Message Image  

Information Governance is Not a Fad: Why the ‘Keep Everything Forever’ Approach Won’t Fly

By Robert Smallwood posted 05-11-2015 17:06


The ranks of the information governance (IG) community are stirring. A debate is taking place. Recently there has been a concept floated by some thought leaders in IG which contends that we are moving to a world where we retain all information—forever.

Some even contend that IG is just a fad and advances in search technology will soon eliminate the need for IG. The arguments go something like this:

1) Yesterday’s trash may be tomorrow’s treasure: We won’t know what data has value until well into the future. Today, we do not have the construct to understand what relevant insights, patterns, or trends may be hidden in the data that, as business conditions change, may be valuable in the future;

2) We don’t want to get caught deleting something that regulators or superiors may look for in the future;

3) It is time-consuming, expensive, and politically charged to attempt to delete large collections or categories of data, e-documents and information, and, just not worth the effort from an ROI standpoint;

4) The cost of storage is effectively being driven down to zero with cloud offerings that offer low-cost storage upfront, and big companies like Microsoft, Apple and Google will win this argument in the marketplace;

5) Search technologies will be so good in a few years that classifying information and having a metadata strategy in place is pointless.

On their face, the arguments seem to come together. Things are going that way and technology trends are making it easier to keep everything forever, so why bother?

The argument holds up until it is brought out from the shadows of the theoretical to the realities of conducting business and day-to-day operations.

Why won’t the “keep everything forever” paradigm work? Here’s why, from a practical standpoint:

1) Culture – For executive management, the “keep everything” paradigm sets a poor professional tone in an organization. Retaining all information—no matter how useless--doesn't make business sense. Why would you keep copies of copies, copies that are renamed, empty spreadsheet or word processing files, temporary log files, personal emails, illicit files like personal pictures, music, and video and the rest of the worthless information filling up storage space?  Yesterday's trash is tomorrow's trash. And it sets a bad example. It says that your organization is willing to just add storage, suffer sanctions, lose lawsuits, and pay fines rather than deal with IG issues. Not focusing on policies and rules for governing information encourages a sloppy operational culture fraught with inefficiencies. It is the opposite of what leading organizations strive for: continued improvements in operational efficiency. In a recent report by Osterman Research, almost half of organizations studied cited “employee productivity” as a driver for IG efforts.

2) Poor data quality – “Garbage in equals garbage out.” Data scientists cannot extract accurate and valuable insights without clean, non-duplicated data. In fact, they are being overwhelmed with messy big data, and in a recent survey of data scientists:

"2/3 of data scientists surveyed stated that cleaning and organizing data is the least interesting and most time-consuming task in their jobs.”

So sending a bunch of data filled with junk to your data science team will decrease their productivity, skew and invalidate results, and is just going to aggravate them. It creates a poor work environment, which also relates to the culture.

Further, a dose of reality: Carl Thomas, the IG lead at JPMorganChase stated that during their IG efforts when they dug down deep into their business units, the number one comment or complaint they found was business managers unsure of, or dissatisfied with, information quality. Managers generally did not have confidence in the underlying information used as a basis for decisions, and this is within the highly-automated, controlled, and managed environment of a market leader. In addition, various studies from leading research firms confirm this to be widely true: that a significant percentage of information (~25%+) in organizations is flawed—IG efforts work to improve information quality.

3) Cost first off you have soaring e-discovery and regulatory costs. These are real. When digital information is not well-organized or easily found, it adds greatly to the costs of e-discovery and meeting regulatory demands. The processes are costly and labor-intensive, rather than streamlined, repeatable, routine, and automated. Also, when, on average, 40%-70% of information most organizations are storing is duplicate, then that is wasting resources that could go to the bottom line or be invested elsewhere. One client we have spends $40M/year on digital storage and it is increasing by 40% per year. Cleaning up what they have can cut storage needs. Even stemming this growth will save hard dollars in the future.

"Freedom ain’t free. And neither is storage.

What many cloud providers are doing is simply cost-shifting, otherwise known as the old "bait and switch" in the used car sales world. They are cutting the price they charge for storage but making it up on the back end by charging for analytics and other services when you need to access that information.They are willing to take losses to gain market share, although later they will be under pressure to earn a profit for shareholders. But if your organization is going the cloud route, cleaner, unique (de-duplicated) information as a result of your IG program means less cost as many providers charge per gigabyte.

To be sure: Regardless of pricing model, digital storage operations have hard costs.There are servers, disk drives, optical units, controllers, cables, tapes, software (master data management, file management, compression, security, etc.) and such, and it all has to be housed in a secure, air-conditioned facility with raised flooring. There are labor costs associated with storage operations and the hardware and software must be serviced and maintained.

