Log In

E-Discovery and IG in 2017 and Beyond: The Recording of Our Online Discussion Now Available

We had a great online discussion this week with IGI Charter Supporter OpenText about trends in e-discovery and IG for 2017 and beyond. We also talked about the significance of their recent acquisition of Recommind and what it says about OpenText's product strategy and the market in general.

The video will be available here on our public site for a week, at which point it will move to the Resources section of our growing online community, where you can create a profile and interact with your IG peers. The slides from this online event will also be available there shortly.

 

IG Snapshots: What We Learned by Looking at Five Information Governance Programs

A Vision for Practical Governance of Unstructured Information

The Information Governance Initiative and its Supporters like OpenText (winner of our Supporter of the Year Award in 2015) are always looking for new ways to drive information governance (IG) forward. The IG community has told us that one of the most valuable things we can do for them is simply to share stories about how IG is getting done. This is exactly what we are trying to achieve with a new series of IG Snapshots based on our extensive benchmarking work. IG Snapshots tell a quick, real-world IG story and highlight the IT and management insights illuminated by the story. We see plenty of evidence that we are on the threshold of rapid change around IG. We see it in the stories that practitioners in our community tell us. We see it in research data showing first movers and fast followers increasing investment in IG, deepening IG maturity, and assigning senior managers to the IG portfolio.

We share a two-part vision with OpenText about how we can solve the problem of governing unstructured information.

  1. A significant percentage of all of your unstructured information is clearly the byproduct of a structured business process. As such, the governance of that information should be built into that business process in a “silent” way that requires little human intervention beyond the initial design. We think this should be a core function of ECM – bolting on and underpinning line of business applications as diverse as ERP and construction management. The beauty of this approach is that it does not require data “classification” (automated or not) in the traditional sense, because the purpose, meaning, and nature of the information is deduced from the business process that generates it. Sophisticated ECM systems are able to connect to and support IG for these line of business systems.
  2. A significant percentage of your unstructured information is not the byproduct of a structured business process and thus, cannot be governed this way. Our 25-year experiment to manage unstructured information using concepts that worked well for paper (e.g., centralized capture and control, human records clerks for classification) has failed. All unstructured information does not require the same level of governance. In fact, a clear-eyed cost/benefit analysis at most organizations would reveal that the cost of attempting to do so (and the loss of employee productivity, creativity, and collaboration that usually follows) does not justify even the theoretical, much less actual, benefit.

Instead, we recommend that organizations adopt this approach:

  1. Identify as many opportunities as possible to govern information as part of the business process.
  2. Identify use cases where automated or machine-assisted human classification makes sense as a tool for moving content into a managed state and maintaining it there.
  3. Identify information that requires a level of document-by-document, content-based classification and governance that can only be practically accomplished by humans, and invest in the best processes for doing this.
  4. Manage the rest using broad rules targeting systems, roles, business functions, work groups, geographic areas, and other factors that reveal business function and thus are instructive regarding the governance rules that must apply.

Focus on progress and pragmatism. Perfection is not the goal.

This approach enables us to take care of the big risks, deliver business value, and move on from our fundamentally unworkable reliance upon human governance and classification for unstructured information. At the IGI, we have articulated this vision in multiple ways through our research, case studies, events, and other work and will continue to do so. We are grateful to have support for these efforts from a forward-looking and pragmatic organization like OpenText.

Your story is incredibly valuable to the community, and we would love to help you tell it. As you will see in our Snapshots, we make every effort to protect the confidentiality and anonymity of the practitioners and organizations we profile, while trying to provide as many specifics as we can. Please contact us so we can help you tell your IG story.

In the meantime, enjoy the IG Snapshots! Download your copy of IG Snapshots: What We Learned by Looking at Five Organizations’ Information Governance Programs.

 
Skytop and IGI Events

How Does Information Governance Power the 21st Century Organization?

We have talked about our valued partner Skytop Strategies before - an organization that develops highly-engaging executive roundtable discussions around the globe on a range of topics that should be on the radar of every Chief Information Governance Officer and information leader in our community.

That's why we are excited to tell you about two great new events where we are partnering with Skytop to bring the IG message to executives and boards, and also to provide opportunities for IG professionals like you to learn and join that conversation.

