Designing an Information Governance ProgramPosted 2013-04-16 Email Print
Information life-cycle governance reduces costs and risks by incorporating the value of information to stakeholders and disposing of data that has no value.
By Richard Kessler
Big data holds promise for firms that can collect and analyze it, but information governance leaders, especially those at multinational organizations, are struggling with a dilemma: The value of information declines over time, but the costs and risks associated with it don’t.
Information life-cycle governance (ILG) programs respond to this challenge, reducing information costs and risks by incorporating the value of information to the various stakeholders—business users, legal and compliance, records information management (RIM), privacy and security, and IT—and disposing of all information that has no value. Creating such a program is particularly challenging for multinational organizations, but it can be done with the right strategy, the right team and the right tools.
The massive volumes of information that organizations collect today come from a variety of sources, including social media feeds, company email, customer interactions, slide presentations and more. But much of this information loses its value quickly.
For example, social media feeds are great for trend analysis, but the business value can disappear within days. Meanwhile, much of the email stored on corporate servers loses its value as soon as it’s read. The storing of “data debris” is widespread.
According to a 2012 Compliance, Governance and Oversight (CGOC) survey, at any given time, 1 percent of corporate information is typically on litigation hold, 5 percent is in a records category, and 25 percent has current business value. This means that 69 percent of information in most companies has no current business, legal or regulatory value.
Keeping all this data is expensive. Despite the continual decrease in the unit cost of storage, other technology costs related to processingand accessing theinformation, retaining and producing it for regulators, and preservingand producing it for litigation are extremely high and rise as information ages.
While the obvious and logical response to this should be to delete information that loses its value, significant obstacles keep this from occurring. Despite the costs, many organizations have adopted a “retain all data just in case” strategy to avoid the possibility of deleting any information that might be of use to business users or required in the event of litigation.
While well-intentioned, this approach actually increases costs and risks. During litigation, the legal department must put far more information than necessary through the expensive legal review process. Also, business users are often frustrated by the inability to locate the information they need on data stores that are proliferating.
An additional obstacle to getting rid of data debris is that even if IT recognizes the cost benefits of regular deletion, it doesn’t have the information or insight to properly identify what data has no value. Meanwhile, legal, RIM and business users—the people who do have the knowledge to assign value to information—most often do not communicate this information to IT because of the time and effort required to do so.
For large, geographically dispersed organizations, the challenges are even greater. In addition to the decentralization of information management in general, these organizations must contend with rapidly evolving and often conflicting privacy regulations in the UnitedStates. and the rest of the world.
To address and overcome these obstacles, organizations must align and reconcile the needs of all information stakeholders. An ILG program can enable organizations to identify information that has legal, regulatory, business, or privacy and security value and defensibly dispose of all else.
Defensible disposal can dramatically reduce the amount of data retained by an organization—and therefore reduce information costs. It also ensures that all valuable information is protected and that all data that can and should be deleted is removed within appropriate time frames.