at some point.

Will that destruction decision be easier or more difficult in the future? After all, in three, five, or ten years will:

  • You have the software that created the information?
  • You have the hardware to read the media that the information is stored on?
  • The employee that created it still be working at the company?
  • The department that the employee worked in still exist?
  • Anyone remember anything about the project that document was created for?
  • Litigation be filed that requires the preservation of that information?

IG, with its legal and compliance foundations, provides a defensible approach to disposing of unnecessary information. The combination of good policies around retention of information during normal business operations and preservation of information during legal holds and litigation or regulatory investigation protects your organization.

It’s important to note that the law doesn’t require us to keep everything forever, but only IG provides a defensible framework to help us get rid of the information we don’t want and aren’t required to keep.

Reason #2: We can’t throw everything away

“Ensuring the right information is available to users when needed is regarded as the highest business priority for large companies . . . and the vast majority of decision-makers believe that an effective information strategy has a very significant impact on this top business goal.” – “Managing Information: Research Study on Customer Priorities and Challenges,” RONIN Corporation

IG makes sense because organizations can’t keep everything forever, nor can they throw everything away. We need the right information, in the right place, at the right time. Only IG provides the framework to make good decisions about what information to keep.

If we could throw away every piece of information created and received in our institutions whenever we wanted to, there would be little need for IG. The reality, of course, is much different. Information is how we do business and, to a greater degree each year, business success is influenced by how well we manage that information. Although most information is created by individuals, enterprises are responsible for the security, privacy, reliability, and compliance of most of the information these individuals create. This is the role of IG.

Some information we keep because of its business value. Some we keep because of legal requirements. By some calculations, there are thousands of laws and regulations in the U.S. alone that speak to the way organizations must manage their information. The role of IG is to parse those laws and regulations into practical policies and retention schedules that guide the organization on its proper management.