Information Governance Grabs Center Stage
When you talk about privacy and data breach laws, the underlying emotion is fear. According to Simberkoff, the real issue is risk avoidance. One of AvePoint’s best practices includes understanding the data life cycle. As Simberkoff emphasized in our conversation, retention policies should
recognize that data has a beginning, middle, and end. “It’s born, collected, used internally, shared inside the company and externally, and then it should have a define disposition.” Disposition might mean it’s archived but it might also mean it’s destroyed.
Organizations should comply with legal requirements and not dispose of data too quickly. On the other hand, hoarding data doesn’t help with risk avoidance, either. If you think that data might have long-term implications, possibly to identify trends, you still don’t want that sitting in SharePoint. Archiving it and getting it out of a production environment could be the answer, but if and only if you’re not saving it simply for the sake of saving it.
Life cycle management of data starts with thinking about how data is created or collected. Did it come from internal sources? Was it gleaned from an external repository? Was it provided by customers? This will differ from company to company and even from one industry sector to another. Next is access policies—who is authorized to access and use the data. The point is to strike a balance between being punitive to the point of inhibiting compliance and restricting access to preserve privacy and security. Sharing data is an important component of modern data management and the cornerstone of KM, but excessive sharing creates more problems than it solves and sharing across national borders raises potential legal issues. Retention policies and disposition practices are integral to good information governance, as is the understanding of what can and should be shared.
Setting the Stage
Information governance is deeply allied with privacy and security. But to set the stage for an effective governance program, it’s important to look at the content you’re governing, says Adlib’s Isabell Berry. She echoes Simberkoff’s thoughts about information security making good business sense. It’s clear that when a data breach makes headlines, it’s not fear of European legislation that comes first to a CEO’s mind. No, its how customers and investors will react. It’s the sullied reputation of the company and the loss of trust. It’s the assault on brand integrity.
Berry puts information security at the top of the list when organizations develop their strategies for information governance. Interestingly, she notes that 40% of breaches come from within the organization and cites the Panama Papers as one example, albeit an extreme example. She thinks that Adlib’s “holistic approach” to content identifies business intelligence that the business didn’t know it had. When businesses don’t know they have information, let alone where the information resides, it’s way too easy for sensitive and private information to leave the confines of the business. You can’t secure data you don’t know you have. Thus, a process of identification, value extraction, classification, and archiving needs to occur.
Dan Latendre, CEO of Igloo, values information sharing and sees knowledge as “internal currency” that needs to be managed wisely, which is where a governance procedure would be helpful.
The Intralinks approach to information governance focuses on enterprise productivity tools. Todd Partridge, VP of product marketing, is convinced that tight access control is necessary now that companies are sharing sensitive information outside their firewalls. Like Simberkoff, he stresses the importance of the content life cycle, but from the external to origination perspective. His recommendations include determining access rights to documents shared externally, encrypting documents, avoiding viruses by closely monitoring devices, instituting an information rights management program, and ensuring compliance by monitoring and auditing information sharing practices.
Digital asset security is the concern of Nuxeo’s Mike Urbonas. Having a digital asset management (DAM) program in place minimizes the threat posed by those trying to break into your system and steal confidential data, whether it’s about customers, employees, marketing plans, or future strategies. Minimizing security vulnerabilities is key to avoiding those data breaches feared by organizations. His metaphor of the castle is striking, particularly when he identifies threats as coming from both within and outside the castle walls.
With almost everyone in an organization contributing content, the role of information governance is ever more critical. Information governance is hardly an impediment to productivity; it’s actually a productivity enhancer. As AvePoint’s Simberkoff points out, the publicity surrounding data breaches has led to increased scrutiny and more stringent laws and regulations. Risk management in the form of information governance, data security processes, and legal compliance stands center stage for organizations of all sizes and types.
.
I