Beware of cloud providers that offer nearly “free” storage—once they have most all your digital content, what’s to keep them from changing their business model and holding your information hostage in a few years? Has any organization experienced this phenomenon when they sent boxes upon boxes of paper files off to be stored in a warehouse for a cheap upfront fee? Isn’t it strange how the complicated storage and retrieval fees add up over time? Same thing can happen in the digital world. Only the consequences will be worse. Your organization will not be able to very easily or cheaply migrate all that information over to a competitive cloud provider once it is housed in a cloud repository. There aren’t the available tools (today) to do so. And it is not in your cloud provider’s interest: they have no business motivation to make it easy for you to leave. You’re basically locked in.

4) Risk The Sedona Commentary on Information Governance states, “Regardless of an individual organization’s size, mission, marketplace or industry, information is a crucial asset for all organizations and, if inadequately controlled, a dangerous source of risk and liability.” That is a pretty clear statement. And reality proves it out.

We recently worked with a large financial institution that estimated their risk of poor IG to be in excess of $1B, due to the fines and sanctions in excess of that amount that had been imposed on some of their competitors. So there are real compliance and legal risks that add up to costs for not having set processes in place to consistently and systematically govern information. These are largely avoidable costs.

Another standard argument for defensible deletion is avoiding litigation risk. If your organization has processes in place to systematically and consistently delete information (mostly we are talking about email messages here) that is not on legal hold or likely to be, or not a record or likely to become one, then potentially damaging information may be routinely discarded according to schedule. It is not discoverable and no sanctions or adverse inferences can be handed down if a documented and standardized process for defensible deletion is in place and followed routinely. Your lawyers like this.

There is also the ever-present risk of data breaches. When your organization is not striving for operational efficiency and continuing to improve its governance of information, it is not taking all the steps it can to protect the privacy of personal information that is in its possession, which could be revealed in the breach. A breach will cost the organization money, employees, customers, brand equity. Like what happened to Sony Pictures. Or Target. Or Anthem, and so on. Without a consistent IG program the organization is not protecting its reputation and brand in the event of a breach as well as it could, which may be looked on as negligent or at least irresponsible by shareholders and customers.

And there is a third option between full retention and complete (legally defensible) deletion if the organization is cost-conscious yet concerned about complete deletion: deleting the unstructured information but retaining the metadata derived from its content. Metadata is summary in nature. This approach will also support leveraging analytics to create new information value in the future in that good clean metadata (which includes who authorized the disposition) can be used in future analyses.

5) Privacy – European countries and some U.S. states (with more to follow) have enacted legislation requiring that organizations, after a set period of time, must delete and completely discard personal information (PII, PHI, PCI) once the transactions that required that information have been completed. This means that the organization must take IG steps like creating a data map and information asset register to know where personal information resides so they can delete it according to schedule. Further, to reduce the risk of breaches, that personal information should be locked down with encryption, rights management, and redaction technologies, to protect it in the event of a breach.

So, a practical IG program will have built-in, formalized, repeatable and “routinized” processes for governing information on an ongoing basis. This includes deleting junk and information that has lost its value. An option is retention of metadata of discarded e-documents and emails that can be leveraged in the future.

Overall, these recommendations will help foster processes that yield better, cleaner information for analytics to be used as a basis for decision-making, allow for more efficient and cost-effective processes in meeting legal and regulatory demands, and support a culture of compliance and operational efficiency.

I'd love to continue the dialogue and debate. Feel free to reach out and connect here, by email, or on Twitter!


Earn Your Certificate in IG: Industry-leading Training Courses

First day of training just $99! Try it, you'll like it!

We offer industry-leading live, online training classes in Basic and Advanced IG. Two classes are coming up in June. Classes are interactive and are held live, online, in HD video. Our expert faculty teaches the most comprehensive and in-depth IG classes in the world. We leverage my comprehensive IG textbooks along with updated information, case studies, and current developments.

Students see live software demonstrations and we hold white board discussions. You'll take short quizzes as memory prods and to see how you are progressing. And you don't walk away with just some PowerPoint slides that are meaningless in a few months. You still will have that comprehensive, highly-researched and heavily-documented 442-page IG book with not only my work but also the contributions of 9 leading IG subject matter experts as a reference at your desk.

There are no prerequisites. ICRM credits are available for CRMs. Visit here for class schedules and course syllabuses.

Enroll today and up your IG IQ!


Robert Smallwood is an consultant, trainer, author, and frequent speaker on IG topics. He is Managing Director of the Institute for IG at IMERGE Consulting, at He teaches comprehensive courses on IG and E-records management for corporate and public sector clients. Smallwood is the author of 3 leading books on Information Governance: Information Governance: Concepts, Strategies. and Best Practices (Wiley, 2014); Managing Electronic Records: Methods, Best Practices, and Technologies (Wiley, 2013); and Safeguarding Critical E-Documents (Wiley, 2012).

Follow Robert on Twitter @RobertSmallwood and if we are not connected - please feel free to reach out!