By now, I am hoping you don’t need convincing to accept the issues around information governance. In case you need a refresher – information growth, regulations, costs, employee behavior, lack of executive support, and decentralization of systems, policies, and users. We all wish this problem is easy to tackle and I can tell you first hand, it’s not. While vendor PowerPoint presentations may look marvelous, the ability to bring the principals to your business is quite challenging. Well, if you didn’t have enough challenges, here are three big trends that will impact you and your information governance program by the end of the year.
Bring your own device (BYOD)
I attend many conferences and amused by how many people are using their own tablets to take notes, respond to emails, update salesforce, and revise contracts. In many cases, these tablets physically belong to the employees as most companies today have embraced a BYOD policy or strategy. This includes fortune 500 companies who have been known to traditionally lock down their entire IT infrastructure. Employees are using their own smart phones and tablets to conduct business – a trend that continues to grow. A report last month indicated BYOD would increase 10% to 25%.
While the actual hardware belongs to the employee, the information may not. Data residing on the device may belong to the organization – introducing a new curve ball to information governance. One may argue the tablet is geared to content consumption rather content creation, however this is not always the case. I have a friend who relies on his iPad to create presentations in Keynote. Do those presentations belong to the company? If yes, where are they stored? How about the meeting notes in Evernote; are they official records? And in case of litigation, what happens…does the employee need to hand the device to the lawyers or eDiscovery teams? How do you separate the personal pictures with business related information? And what happens if there are personal items on the device that indict the employee on other charges?
Speaking of employee’s private data – companies have an obligation to their customers and employees to secure sensitive and private information. Data and security breaches are not good; just ask the executives at LinkedIn. If you are collecting data – customers are in UK, datacenter in India, and service providers are in the US – where do you start?
My recommendation to customers is to always start and end with the lifecycle. Look at the different milestones, business processes, storage technologies, retrieval methods, and proper destruction of the record. Your information governance platform must carry the privacy rules throughout the entire lifecycle of the record – in the various applications utilizing the record – across potential decades. Upon capture/collection of the record, indexing is critical to determining what the data is and how to determine privacy attributes. You can’t rely on the user to provide this data. As someone told me “don’t blame the tool, blame the users.”
And the storage of information is really important since many countries have very stringent rules on data archiving. If you are a Forrester customer, they provide a great heat map around data privacy. Plus, all third party collection vendors are responsible for doing what they are supposed (and agreed) to. You don’t want someone losing a bunch of sensitive records in South America, as what happened recently in Boston.
Retention schedule driving databases
I am not a huge fan of the term “big data” however I am certainly fascinated by the concept. From a marketing perspective, there is a tremendous amount of valuable information for discovering buying patterns, highlighting product trends, and uncovering new opportunities. In most cases, this data is stored across a variety of huge data stores. There are hundreds, if not thousands of applications to help you access and analyze this data.
The question on the table is how long do you keep this information? And exactly how do you separate the junk from the non-junk? Should (or at least some of) this data fall under the information governance umbrella? The definition of record is pretty straightforward, "information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business." Isn’t some of this “big data” considered corporate records? I say yes and pretty certain your legal department will agree.
This is where things get exciting. In a world where records management used to focus only on paper, FRCP forced them to manage electronic documents. Now enter databases? Yes – columns, rows, SQL queries, data warehouses, primary keys, and data models. I am pretty certain records managers aren’t comfortable with dealing with (or at a minimum understanding) these items. Enter IT. Do they understand the intricacies of a retention schedule and how to map all of this data to specific record classes? Maybe, maybe not.
So…we have a dilemma. Despite what vendors say (oh wait, I am a vendor), it’s still too early for records (as records management defines it) and data to converge. Companies should be thinking about the overall strategy on how all information is managed and then begin developing policies to properly govern them. After all a policy is a policy – whether it applies to a piece of paper in Brazil, an email in the UK, a document in a SharePoint site, or even a database.
With that, I leave you with this following phrase from West with the Night by Beryl Markham.
“We swung over the hills and over the town and back again, and I saw how a man can be master of a craft, and how a craft can be master of an element. I saw the alchemy of perspective reduce my world, and all my other life, to grains in a cup. I learned to watch, to put my trust in other hands than mine. And I learned to wander. I learned what every dreaming child needs to know -- that no horizon is so far that you cannot get above it or beyond it.”