Julie: Is information governance going to stick? Is it real, and moving into the future?
Alison: I think the question is, is this an actual thing or passing fad? I’ll admit that maybe I have been on the fence about this—but actually, IG's been around for a long time. It wasn’t necessarily called "IG" for all this time, and it wasn’t precisely what it is today, but I can track it back to the turn of this century.
It’s developed via things like e-Discovery, privacy, security, records management challenges, and so on. It's not, "will IG still be a challenge in five years?" It's "what will it look like?" And actually, if we agree that information governance is part of corporate governance, and if we extend the corporate governance principles of accountability and transparency to encompass information, we might actually find the right home for information governance.
Barclay: Well, let’s look at how the Sony debacle very quickly went from a conversation about "how do we secure this stuff?" to "should we have this stuff at all?" Their General Counsel had 4,096 emails in her deleted folder suddenly exposed to the world. It’s fair to say her interest in information governance has changed quickly in the last couple of months.
So what's interesting is that there is an incredible vacuum in corporate governance around the problem and the opportunities of information. Who is the owner of the information? That's an unanswered question that is going to be answered, for sure, by 2020.
Julie: Well, I think this leads well into the next question. Will there ever be a role substantively functioning as a Chief Information Governance Officer?
Jason: I know of at least one law firm that has established a similar position. Ultimately, I think it also depends on how we define that role.
Alison: The thing is, I hesitate with titles. We have enough chief officers on the board of directors. It's not about the fact that we want to introduce another one; it's more about whether our information is used properly, whether we've got the right strategy, whether it's innovative management for the information, and if you use it effectively and profitably. It's not that there won't be somebody responsible for information. Creating titles is not going to get the job done, and that's the challenge I have with it. I don't think that it's wrong to have somebody who has a holistic look at information at a very, very high level. I just don't need the titles.
Barclay: But organizations are much more political that that. If you want to be successful and you actually want to accomplish something around information, you need to learn how to operate. Our CIGO Summit, for example, isn’t a conference about information governance—it’s about corporate leadership. These professionals need to understand how to maneuver their organizations. Who's going to benefit by the existence of a CIGO? Who's not going to like it? Who's going to be your friend? These questions need to be answered. On some level, the names of things are important. They're incredibly important when it comes to selling these programs internally. Ten years ago, we didn't have a chief privacy officer. Were we dealing with privacy? Of course.
Alison: I totally understand and agree that you need someone who's looking at this holistically. It's more about creating these positions when we don't know what they do. So tell me exactly what you think a chief information governance officer does?
Barclay: Sure. We're creating the CIGO Playbook, and each of its eight chapters lays out specific dimensions of the CIGO's role. Attendees at our CIGO Summit can take that and go do that job. It's guidance on what kind of authority they have, and how they exercise it. What are their reporting relationships? Where do they sit in the organization? How much should they get paid? What are comparative C-level jobs? What kind of backgrounds should they have? What kind of personality do you require to play that role? It's going to be highly collaborative. You're going to have to work with people.
So yes, absolutely, I'm not throwing a title out there and saying, "Yay! We solved the problem." Far from it. We're saying, "Look, this is the beginning of a journey." Frankly, it’s also a career path for folks who are interested in this field—and that’s valuable.
Jason: See now, I actually think they're both right. To Alison's point, I think far more important than a title is the fact that there is someone who is doing this within the organization. If I’m the right person for the job, I will take on that task and I will do it to the best of my ability to be effective in the role.
That being said, the fact of the matter is, Barclay is right: politics within an organization absolutely do matter. I mean, who would get more responses to a legal hold: the Chief Legal Officer or a paralegal? So titles matter, I don't dispute that. This is why they’re both right—the CIGO title matters, but the substance behind the title matters more.
Chris: Alison is very strong on this idea that we should look more at the substance of what's it about, rather than what it's called, and one can't disagree with that. I don't disagree either with Barclay. I'm keen on this career's progression idea. There is the idea that we need to entice a whole load of people into this industry in a broader sense, and that if titles help people to be respected, then that title matters. We do need to have some sort of label. It's much more important though, as Barclay was emphasizing, to ask, 'What's the job description?" Because that's what really counts.
Barclay: Obviously, having an empty suit sitting in a chair doesn't help anybody, right? So that’s why we are working on a job description for a CIGO. Do I think that's going to solve the problem completely and everyone's going to adopt it? No, of course not. We're trying to push the market forward. It's clear that there's a vacuum at the executive layer around who owns information, and we're trying to do our part to highlight that. We're also having lots of other conversations about information governance, and this is just one of them, and we'll see what happens.
Julie: So I think we can all agree that something is needed, but it's early, right? So when will that something take hold? When will we see people in these roles in serious numbers?
Barclay: If you look at IAPP, the group that effectively created the chief privacy officer role, they started as a little group of people that said there should be this role. And I think if we go from the time they started to the time that we are in now—when it might be considered unconscionable, if you are a holder of consumer private information of a certain size, not have to a chief privacy officer—that's probably about seven years. It probably took three to five years before it became sort of mainstream. At some point, someone in every industry will have one, and the rest will think "Oh, we should probably do that, too." And then it starts to happen really quickly.
Jason: But see, I think we're seeing them already. I may not have the title of Chief Information Governance Officer, but in my roles and responsibilities for my firm, it's essentially what I'm doing. No, the CIOs do not report to me. No, the chief information security officer doesn't report to me. But we are absolutely peers, and we are absolutely working together. I know, like I said, of other firms that have people acting with the title. I know of records managers who are very much acting in this manner, maybe not by title, but certainly as being that person who's bringing people together to start thinking about these problems and these issues in one cohesive manner.
End of transcript