While Data Governance is usually considered a mature discipline, according to Robert Smallwood, the Managing Director at the Institute for Information Governance, during his recent DATAVERSITY® Enterprise Data World 2016 Conference presentation Information Governance (IG) is a more recent development. The Information Governance Initiative was first formed in February of 2014. It was originally made up of a group of roughly 15 vendors who, individually, were unable to communicate the need for Information Governance. After banding together to form the IG Initiative and gaining the support of a few industry leaders (Barclay T. Blair, Bennett Bordon) they were able to present a clear, coherent message. The IG Initiative, as a functioning organization, does studies, research, and acts as a think tank, with a focus on maturing the Information Governance market. According to Robert F. Smallwood, the author of ‘Information Governance for Executives,’ we are now on the cusp of a significant expansion in Information Governance.
Data Governance versus Information Governance
Data Governance (DG) is the overall administration of the availability, integrity, security, and usability of the data available to an organization. A well-organized Data Governance program uses a Governing Council, a clearly defined list of procedures, and plans for executing those procedures. More simply, DG is the about creating and using policies for maximizing an organization’s structured and unstructured information.
According to Smallwood, Information Governance, on the other hand, uses policies, procedures, and multi-disciplinary arrangements to manage an organization’s information for its immediate and future needs. These include regulatory, legal, risk, environmental, and operational requirements. Information Governance attempts minimize the risks and costs of storing and using information, while maximizing its value.
Smallwood said, “If you boil IG down to a very succinct definition, it’s security, control, and optimization of information.”
Big Data Proponents versus Real World Business
At the beginning of his presentation, Smallwood gave some important statistics:
- 90 percent of the data existing worldwide today was created in the last two years.
- Data is a new asset class and personal data is “the new oil.”
- Every two days more information is created than was from the dawn of civilization until 2003.
Big Data proponents tend to promote the idea, “more data is always better,” and often perceive no downside to the accumulation of massive amounts of information. This somewhat idealistic view fails to consider the realities of business, security, and the storage of useless information. The philosophy also ignores the need to discard Dark Data and Data Debris, said Smallwood, as well as all the legal technicalities that might come with storing “too much” information. With the wide variety of devices becoming available to the consumer, the sheer volume of Big Data coming in can become overwhelming.
According to IDC (in a slide provided by Smallwood), use of the expanding digital universe will grow from 36 percent to 62 percent, between 2012 and 2020. A goal of businesses using Big Data is to gain key insights in the patterns of their customer base. Big Data has become quite valuable, being referred to as the “new oil,” with clean, useful data having more value than crude, unprocessed data.
While Big Data proponents promote “more” data, good business managers prefer “efficient” data. They would prefer to reduce costs and legal liabilities by getting rid of information that no longer has business value. To ensure this, programs and policies are put in place, helping the business to present a legally defensible deletion policy, should the need arise.
In order to get clean data, Data Debris and Dark Data must be eliminated. Smallwood mentioned Excel spreadsheets, Word documents, or PowerPoint presentations as unused Data Debris examples. Employees start a project, go to lunch, forget about their earlier start and start again, leaving the old, barely used Excel spreadsheet in memory. These start to add up, decreasing the speed of office computers. There can also be “orphaned” data from people who left the organization and from applications that have been retired or “sunsetted”. Dark Data is data gathered in daily operations that is not being used. It is information that organizations process and store in the course of normal business activities, but has no other use.
According to Smallwood, In order to gain insights into data more efficiently, the data has to be cleaned. This requires consistent Information Governance. The process becomes more important with the realization 69 percent of stored data is junk.
Approximately 25 percent of the information stored in organizations has real business value, remarked Smallwood. Approximately five percent must be kept as business records and about one percent must be retained for litigation needs, which leaves 69 percent as costly junk.
The Information Governance goal becomes, “leaving a smaller footprint,” with a smaller amount of data overall, but a much larger percentage of useful information within it. Specific info becomes easier to find, and it should be easier to gain more insights from the data available. The optimization of information is an attempt to maximize the value of your information. When clean information is available, it is much easier to develop insights, in turn, allowing the company to make new products, or provide new services.