Come to the May 19th Event in New York

The first event is The 21st Century Company - How It Creates Value, and for Whom which runs at Baruch College in Manhattan all day on May 19th, 2016. You can check out the full program here, but some of the highlights for IG pros are sessions on connecting risk management (a key facet of IG) to company performance; strategies for engaging diverse corporate stakeholders (a key challenge of IG); as well as discussion and insight from a stellar group of business leaders including:

  • Susanne Stormer, Vice President, Corporate Sustainability, Chief Sustainability Officer,  Novo Nordisk
  • David J. Westfall, Senior Director, Decision Support and Innovation Leader, AON Hewitt
  • Michael Madon, Chief Executive Officer, Ataata
  • Daryl Brewster, Chief Executive Officer, CECP
  • Livia Konkel, Director, Corporate Responsibility & Inclusion and Global Head, Diversity & Inclusion, Thomson Reuters
  • Karen Morris, Former Chief Innovation Officer, AIG
  • Chris Pinney, President and Chief Executive Officer. High Meadows Institute, Inc.

Discount for IGI Community Members

Even better, our partner Skytop is offering a generous 30% discount on event tickets to members of the IGI Community. To take advantage of this incentive, contact:

Colin Hines, Vice President of Delegate Engagement
Skytop Strategies
845.863.5563
chines@skytopstrategies.com

Cybersecurity and Information Governance

The second Skytop event we are excited about (and not just because we get to go to Rome) is the Skytop Global Cybersecurity Summit on  October 31st and November 1st, 2016. The importance of leadership from IG professionals on cybersecurity has never been more acute, which is why it is a major focus for the IGI. Our partnership with Skytop on this event will help us continue to fulfill our mandate to promote the adoption of IG around the world, and to provide opportunities for our community to learn and advance in their careers. It also helps us in our ongoing effort to expand the IGI footprint to Europe and beyond.

Barclay will be speaking at the Summit, which will convene 150 senior-level executives including heads of information technology, security, law, risk, governance, as well as audit and compliance, who are seeking solutions to complex cyber challenges in the market.

Stay tuned for more information on this great event.

 
Facets of Information Governance

Spinning the IG Wheel: An IGI Annual Report Deep Dive

Last month, the IGI published its Annual Report 2015-2016, the industry’s most comprehensive research on information governance (IG) as a concept, profession, and market. The report is based on extensive surveying of IG practitioners and providers. If you haven’t downloaded your copy of the IGI Annual Report 2015-2016, take a look inside with us to see what you could learn.

horizontal break

The wheel is back!

Our most widely adopted infographic from last year’s Report was the one representing the activities the IG community includes within the concept of IG. Sometimes called “the pinwheel” and “the flower” by our community, this infographic has found its way into myriad presentations and publications and has sparked many fruitful discussions about IG.

Because the IG community found this so useful, we revisited the topic this year. We offered a list of twenty-two activities that might be considered to fall under the rubric of IG and asked which ones respondents included within the concept. Our list of activities or “facets” of IG, as we like to call them, included both risk- and value-focused activities. It included activities out of which IG first developed as a discipline and some emerging activities that are important components of our information activities.

The infographic ranks these by the percentage of respondents who said the facet is included in IG. Most agreed that nineteen of the twenty-two facets were a part of their concept of IG. Further, a strong majority of respondents (83%) agreed that this list was complete. The number of respondents selecting “all of the above” for all twenty-two facets was 23% lower than last year. We think this means that the concept of IG is coming into greater focus.

This is a foundational infographic for our community because it so clearly shows the coordinating function that IG must play within our organizations. Most organizations fail to coordinate groups of people fundamentally trying to solve the same problems, but as anyone who has tried to take on a complex, multi-departmental information project at a large organization knows, operation of these facets of IG in isolation of each other often impedes progress. No doubt, a reason why this infographic has resonated with so many is that the coordinating function of IG promises to put an end to the disconnected approach to information that is a common barrier to successful IG, a concept we explore in detail throughout the Annual Report.

Certain facets garnered more support for inclusion in the concept. The disciplines that have formed the core of IG from the beginning led the way. RIM had over 94% support for inclusion, with information security and protection, compliance, and e-discovery having more than 80% support. The current risk focus of IG, a recurrent theme throughout the Annual Report, likely reflects the immaturity of IG as a discipline that emerged predominately from risk-focused activities. That said, organizations are taking on value-side information activities. As the discipline of IG matures, we expect more organizations to execute projects focused on adding business value.

