Several years ago, the lack of sufficient controls over electronically stored information, especially unstructured content such as e-mails, became a real concern at ENMAX Corp., a utility that generates and distributes electricity, natural gas and renewable energy to customers in Alberta, Canada.
To get a better handle on its information assets, ENMAX moved its record management function from the legal services department to information technology, recalls Sam McCollum, who became the company's manager of strategic information management.
The IT department also decided to separate IT operations from IT governance. That led to a new initiative called Information Governance, which would provide strategic direction to the management of information throughout the organization. "The problem was that a definition of information governance didn't really exist at the time," says McCollum, who is now an information governance consultant and CEO of SIMC Coaching.
After researching the topic, the definition he came up with describes information governance as "an accountability framework that includes the people, processes, policy and technology that ensure the effective management of information to enable an organization to achieve its strategic goals and business programs."
"It is a high-level, strategic function that provides direction to all information operations functions," McCollum says. He decided it has to take into consideration four areas: organization and culture (structure and change management), policy and measurements (the legal aspect), the effect on business processes, and technology optimization (the technology solutions).
He took the strategic plan to senior management. Once they approved a roadmap, the information governance team began to seek budget approval for individual projects that fit with that strategic direction, whether it involved an enterprise content management system or the creation of an advisory council to measure progress.
McCollum's story about how ENMAX adopted information governance sounds pretty straightforward, but it is actually still the exception rather than the rule. Many large organizations have not yet undertaken a strategic plan related to information governance. In a recent AIIM survey of 548 members of its community, only 15 percent of respondents said their information governance plan is "in place, it's important and it's communicated and enforced." (See sidebar Q&A following.)
Linda Kloss, principal of Kloss Strategic Advisors and former CEO of the American Health Information Management Association (AHIMA, ahima.org), says that in the healthcare field, information governance is getting more important because digital data is being used to drive change. "We are seeing fairly rapid adoption of business intelligence and data analytics tools on this trove of data, and you need to identify flaws in the data and who has access," she says.
So many changes are taking place in healthcare that many organizations just can't undertake something as big as an information governance project, Kloss says. Instead, they have to work incrementally to fit it into the smaller issues they are working on such as privacy and security and secondary uses of data, and then knit those together into a larger framework.
"Healthcare has a lot of compliance-related activities," she adds. "And there are pockets of good governance, but they may be siloed and not looked at as part of a mosaic of activities. I look for ways to leverage activities already underway, such as a new rollout of analytics, to see if there are lessons learned about information governance that can be ported to other areas."
Department by department
Whether or not they are purposefully addressing information governance, all kinds of organizations find that their need to meet regulatory requirements leads to both the creation of policies and the tools to implement them. Sanitation District 1 in Ft. Wright, Ky., is responsible for the collection and treatment of Northern Kentucky's wastewater, as well as regional storm water management.
"Our record retention policies are guided by open records laws, the Clean Water Act and a state law that requires that all our financial information be published on our website, as well as the need to respond to record requests and litigation," explains Kathy Jenisch, the district's records manager.
SD1 began using Laserfiche's Rio enterprise content management system in 2009. It also hired a consultant to help it draft records management policies and procedures, she says, and it is using the Laserfiche workflow tools to go department by department and implement the policies about records retention and disposal, and set up repositories for specific departments.
Anthony Diana, a partner at global law firm Mayer Brown, was recently brought in as outside counsel to a large financial institution to help launch an information governance program.
Like Kloss, he recommends starting small. "If you try to boil the ocean, people freeze up because it is a big cultural change," Diana says. The culture in a lot of regulated industries has been just to save everything, especially in light of high-profile government sanctions in the financial and pharmaceutical sectors, he explains. People thought storage was cheap, so they decided to just keep everything and lock it down.
But that approach creates its own problems. First, it really isn't that cheap to store and manage all that data. Second, there is a productivity issue because with the exponential growth of data it gets more difficult to find things. "It gets the attention of senior management and the board when an e-mail from 2004 becomes public for some reason. They ask why do we have e-mails from 2004? The answer ‘because we keep everything' becomes unsatisfactory," he says. "So the question becomes how to right the ship."
Diana says organizations should get a policy in place, make key decisions and then look for the technology tools that will help them get there. The financial institution with whom he was working chose to adopt a solution from Nuix, because it had vast amounts of data in legacy archives that were not very searchable. The company had more than 330 terabytes of archived e-mail under legal hold and could not search, identify and extract messages for e-discovery requests within a reasonable time.
"They needed a solution that could search vast amounts of data quickly, and could search in systems like Lotus Notes and e-mail," Diana says. "They needed speed and something that could scale up. That was a strength of Nuix."