Senior corporate executives in C-suite positions are increasingly being told that they need to pay attention to ‘information governance’ (IG), although competing definitions of what constitutes IG have led to a certain confusion in the marketplace of ideas regarding what IG is and how it can be accomplished.
The Information Governance Initiative (IGI), a newly formed think tank and consortium of industry solution providers defines information governance as “The activities and technologies that organisations employ to maximise the value of their information while minimising associated risks and costs”. In accord with this definition, there are many facets of information governance – and IG decidedly should not be considered simply to be a rebranding of records management in the era of Big Data.
Rather, as shown in the chart (right), IG is best viewed as a coordinating function for a variety of important interests within the corporate enterprise, including involving information security, e-discovery, privacy, risk management, knowledge management, IT management, audits, analytics and business intelligence – all in addition to data storage and records and information management in the mix as well.
What Are The Hot Trends In IG For 2015?
The first will be the emergence of a genuine IG market. The IGI’s Annual Report for 2014 found in a survey to a community of 5,000 individual practitioners and providers in the IG space that small to mid-sized businesses (under 5,000 employees) have on average four IG projects currently underway, averaging US$330,000 per project; larger organisations (over 5,000 employees) have six such projects, with an average spend of $2,000,000 per project.
The Report also found that the most common source of IG services by a wide margin are professional services groups at software and hardware providers, followed by boutique consulting firms specialising in IG, large generalist consulting firms, trusted advisors, and law firms.
“For an IG effort to be successful you need senior management support but also must get buy-in from the boots on the ground people. It takes different ‘sells’ when approaching folks I’m targeting for support. A concern might be money or easier access – all while still being in compliance,” said Steven Zellin at Aetna – quoted in IGI Annual Report for 2014.
Second, a growing number of corporate executives will find themselves having either IG or an equivalent designation in their titles by the end of 2015. Already a number of multinational companies have a ‘Global Information Governance Officer’ or ‘Head of IG’ so designated, and all signs are pointing to a continuation of this trend. Gartner has been championing the idea of a ‘Chief Digital Officer’ along similar lines for the last couple of years, and the IGI will be putting on a conference in Chicago in May 2014 on the role of the ‘Chief Information Governance Officer’.
That IG needs a champion in the C-suite is largely uncontested; but there is a significant divergence of views whether existing Chief Information Officers – who typically find themselves more concerned with updating network configurations and ensuring cloud architectures are in place, than with policy issues affecting data – will morph into being CDOs and CIGOs, or whether new positions need to be created either as peers of the CIO or reporting to them.
Third, 2015 will see the rise of analytics in the IG space, transforming the visibility of data kept within the corporate enterprise. The recent successful use of machine learning techniques applied to the e-discovery and e-disclosure space (particularly in the US but also elsewhere, at least in common law jurisdictions), to save costs in litigation by leveraging the power of software in replacement of more traditional means of eyes-on document review, can be applied to a much larger corporate domain.
Some lawyers in the US are building information governance practices around the power of analytics, urging colleagues and clients to adopt greater use of sophisticated technologies to peer into and makes sense of vast collections of email and other digital records. Doing so may help to resolve otherwise vexing issues, including involving what information may be known about employment disputes, mergers and acquisitions, and whistleblower claims – to name just three out of many areas of practice. (See Bennett B. Borden & Jason R. Baron Finding the Signal in the Noise: Information Governance, Analytics, and the Future of Legal Practice, Richmond J. of Law and Technology – 2014).
The growing use of auto-categorisation tools similarly holds out the promise to transform records management, both in terms of its ability to aid in the remediation of legacy data, as well as in assisting corporations to focus on what constitutes important data being created on a day forward basis that will be worthy of preservation.
Fourth, having an IG champion (no matter the title) will only take on greater importance in light of the level of dissonance that exists between US and European approaches to privacy, as brought into special focus by the coming ratification of the EU General Data Protection Regulation. Of special interest from an IG perspective: the C-suite in the global corporation will be faced with having to make choices regarding how widespread will be the deployment of the kind of powerful analytical tools referenced above, for the purpose of mining data that in some places is considered personal, not corporate, in nature (eg email).
Looking beyond 2015, the IGI annual report projects a $20 billion IG market for products and services by the end of the decade. We can also expect that by the end of the decade IG will be mostly accomplished ‘by design’, that is built into the products we use to get work done, rather than in separate products and services. This concept of IG by design will take on added prominence in an Internet of Everything world – where all devices sensors and software are acting ‘smart’ – sending a constant stream of metadata capable of being monitored.
In a world where big data is doubling on average every two years, the emergence of information governance as a maturing discipline provides some degree of hope that more serious attention will be paid to managing information, including instituting a greater control framework to more systematically deal with around both legacy and newly created data lakes and repositories.
The question for the C-suite remains however: how do information governance concerns get successfully highlighted and elevated in the absence of a scandal, major lawsuit, or massive security breach? It is a conversation increasingly worth having, starting in the boardroom.
About the Author:
Jason R. Baron is Of Counsel in the Information Governance and eDiscovery Group at Drinker Biddle & Reath, LLP, in Washington, D.C., serves as Co-Chair of The Information Governance Initiative, and is on the adjunct faculty at the University of Maryland. He is an author of scholarly research on the law of information retrieval, and is a frequent keynote speaker in international forums on the subject of the e-discovery and e-recordkeeping. In 2011 he was honored as the recipient of the international Emmett Leahy Award, for career contributions in records and information management. He was recognized in the August 2013 edition of The American Lawyer as an e-discovery “trailblazer,” in its issue on “Top 50 Big Law Innovators of the Past 50 Years.”