The Morphing of Information Governance
Information governance is coming to life as a serious and far-reaching business activity. As we’ll learn during the following conversations, governance has morphed into a defensive as well as a proactive force, supported by upper management and respected by the line of business and the more legal-minded members of the organization.
I met with three of the smartest minds I know of on the topic: Jon Garde senior product manager at RSD; Jake Frazier, senior managing director for FTI Consulting; and Stephen Ludlow, OpenText’s director of enterprise product marketing.
I first spoke with Jon Garde at RSD who was calling from the UK, and it was getting late in his day. So I tried to be kind (as it’s possible for me), and allowed Jon to talk about his philosophies of governance, compliance and information management in general.
“Information governance is all about taking control. People understand that information is spiraling out of control. It’s growing exponentially, it is being passed around, there are data breaches in the news every day, it seems. People are concerned, and everyone can relate to it in some way.”
There are several themes at work in what Jon talks about. Information governance is a tall, many-faceted order. For instance, is there a basic difference between governance and compliance? When we say “compliance,” we are talking about what we HAVE to do. When we say “governance,” we are talking about what we SHOULD do. Is that about right, I asked Jon?
“To me, compliance is about setting a standard. It means we want to manage information in accordance to a certain outcome of behavior. It might come from external regulators setting compliance goals, but equally we could have internal compliance goals. For example, many companies have ‘clean desk’ policies, which limit how many emails you should have in your inbox, size of storage you consume…
“But information governance is a practice, and it’s separate from information management. Information management tells you that you should be taking control, while governance is about applying a particular approach.” The desire to control, versus a set of rules for controlling, I suppose is a way to put it.
“Much like a government, you set policies and then apply and enforce them. You’re actually governing!”
The enforcement of governance policies is a sticky area. It’s part training, part demanding, part encouraging and part a matter of proving it’s in the best self-interest of the employee to comply with governance policies. In my mind, information governance is mainly a policy matter—setting rules, enforcing them, etc. To what degree can information governance be automated?
“It is mainly a policy matter, but it’s about two types of policy. On one hand is the creation of policy. You have to examine what types of information you have, and break it up—you may want to apply different policies depending on the nature of the information. And then there’s an educational aspect, so people have to be involved. It’s like the analogy to government; you can’t just pass laws without people understanding what they are. It’s the same in the business environment.
“Then you get to the other side: how do you enforce those policies?” Jon wonders, somewhat rhetorically. “A lot of that can be automated. In fact, it has to be automated in today’s world. We should never discount technology because it helps to enforce policies. The policy factor is still very much a human activity.
“But technology can be applied in a number of different ways. The first aspect is autoclassification; matching the content with the proper policy. Now, a human could look at a document and decide, based on its content, what policies to apply. It’s possible that a human could do it, and maybe do it better, but a machine can do the same thing with greater efficiency and over time we learn that a computer can sort and classify information much easier. And it only has to be ‘good enough’; as long as the machine reaches a ‘good enough’ range, the other advantages increase.”
Do people get to the “good enough” level, ever? I have discomfort that employees do not take the governance discipline seriously enough, and therefore cannot be trusted to make the right call every time. Whether it’s due to inattention, or overwork, or just-don’t-care, governance is not usually one of the hallmarks of the human condition at work.
“You’re right. We’ve been trying to get employees to sort out their email, to put their documents in the correct folders, to do the right thing with their information… and it hasn’t worked! We have to face the fact that people feel they have more important things to do,” he says.
“And the other thing: computers are impartial. At the base of recent scandals have been people who chose to destroy incriminating emails, and put the best light on this so we don’t get in trouble. Computers don’t respond to threats or bullying or bribes or that sort of stuff. Coming from a records management background, it’s really interesting that we can get computers to do the job with impartiality and fairness.”
Cost Versus Value
I then moved on to Jake Frazier, who is calmly confident and extremely well versed in information governance (and more, I assume.) After getting off to a rocky and confusing start (mix-up with the conference call), I was finally able to get Jake on the phone to talk about information governance from his expert viewpoint.
Jake works with large, highly regulated organizations, with critical and complex governance issues. So I asked him the upside-down question: Is it a rich man’s game? Or do smaller companies have a stake in it too?
“A smaller company tends to have smaller risks, that is true, but it’s proportional,” he explains. “Larger companies have more latent opportunity for cost savings. As a general rule, the larger the company, the larger the potential rewards,” he says.
“We see financial services companies the most, but also big pharma and high-tech… high-tech because of cyber security issues, jurisdictional transfers. These are the things high-tech deals with every day.”
But there’s a practical issue, too. “Information is growing every minute, and the clutter is getting out of hand, just like your garage. We try to manage that clutter so you don’t end up on an episode of Hoarders.” Funny.
“Information is growing at about 40% per year; IT budgets are growing at about 3% per year.” He didn’t have to say it, but you do the math.