The ranks of the information
governance (IG) community are stirring. A debate is taking place.
Recently there has been a concept floated by some thought leaders in IG
which contends that we are moving to a world where we retain all
information—forever.
Some even contend that IG is just a fad and
advances in search technology will soon eliminate the need for IG. The
arguments go something like this:
1) Yesterday’s trash may be
tomorrow’s treasure: We won’t know what data has value until well into
the future. Today, we do not have the construct to understand what
relevant insights, patterns, or trends may be hidden in the data that,
as business conditions change, may be valuable in the future;
2) We don’t want to get caught deleting something that regulators or superiors may look for in the future;
3)
It is time-consuming, expensive, and politically charged to attempt to
delete large collections or categories of data, e-documents and
information, and, just not worth the effort from an ROI standpoint;
4)
The cost of storage is effectively being driven down to zero with cloud
offerings that offer low-cost storage upfront, and big companies like
Microsoft, Apple and Google will win this argument in the marketplace;
5)
Search technologies will be so good in a few years that classifying
information and having a metadata strategy in place is pointless.
On
their face, the arguments seem to come together. Things are going that
way and technology trends are making it easier to keep everything
forever, so why bother?
The argument holds up until it is brought
out from the shadows of the theoretical to the realities of conducting
business and day-to-day operations.
Why won’t the “keep everything forever” paradigm work? Here’s why, from a practical standpoint:
1) Culture
– For executive management, the “keep everything” paradigm sets a poor
professional tone in an organization. Retaining all information—no
matter how useless--doesn't make business sense. Why would you keep
copies of copies, copies that are renamed, empty spreadsheet or word
processing files, temporary log files, personal emails, illicit files
like personal pictures, music, and video and the rest of the worthless
information filling up storage space? Yesterday's trash is tomorrow's trash. And
it sets a bad example. It says that your organization is willing to
just add storage, suffer sanctions, lose lawsuits, and pay fines rather
than deal with IG issues. Not focusing on policies and rules for
governing information encourages a sloppy operational culture fraught
with inefficiencies. It is the opposite of what leading organizations
strive for: continued improvements in operational efficiency. In a recent report by Osterman Research, almost half of organizations studied cited “employee productivity” as a driver for IG efforts.
2) Poor data quality –
“Garbage in equals garbage out.” Data scientists cannot extract
accurate and valuable insights without clean, non-duplicated data. In
fact, they are being overwhelmed with messy big data, and in a recent survey of data scientists:
"2/3
of data scientists surveyed stated that cleaning and organizing data is
the least interesting and most time-consuming task in their jobs.”
So
sending a bunch of data filled with junk to your data science team will
decrease their productivity, skew and invalidate results, and is just
going to aggravate them. It creates a poor work environment, which also
relates to the culture.
Further, a dose of reality: Carl Thomas, the IG lead at JPMorganChase stated
that during their IG efforts when they dug down deep into their
business units, the number one comment or complaint they found was
business managers unsure of, or dissatisfied with, information quality.
Managers generally did not have confidence in the underlying information
used as a basis for decisions, and this is within the highly-automated,
controlled, and managed environment of a market leader. In addition,
various studies from leading research firms confirm this to be widely
true: that a significant percentage of information (~25%+) in
organizations is flawed—IG efforts work to improve information quality.
3) Cost – first
off you have soaring e-discovery and regulatory costs. These are real.
When digital information is not well-organized or easily found, it adds
greatly to the costs of e-discovery and meeting regulatory demands. The
processes are costly and labor-intensive, rather than streamlined,
repeatable, routine, and automated. Also, when, on average, 40%-70% of
information most organizations are storing is duplicate, then that is
wasting resources that could go to the bottom line or be invested
elsewhere. One client we have spends $40M/year on digital storage and it
is increasing by 40% per year. Cleaning up what they have can cut
storage needs. Even stemming this growth will save hard dollars in the
future.
"Freedom ain’t free. And neither is storage.”
What
many cloud providers are doing is simply cost-shifting, otherwise known
as the old "bait and switch" in the used car sales world. They are
cutting the price they charge for storage but making it up on the back
end by charging for analytics and other services when you need to access
that information.They are willing to take losses to gain market share,
although later they will be under pressure to earn a profit for
shareholders. But if your organization is going the cloud route,
cleaner, unique (de-duplicated) information as a result of your IG
program means less cost as many providers charge per gigabyte.
To
be sure: Regardless of pricing model, digital storage operations have
hard costs.There are servers, disk drives, optical units, controllers,
cables, tapes, software (master data management, file management,
compression, security, etc.) and such, and it all has to be housed in a
secure, air-conditioned facility with raised flooring. There are labor
costs associated with storage operations and the hardware and software
must be serviced and maintained.
Beware of cloud providers that
offer nearly “free” storage—once they have most all your digital
content, what’s to keep them from changing their business model and
holding your information hostage in a few years? Has any organization
experienced this phenomenon when they sent boxes upon boxes of paper
files off to be stored in a warehouse for a cheap upfront fee? Isn’t it
strange how the complicated storage and retrieval fees add up over time?