Information Governance is now the hottest topic in the legal community, said Smallwood, because of tools, such as predictive coding, that can reduce the costs of e-discovery collections and e-discovery reviews. This is because emails have become the primary means of communications, and emails are now sought as evidence in legal proceedings. Imagine (in terms of dollars) giving your lawyer tons of Dirty Data which will take them weeks to plow through, or giving data that has been cleaned by a steady program of Information Governance, which then takes him/her an hour or two to plow through.
By 2016, one in five CIOs in the regulated industries was fired because of poor Information Governance initiatives. Information Governance emerged, in part, as the result of new and tightening regulation that governs businesses and their internet interactions, and the understanding that multiple overlapping disciplines were needed for today’s information management challenges. Information Governance emerged as more and more regulations, and more and more data, became a reality, said Smallwood, and the realization that overlapping disciplines were needed to turn Information Governance into a kind of super-discipline, for organizations and their staffs, which includes key concepts he referenced in his presentation:
- corporate governance
- records management
- information security
- litigation readiness
- content management
- IT and data governance
- data privacy
- risk management
- regulatory compliance digital preservation content analytics
- Business Intelligence… and more!
Taking a Holistic Approach
It has been suggested Information Governance works best with a holistic approach. It is used as a means of improving the quality and security of information throughout its lifecycle. In essence, almost all of management must be involved in supporting an Information Governance program, and the business is adjusted as a whole. Smallwood said that all departments must be involved in managing data to meet the regulatory, legal, and business demands of the modern business world, to maximize the data’s value, while minimizing the risks and costs. This will require some employees receive retraining, with an emphasis on the importance of maintaining a good IG program.
Information Governance should “not” be considered a project, but an ongoing permanent program, similar to a workplace safety program. The program should be analyzed and optimized regarding how information is accessed, controlled, managed, shared, stored, preserved, and audited It should provide an umbrella of rules and policies, monitored and enforced by information technologies. In this process, businesses must standardize and systematize the way they handle information. The program should be receiving continuous improvements and regular audits, and should maintain complete, current, and relevant policies.
Security Issues – Who Has Access?
Security is, of course quite important, remarked Smallwood. Knowing who should have access to your data, and keeping the wrong people out, is crucial to good security.
- In 2013, the Guardian reported the first leak based on top-secret documents Edward Snowden had stolen from the National Security Agency (NSA).
- A ten year Ford Motor Company employee pled guilty in federal court in, 2010, to charges he stole company secrets, including design documents, worth more than $50 million, and then shared them with the Chinese division of a U.S. Ford rival.
- In 2013, 110 million Target customers had information such as their name, address, phone number and e-mail address after the company was hacked.
He discussed how a properly functioning Information Governance program would have caught Edward Snowden. His security clearance level was not monitored properly, allowing him access to documents not meant for him. Smallwood stated,
“There are tools, like Document Analytics that would have told them, if they had deployed them. Document Analytics can tell you this person normally downloads a 100 documents a day, now they’re downloading 100,000, so a big red flag goes up.”
Priority areas include:
- Information map/Inventory of info assets
- Secure PII/PHI/PCI and sensitive data
- RRS (Records Retention Schedule)
- LHN (Legal Hold Notification)
- Defensible deletion
Being Proactive & Active
The key to Information Governance is being proactive, said Smallwood, and maintaining a responsible schedule for upgrades and status reports. Decisions and policies regarding the elimination of old data, security, and “clean data” will optimize the results of Big Data research. Listed below are some basic steps for developing an Information Governance program.
- Creating “technology neutral” policies (state, “All emails must be encrypted,” but don’t specify one email system or media)
- Develop an Information Governance Awareness Campaign for the staff
- Communicate the risks to staff
- Form an IG team using people from multiple disciplines
- Launch the IG Program (might be coordinated with the intro of a Data Governance program)
Here is the video of the Enterprise Data World 2016 Presentation: