Information Governance in the Age of Facebook

By Jesse Wilkins posted 03-02-2012 10:17



I want to expand a bit on my previous post and start with an overview of governance in the social media era. IBM has defined governance as needing to address the following 11 things: 
  1. Organizational structures
  2. Stewardship
  3. Policy
  4. Value creation
  5. Data risk management & compliance
  6. Information security & privacy
  7. Data architecture
  8. Data quality management
  9. Classification & metadata
  10. Information lifecycle management
  11. Audit information, logging & reporting
Now let's consider them as they apply to social media: 
  1. The account could be a personal one - and even if it's an "official" account it may not be that official
  2. Same thing - if it's personal there is none and even if it's official there probably isn't much
  3. Personal accounts are likely not affected by the policy - assuming there is one
  4. It's not always readily apparent what the value of social media is to the organization (see also: email access; desktop computers; telephone....)
  5. There's potentially as much risk associated with social as with any other communications medium. And compliance applies even to Facebook Likes. 
  6. Infosec is still a problem and growing courtesy of apps and widgets; most social accounts are strongly biased away from privacy and towards openness
  7. The service provider controls the data architecture
  8. And the data quality management
  9. While there is metadata, much of it is not directly available to or useful to end users and organizations. And there isn't much in the way of traditional metadata - in other words activity wall updates and Tweets don't come with headers or subject lines
  10. Heh - there is no such thing for social today: Facebook keeps all your stuff for forever and next week could decide to keep all your stuff for 2 weeks. 
  11. Analytics is growing - but to date has struggled with the volume and variety of social media. And it's up to the services - only allows access to the last 7 days of Tweets, and even programmatically the API is limited to the most recent 3200 Tweets. 
And this doesn't begin to scratch the surface of inflicting governance processes on an employee with an iPad, a data plan, and a personal Twitter account. 
What is clear is that we have to apply governance to social media. Social is discoverable. Social can run afoul of existing regulatory compliance regimes. And we can apply existing governance principles to social - in the main - but it is also increasingly clear that many common governance practices simply aren't applicable to Facebook Likes, social media comments, and the variety of other types of social content being created today. And perhaps much more importantly, the combination of low cost, ease of access and use, and personal mobile devices means that any heavy-handed attempts to control social are destined to fail. 
So my key themes over the rest of this series: 
  • Organizations need to give up some control. Declaring web conferencing sessions and reTweets into a repository simply ain't gonna happen. Neither is prohibiting their use. 
  • Information professionals need to develop a better understanding of the tools and the different ways in which they could impact the organization both positively and negatively. 
  • Organizations need to address social in their policies - but in a way that doesn't completely stifle their use and value to the organization.
And fortunately we have a course that addresses all of these issues. Details to come in subsequent posts. 

#ElectronicRecordsManagement #socialmedia #governance #smgp #CIP #SocialBusiness #information #ScanningandCapture #social