By Barclay T. Blair, Founder and Executive Director, Information Governance Initiative
Information governance (IG) has always been important, but major events in recent history have thrust it into the mainstream conversation and for good reason.
There was the infamous Sony hack. A few months later, the story about Hillary Clinton and her personal email server came out.
Shortly after that, details emerged indicating that, when it came to compliance, a Silicon Valley unicorn valued at $4.5billion was allegedly cutting corners left and right.
In today’s age of big data, organisations have more information than they know what to do with. Time and again, we’ve seen what can happen when IG is considered an afterthought if not overlooked entirely. To fully unlock the power of the information they have while reducing its associated risks, organisations need to put IG front and centre – and that’s exactly what many of them are doing.
According to our research at the Information Governance Initiative (IGI), a think tank dedicated to creating and advancing IG best practices, organisations are investing significantly in IG. On average, those organisations doing IG and with fewer than 1,000 employees are working on four IG projects simultaneously, with each costing about $186,000. Perhaps not surprisingly, large organisations doing IG are spending even more. Our research indicates companies that employ at least 10,000 workers are tackling an average of seven IG projects at once, at a cost of $777,000 each.
“In a perfect world, organisations would take a proactive approach to their IG problems, making sure their house is in order before any triggering event occurs”
Lots of organisations are already spending significant money on IG this year. According to our report, nearly 50 per cent of practitioners expect the IG market will grow even bigger in 2016. With that in mind, here are IG trends we expect to emerge in 2016-2017 as organisations, on average, increase their IG spend.
1. Most organisations will take at least some action on IG
To paraphrase philosopher George Santayana, those who ignore history are destined to repeat it. There’s been no shortage of major news stories over the last few years that show exactly what happens to organisations when IG is neglected. To this end, smart decision makers are learning from the misfortunes of others and taking steps to insure they don’t suffer similar fates.
According to our report, virtually all organisations are at least taking some action on IG. For the most part, these programmes are relatively nascent, though some organisations report their programmes are at intermediate levels of maturity. We can reasonably expect to see IG programmes continue to mature in the immediate future as more projects move forward.
2. Practitioners agree that IG efforts are most likely to succeed with C-suite support
It can be difficult to get IG initiatives off the ground without C-suite support. All employees are busy and may be hesitant to take on additional responsibilities or try something new unless they absolutely have to – which is where upper management can help out.
According to our report, two-thirds of practitioners agree that a high-level IG-specific role is essential for the success of an overall IG programme. This is why the IGI and its community have been calling for the creation of a new C-suite position, the chief information governance officer (CIGO). Broadly speaking, this person would be responsible for interdepartmental coordination, information leadership and risk and value balancing.
The CIGO concept is gaining traction. Not only are there already some CIGOs, there are also many leaders who are leading the IG charge at their respective organisations regardless of their actual titles. We expect more and more organisations will create CIGO roles in the coming years.
3. Security is at the front of everyone’s mind
In the wake of a never-ending list of data breaches at places, such as Anthem, Target and Home Depot, organisations arguably care more about protecting their data than ever before. Thanks to those much-publicised breaches, organisations can reasonably guess what would happen to them if they similarly neglected their IG responsibilities.
Still, organisations cannot protect their data if they don’t know where it is, how much is out there and what should be done with it. Perhaps this is why our research indicates the top IG project currently undertaken by organisations is updating policies and procedures. As organisations shift more of their focus on security, they figure out what data they have and where it’s stored. After those determinations are made, they then need to figure out what rules their information will be governed by to reduce the likelihood their data will come back to hurt them.
4. The IG market is becoming increasingly defined
A majority of IG practitioners agree that the IG market continues to come into focus, according to our research. Practitioners in large part believe that the work they are doing is IG-specific. Companies are buying and selling services that are explicitly called IG. As more and more IG projects commence, organisations are appointing IG leaders to help coordinate them, ensuring their success. There’s also an IG software category taking shape, too.
As more and more organisations funnel funds into their IG efforts, we expect the emerging IG market to become even more defined.
5. Organisations are most likely to approach IG from a reactionary stance
Even if they’re fully aware of the implications associated with a lack of focus on IG, many organisations simply don’t have the luxury to attack IG-related problems to proactively attack. Our research reveals that, for the most part, organisations move IG initiatives forward due to external regulatory, compliance, or legal obligations. If those things don’t push IG forward, an external triggering event – like a lawsuit or a data breach – might force organisations to act.
In a perfect world, organisations would take a proactive approach to their IG problems, making sure their house is in order before any triggering event occurs. That way, organisations could rest comfortably, knowing that, for example, their e-discovery costs will be as low as possible because they know where all their data is and they’ve already cleaned it up.
