During Global Information Governance Day (GIGD), held this year in February, RSD, a leading provider of information governance solutions for the enterprise, hosted an exclusive online panel discussion on the challenges being faced by organizations today dealing with information governance issues. Information management professionals and industry pundits joined the lineup of expert panelists, which included Barclay T. Blair, co-founder and executive director at the Information Governance Initiative (IGI), Richard Hale, CTO at Active Navigation, and Jon Garde, senior product manager at RSD, former Chair of the DLM forum and author of the MOREQ 2010 standard. Ed Hallock, senior director of North American marketing at RSD, moderated the panel.
Read further to learn how executives can overcome the challenges of managing the explosion of data and technology within their organizations.
Overcoming Governance Challenges
Click through for tips on how executives can overcome the challenges of managing the explosion of data and technology within their organizations, as identified by experts participating in an RSD online panel.
What is still inhibiting people from starting [information governance]? What are some of the strategies and processes that organizations are putting in place that get them moving to information governance?
From Barclay T. Blair: What’s fundamentally broken around information governance is the lack of clarity about who owns it at the executive level. The other bottom-up approach is that there’s a legacy problem, where a lot of how information governance is positioned as an evolution of records management. Records management has suffered from an identity crisis since we transitioned from the paper command and control world to the digital world.
From Richard Hale: What I see fundamentally is that information governance is a people problem at its heart. Organizations struggle to bring [functions] together…It’s a big job and one of the challenges that organizations face is the temptation to boil the ocean. I think [it’s beneficial to] show people a clear example of what information governance [is] and [what its] related activities can achieve, and it helps feed interest into the top-down approach and build stakeholder support too.
From Jon Garde: It’s quite a difficult problem for many organizations to tackle. Organizations have gone out and bought different systems at different times that meet their needs. These systems aren’t created in order to join up together and have a common information policy so it is quite difficult to work out what to do, what they should be protecting, what they should be organizing, what they should be using in search and what they should be cleaning up.
Please talk a little about what the role [of chief information governance officer] should really be and how you see that role evolving.
From B. Blair: [The concept of the CIO and its origins] go back to the early 80s, and the U.S. federal government was actually a big proponent behind it, as was IBM. One of my favorite quotes from that era is something to the effect that while creating that role begs the question: Who owns the information—those who create the databases or those who create the information? We have yet to answer that question [some] 30 years later.
Last year, we started promoting the idea of a chief information governance officer (CIGO). In some ways, the simplicity of that advocacy is both its greatest strength and its greatest weakness. Its strength is in the fact that it places the emphasis where we wanted—[we] have to solve the problem at the C-level somehow. Its weakness is that you encounter the argument: do we need another C-level executive? There are a lot of folks out there who [do not necessarily] come from records management or legal backgrounds, [but] who are stepping up to that role and currently own the titles like VP or SVP of information governance out there too.
With all of these network breaches, why are we not seeing information governance emerge even more in organizations? Are we going to see the drivers come out of the security departments and the security domains in organizations?
From R. Hale: The problem is that information governance is so often tainted with the stick part of the carrot-stick relationship. So many people talk about risk and the risk of leakage and data loss. Ultimately, organizations are looking to benefit from information governance. To get somebody to sign off on an information governance initiative, one needs to show return on investment. I find the thing about risk is somewhat clichéd as it’s connected to information governance and sometimes unhelpful.
From J. Garde: I think that’s an interesting perspective because we always say that information governance involves risk, yes, but also cost – the cost of forming the governance and managing the information. One of the problems we encounter is that if we look at information governance as being the application of information policies, we find that these policies are fractured across the organization.
Do you think we’ll ever see a situation where someone steps up from a traditional leadership role and perhaps takes on the information governance leadership role as a promotion?
From B. Blair: For organizations operating in highly regulated environments, there’s no separation of the business strategy and the compliance strategy. They have to be built hand-in-hand. For example, we have a case where you have a business leader who isn’t coming from a risk orientation, stepping into [a new information governance] role as a way to enable data-driven business models.
The Value of Information
We’re getting a lot more focused around how businesses get value from information and leverage that value to grow the business. Would you agree that that’s where we’re [moving] to, from a market perspective?