To learn more, download your free copy of the IGI Annual Report 2015-2016 at our online community. Not a member yet? Join today.

 
2015-2016 IGI Annual Report Barriers to Information Governance

Education, Not Money, Is the Biggest Barrier to Information Governance

Whether your organization is just getting started with IG or you are trying to move an existing program forward, you will no doubt encounter some obstacles along the way. Though we often hear about costs as a major barrier to getting IG work done, our research shows that it is not all about the money for many organizations, today.

As part of our research, we put together a list of eight common barriers to IG and asked practitioners to select the ones that plague them the most. These were placed in order of the most frequent response to least. As the graphic below shows, a majority of practitioners selected five of eight barriers, suggesting that most of them are fighting numerous battles at the same time.

2015 IGI Annual Report Barriers to IG
The most common barrier selected by a large majority of practitioners was a lack of understanding/awareness of the value of IG. “Siloing” or lack of communication/collaboration across various functional areas addressing information was selected as the second most common barrier.

Although 50% of practitioners identified insufficient funding as a primary barrier, it came in at number five. Similarly, IG as a cost center, also appeared lower on the list than one might expect at sixth.

The good news is that each of the top four barriers to IG identified by our community can be significantly improved simply by educating stakeholders and getting them to think more clearly about the problem—an activity that doesn’t cost big money. That means IG practitioners can make significant progress without significant budgets.

Closing this knowledge gap is exactly what the IGI aims to achieve through our research, publishing, and advocacy work.

Of course, that doesn’t mean that all IG problems can be resolved through education alone. As your IG program advances, you have to spend money to purchase technology and services, hire, and fill leadership gaps. For instance, while education will certainly help with the second most commonly identified barrier (lack of communication across functional areas), for many organizations establishing formal leadership by way of an IG steering committee and Chief Information Governance Officer (CIGO) will be necessary—but it won’t be a trivial undertaking.

If you’re encountering barriers to moving your IG program forward, you are not alone. Take heart knowing that you can make significant strides through education, especially if your organization is just getting started. Look to this list of obstacles that other organizations have encountered so that you can be prepared for what you might face and start building a plan to address them. Know that these obstacles are not insurmountable. Learn from others how they overcame these barriers to build successful IG programs.

To learn more, download your copy of the IGI Annual Report 2015-2016, today.

 
Information Governance Myths Busted

Information Governance: Busting Three Big Myths

Guest Blogger:
Phil Favro, Recommind

Information governance is increasingly recognized as vital to an organization’s ability to realize value from its information in a way that addresses legal, operational, and other forms of risk. Nevertheless, many still view IG as a theory rather than an action. While many information governance leaders (like the IGI) are working to promote information governance action and combat common misconceptions, nothing speaks as powerfully as the massive and disastrous data breaches and policy failures splashed across the headlines over the past several months. Those headlines – particularly those involving Sony and the U.S. State Department – painfully bust three of the most common IGI myths.

Myth No. 1: Information Governance is eDiscovery Preparedness

IG is conflated with eDiscovery preparedness, which leads some to dismiss IG as the only the province of repeat litigants. The “Sony Hack” helps us declare this myth busted.

In the Sony debacle, a hacking group infiltrated the corporate network of Sony Pictures late last year removing,

Slowly and painfully, the group leaked that confidential information, which includes executive compensation, employee social security numbers, unreleased movies, and a substantial collection of corporate emails. The fall-out has been both swift and embarrassing, with Sony still struggling to emerge from the public relations disaster caused by the hack.

Could the Hack have been prevented or the damage it caused minimized through IG? While the answer is a resounding yes, the IG lesson from the Sony Hack is not related to eDiscovery. Instead, the Sony Hack teaches the importance of eliminating unnecessary email stockpiles. As Sony’s general counsel (who, incidentally, had over 4,000 “deleted items” from her email account stolen) apparently explained in one of the now disclosed emails:

“[T]he issue behind our moving in this direction is not one of whether the company should continue to retain its records etc. It is about the fact that email is not the correct repository for this . . . While undoubtedly there will be emails that need to be retained and or stored electronically in a system other than email, many can be deleted and I am informed by our IT colleagues that our current use of the email system for virtually everything is not the best way to do this."