Same thing can happen in the digital world. Only the consequences will
be worse. Your organization will not be able to very easily or cheaply
migrate all that information over to a competitive cloud provider once
it is housed in a cloud repository. There aren’t the available tools
(today) to do so. And it is not in your cloud provider’s interest: they
have no business motivation to make it easy for you to leave. You’re
basically locked in.
4) Risk – The Sedona Commentary on Information Governance
states, “Regardless of an individual organization’s size, mission,
marketplace or industry, information is a crucial asset for all
organizations and, if inadequately controlled, a dangerous source of
risk and liability.” That is a pretty clear statement. And reality
proves it out.
We recently worked with a large financial
institution that estimated their risk of poor IG to be in excess of $1B,
due to the fines and sanctions in excess of that amount that had been
imposed on some of their competitors. So there are real compliance and
legal risks that add up to costs for not having set processes in place
to consistently and systematically govern information. These are largely
avoidable costs.
Another standard argument for defensible deletion is avoiding litigation risk.
If your organization has processes in place to systematically and
consistently delete information (mostly we are talking about email
messages here) that is not on legal hold or likely to be, or not a
record or likely to become one, then potentially damaging information
may be routinely discarded according to schedule. It is not discoverable
and no sanctions or adverse inferences can be handed down if a
documented and standardized process for defensible deletion is in place
and followed routinely. Your lawyers like this.
There is also the
ever-present risk of data breaches. When your organization is not
striving for operational efficiency and continuing to improve its
governance of information, it is not taking all the steps it can to
protect the privacy of personal information that is in its possession,
which could be revealed in the breach. A breach will cost the
organization money, employees, customers, brand equity. Like what
happened to Sony Pictures. Or Target. Or Anthem, and so on. Without a
consistent IG program the organization is not protecting its reputation
and brand in the event of a breach as well as it could, which may be
looked on as negligent or at least irresponsible by shareholders and
customers.
And there is a third option between
full retention and complete (legally defensible) deletion if the
organization is cost-conscious yet concerned about complete deletion: deleting the unstructured information but retaining the metadata
derived from its content. Metadata is summary in nature. This approach
will also support leveraging analytics to create new information value
in the future in that good clean metadata (which includes who authorized
the disposition) can be used in future analyses.
5) Privacy
– European countries and some U.S. states (with more to follow) have
enacted legislation requiring that organizations, after a set period of
time, must delete and completely discard personal information (PII, PHI,
PCI) once the transactions that required that information have been
completed. This means that the organization must take IG steps like
creating a data map and information asset register to know where
personal information resides so they can delete it according to
schedule. Further, to reduce the risk of breaches, that personal
information should be locked down with encryption, rights management,
and redaction technologies, to protect it in the event of a breach.
So,
a practical IG program will have built-in, formalized, repeatable and
“routinized” processes for governing information on an ongoing basis.
This includes deleting junk and information that has lost its value. An
option is retention of metadata of discarded e-documents and emails that
can be leveraged in the future.
Overall, these recommendations
will help foster processes that yield better, cleaner information for
analytics to be used as a basis for decision-making, allow for more
efficient and cost-effective processes in meeting legal and regulatory
demands, and support a culture of compliance and operational efficiency.
I'd love to continue the dialogue and debate. Feel free to reach out and connect here, by email, or on Twitter!
---------------------------------------------------------------------------------------------------------
Earn Your Certificate in IG: Industry-leading Training Courses
First day of training just $99! Try it, you'll like it!
We offer industry-leading live, online training classes in Basic and Advanced IG. Two classes are coming up in June. Classes are interactive and are held live, online, in HD video. Our expert faculty teaches the most comprehensive and in-depth IG classes in the world. We leverage my comprehensive IG textbooks along with updated information, case studies, and current developments.
Students
see live software demonstrations and we hold white board discussions.
You'll take short quizzes as memory prods and to see how you are
progressing. And you don't walk away with just some PowerPoint slides
that are meaningless in a few months. You still will have that
comprehensive, highly-researched and heavily-documented 442-page IG book
with not only my work but also the contributions of 9 leading IG
subject matter experts as a reference at your desk.
There are no prerequisites. ICRM credits are available for CRMs. Visit here for class schedules and course syllabuses.
Enroll today and up your IG IQ!
--------------------------------------------------------------------------------------------------------
Robert Smallwood
is an consultant, trainer, author, and frequent speaker on IG topics.
He is Managing Director of the Institute for IG at IMERGE Consulting, at
www.IGTraining.com.
He teaches comprehensive courses on IG and E-records management for
corporate and public sector clients. Smallwood is the author of 3
leading books on Information Governance: Information Governance: Concepts, Strategies. and Best Practices (Wiley, 2014); Managing Electronic Records: Methods, Best Practices, and Technologies (Wiley, 2013); and Safeguarding Critical E-Documents (Wiley, 2012).
Follow Robert on Twitter @RobertSmallwood and if we are not connected - please feel free to reach out!