From B. Blair: There’s a false dichotomy here. It’s not either-or. It’s both. It’s always going to be both. The question of whether or not the value generation is more important than the risk reduction is a marketing question at the end of the day. The reality is that every company has those needs on both sides and, in fact, there is lots of evidence that shows that the risk side of it is just growing in complexity and difficulty. It’s really the question of what you emphasize.
From R. Hale: We see many clients needing a way of just getting things started, and sometimes those things can be embarrassingly mundane. Everyone’s looking for the big deal. We have many organizations that start with a conversation about how they ought to classify hundreds of terabytes of content with no user input. Ultimately, [to] learn those practices and how they get there, it might be a good idea to start with things that are more achievable.
Return on investment (ROI) has been a challenge for a lot of organizations. From a business perspective, what are they going to get back? How do we, as information governance practitioners, help the business with that ROI and that ROI model?
From B. Blair: There’s a mistake that information governance practitioners make over and over. They try to sell their company on the benefits of information governance in the abstract. But…you need to think globally about information governance but act locally. It’s the impact on the individual departments and business unit, so a better information management is the only way to calculate and communicate the ROI.
From J. Garde: There are a series of maturity levels that organizations reach, and we talk about maturity and maturity models in information. Some are doing more of the things that we need to see in information governance and some are doing less [because] they’re getting benefits out of the way they’re using information. The areas that have a low-level maturity can’t see that benefit [and] aren’t realizing what the advantages of doing that is.
From B. Blair: In my view, few companies are working with as large an organization as RSD is. The reality of a huge global company is a collection of fiefdoms and collection of groups of people that are perhaps moving in the same direction but they have their own metrics, their own goals, their own specific business problems. Until information governance practitioners get better at understanding that business problem first and the information governance problem second, [it] just won’t be successful.
How do we get everybody on the same page [and] change [the] mindset to get these people together? Do we see this working?
From J. Garde: Part of the issue here is that in our mindset, our information is static, that it’s collected into folders and drives and various repositories and so forth, and we look at it as a static resource. Whereas, in fact, information is dynamic; there [are] systems and processes in place that are moving our information around, using it in different ways. Part of information governance to me is understanding what the dynamic flows are and looking at how we can optimize those in order to increase the value proposition. But at the moment, organizations don’t make use of dashboards that allow them to have a dynamic look at what is happening to information within their organizations and in their interaction with customs.
What effects are social media and mobile activities having on governance activities within organizations?
From R. Hale: The big challenge with BYOD is consumer practice and capabilities according to the organizations and it’s driving a lot of innovation right now. Information governance has to continue looking to support users in those endeavors without blocking what they’re doing and providing a safety net. We need professionals and skills and technologies to support them and help bring together the “I do it my way” versus the way the organization needs it done for a governance purpose. It’s a bridge that needs to be crossed.
From B. Blair: It’s time for us to move beyond pretending that things are still functioning the way they did 40 years ago. We need to design information governance into the systems that knowledge workers want to use to do their work. Our tools and techniques absolutely have to be built into the processes and the tools that people use to do work. It has to be as automated as much as possible.
From E. Hallock: It needs to be nonintrusive to the end user of the business. These processes that the organizations have used to manually classify and manually file records, it’s not going to work anymore. When IGI did [its] annual report, there were so many different disciplines around information governance [so] for it not to be automated is unimaginable.
From J. Garde: The nexus of the conversation is moving away from the equipment and the technology and the systems of the business to [users’] private systems. We see BYOD and all these things that are there to compensate. A lot of the information that [was] previously captured by the organization is actually not within the range of what the organization sees or has on its systems. We need to ensure that the practices we see in the consumer world get translated into things that we can use effectively within the enterprise world. That’s something that’s important for the future; otherwise the lack of control that [organizations] have will spiral more and more out of control.
From R. Hale: It’s a big problem. It’s tough to solve so don’t get wrapped up on the big thinking on information governance. Find the problem, use traditional and technology-enabled information practices to solve it and then grow it out from there. We spend too long paralyzed worrying it about too much.