The best way to “defensively” guard the company’s information blindside is to implement an “offensive” email minimization program. While getting rid of unnecessary email would undoubtedly help the company in future eDiscovery efforts, it would also ameliorate the security challenges exacerbated by “unwisely hoarding internal communications” and other data. As the Sony Hack makes clear, information governance is much more than eDiscovery.

Myth No. 2: Information Governance is Unnecessary in the Age of Big Data

Another myth dispelled by the Sony Hack is the idea that information governance is unnecessary in the age of big data. Big data advocates have increasingly questioned whether governance (with its focus on classification to Sidebar-Three Information Governance Mythsenable keep v. delete decisions) is necessary given advances in search and storage technologies. However, the Sony Hack starkly demonstrates how ungoverned data stockpiles can quickly become a security problem.

Big Data or not, the need to identify, protect, and manage in a special way IP (intellectual property), PII (personally identifiable information), and other sensitive, proprietary, and generally valuable information has not gone away. In fact, the need has arguably increased as more business processes have become fully digital and thus ripe for loss and theft.  As suggested in a recent article, one method for doing so could involve adding “layers of encryption to protect internal traffic from prying eyes” and isolating confidential materials “from central data-storage systems connected to the Internet, making it harder to find.” It could also include the use of artificial intelligence, machine learning, and automated technologies, all of which facilitate the identification and isolation process.

While Big Data is here to stay, the Sony Hack shows that Big Data plans are only realistic and responsible in the context of a unified governance strategy of policy, practice, and technology.

Let’s consider this information governance myth busted.

Myth No. 3: Information Governance = Information Management

A third myth regarding information governance is that it is merely another name for information management. Such a misconception overlooks the impact of consumerization trends on the workplace and the risks that mobile devices and personal clouds can pose for organizations. The recent revelation that Hillary Clinton used a personal email account to conduct government business as secretary of state exemplifies why policies surrounding the use of devices and clouds must be baked into the enterprise’s information governance program.

In what has been referred to as “emailgate,” Mrs. Clinton apparently used a private email address in lieu of an official government account during her time as secretary of state. The immediate effect of this practice was that “her personal emails [were not] preserved on department servers at the time, as required by the Federal Records Act.” Beyond issues with record retention, this practice has also complicated the government’s tasks of searching for and identifying responsive information for legal inquiries. In addition, experts have opined that Mrs. Clinton’s personal email account was more vulnerable to hackers than a “secure government account.”

Such problems are somewhat analogous to the information retention, eDiscovery, and security challenges created by employee use of mobile devices and personal clouds. If not properly addressed, devices and clouds can undermine legal obligations and complicate preservation and production efforts in litigation. They can also leave data more vulnerable to misappropriation.

Organizations cannot address these issues without actionable information governance policies, supported by intelligent, user-friendly enabling technology. Policies need to clearly delineate the parameters of work to be performed on a personal mobile device or cloud. This includes audit and enforcement mechanisms to gauge policy observance and disciplinary measures for noncompliance. These policies should also define the nature and extent of the enterprise’s right to access, retain, and/or destroy data on the device or cloud, and to disable a device or cloud during or after employment. In addition to strengthening its security protocols and eDiscovery preservation measures, these policies will also help an organization better maintain and enforce its retention schedules.

In short, information governance is not synonymous with information management. Myth busted.

Beyond the Myths: Taking IG Action

There should be little doubt that basic IG programs with simple policies and effective, enabling technology would have minimized the problems seen in the Sony Hack and emailgate. However, these extraordinary events should not be viewed as exceptions to the rule, but examples of the rule itself. As evidenced by the recent Ashley Madison data breach, these scenarios seemingly repeat themselves daily across the globe. Investment in IG is perhaps the only way for organizations to position themselves to monetize their data and remain competitive while addressing the new threats created by the volume and value of our information and the new ways we want to use and access that information. It is time to move beyond the myths and take IG action.

Editor’s Note:

The IGI thanks Phil for this excellent contribution. His insight into common myths about IG and how they are easily “busted” by even a cursory examination of recent events is incredibly value for our community. To take action on IG, check out the resources on the IGI Community including for example, our just-published Benchmarking Report that will help you understand where you rank among your peers in IG program maturity. Also, check out Phil’s other writing on the excellent Recommind blog.