But it can be a lot harder to sell someone on hypotheticals that have yet to take place, particularly when there are other priorities competing for finite funds. As much as an organisation might want to get started on IG, they might have to wait for an event to force their hand. As Winston Churchill once said, never let a good crisis go to waste. If it takes an external event to get your organisation started on IG, so be it.
6. But some of them are taking proactive approaches to IG
Understanding that it’s better to be in the driver’s seat of their own IG programmes, some organisations are moving forward with IG initiatives from a proactive stance. Yes, many organisations wait for an external triggering event to put their IG projects in flight. But it’s not ideal to be forced to respond to incidents when you can instead anticipate them and plan your response before they occur.
By taking a proactive approach to IG, organisations have a much easier time accomplishing their IG goals. They don’t have to wait until something they have no control over forces them to act. Instead, they can assess their IG priorities and tackle them at their own pace.
7. IG programmes continue to be works-in-progress
According to our annual report, very few organisations are confident enough in their IG programmes that they’re comfortable calling them ‘advanced’. Of the organisations that are taking action on IG, a vast majority of them indicate that their programmes are either ‘nascent’ or ‘intermediate.’ This makes sense, because just like the technologies that power our organisations, IG is always evolving.
For the most part, organisations are focussed on managing the risks associated with their information. Once the risks are under control, however, they can begin to really leverage the full power of their data. Only then will practitioners perhaps be comfortable enough to call their IG programmes ‘advanced.’
8. Money is important to IG – but not as important as you might expect
Organisations need money to stay in business. Any time a decision is made about allocating funds, managers will do their due diligence to make sure the investment makes sense. As discussed earlier in this article, organisations of all sizes are tackling multiple IG projects at the same time. Perhaps somewhat surprisingly, they don’t appear to be too hesitant about spending a lot of money on those projects, either.
Of course, money matters. But according to our report, only one-third of practitioners used actual numbers to sell IG internally – despite the fact organisations required providers to use actual numbers during the sales process. Taken together, these anecdotes suggest run-of-the-mill organisational politics and variables affect IG programmes the same way they affect any other initiative.
9. Organisations will increasingly unlock the value side of their information
What a difference a year makes. According to our report, organisations today are focussing much more of their energy on tapping into the value side of their information compared to previous years. This trend provides evidence that once an organisation has solved its foundation problems and built a mature IG programme, paths to value creation open up.
According to our report, nearly 20 per cent of organisations said the ability to glean business insight from their information was an IG driver. As IG continues to move into the mainstream, more and more organisations are becoming aware of the lucrative possibilities buried in the value side of their information. As organisations continue to build solid IG foundations, we can expect even more of them will create value from their data by masterfully managing it.
10. They’re also trying to mitigate risks associated with data that could have been defensibly deleted
It’s simply impossible for organisations that haven’t gotten started on IG to have any way of knowing how much data they’re holding onto for no reason. But for organisations that have gotten started, a desire to mitigate risks associated with hanging onto data that could have been defensibly deleted was the third highest driver for IG. This makes sense: you can’t breach what isn’t there.
In a 2013 lawsuit, a group of plaintiffs took action against a pharmaceutical company related to its marketing of a blood thinning medication.¹ The plaintiffs filed a motion to force the company to produce emails and documents associated with the company’s former vice president of marketing. There was a problem with that request: the company had apparently deleted those documents and emails in accordance with its records retention policy. The trial court ultimately ruled that the company was right to delete those emails; no violation of the law had occurred.
Who knows if the company dodged a bullet? But the company didn’t have to produce relevant documents in court because it had its IG house in order before the lawsuit came to light. As more and more organisations learn about what strong IG policies look like in practice, we expect they will develop similar policies and procedures that will help them defensibly delete data that’s no longer needed.
11. Organisations are concerned about data storage costs
Virtually all organisations are trying to streamline their approach to data storage. Whether there’s duplicate data or other files and documents organisations no longer need for one reason or another, there’s no sense in holding on to more information than is needed or useful.
It’s true that data storage costs have fallen remarkably over the last few years – and they’ll continue to fall as computing costs come down even further. But while it might not have been an issue in the past, organisations certainly don’t want to store excess terabytes or even petabytes of data unnecessarily.
As organisations continue to produce more and more data, they’ll turn their focus on storage costs sooner or later. And after they do, at least some of them will learn how IG not only helps reduce storage costs but also transforms the way information flows across an organisation.
About the Author:
Barclay T. Blair is an advisor to Fortune 500 companies, technology providers, and government institutions across the globe, and is an speaker, author, and internationally recognized authority on Information Governance. Barclay has led several high-profile consulting engagements at the world’s leading institutions to help them globally transform the way they manage information. He is the president and founder of ViaLumina and the Executive Director and Founder of the Information Governance Initiative.
Footnotes:
¹ http://www.scribd.com/doc/172101574/In-re-Pradaxa-Dabigatran-Etexilate-Product-Liability-Litigation-pdf
