Why Aren't Organizations Paying More Attention To Governance?
By John Mancini, CEO, AIIM
In the last 10 years, we have seen a major growth in data, which is now created, captured and shared at an unprecedented level. That has created a tsunami of information for organizations to filter, analyze and store.
This deluge of data has had a huge impact on enterprises as well as the public sector. Government is increasingly moving to electronic records. By Dec. 31, 2019, for example, all permanent electronic records in federal agencies will be managed electronically to the fullest possible extent. These eventually will be transferred and accessioned to the National Archives and Records Administration (NARA) in an electronic format.
Storing records in electronic format means that much broader governance policies are necessary to ensure that the records held digitally are secure. They must also be easily searchable by public sector employees who need to check city planning applications, for example, or forecast the potential adoption of a public service in a given community.
The amount of data and the many ways it can be cross-referenced and analyzed is a major asset to any organization. It also carries major data security issues. Despite warnings, enterprises and public sector organizations are ignoring information governance at their peril.
Data breaches are increasing
An AIIM report in December 2015, Information Governance – too important for humans, highlighted the fact that more than half of organizations surveyed (U.S., private, and public sector) have had data-related incidents in the past 12 months. Of these, 16 percent have experienced a data breach.
Astonishingly, 45 percent of executives said that a lack of information governance leaves their organizations exposed to litigation and data protection issues, and 41 percent of respondents freely admitted that their e-mail management is best described as “chaotic.”
Shockingly, there are huge volumes of content in most organizations that do not fall under any form of information governance, retention management or e-discovery. The severity and frequency of data incidents reported in the research means that information governance is finally in the spotlight. For 28 percent of organizations, it is very high on the senior management agenda and more than half (53 percent) have recently launched new IG initiatives.
This deluge of data has led to a renewed affirmation that using automation is key for IG. Sixty percent of respondents agree that automation is the only way to keep pace with volumes of electronic content. Of those surveyed, 21 percent said they already are using automated declaration or classification of records.
Why is information governance still a sticking point?
In general, from AIIM’s research, it would appear that there is a willingness to put information governance in place, but many in the public sector still aren’t doing it effectively. Cloud and mobile have both had a major impact on the way information is stored, managed and utilized. But organizations aren’t factoring either cloud or mobile into their governance policies in sufficient numbers.
The AIIM research found that information storage, access security and data protection are covered by most respondents’ IG policies, but only 47 percent cover mobile access and mobile devices. That includes Bring Your Own Device (BYOD), 39 percent. Only 36 percent have specific policies for cloud-based content sharing.
In addition, there are issues around enforcing governance policies. Forty-one percent of respondents to AIIM’s research said this was still a huge hurdle, along with senior management involvement, which is crucial in ensuring information governance is given the impetuous to make it work.
A road to effective information governance
The road may be a long one, but there are still measures that can be taken to improve information governance. The first step is to create an information governance team with representatives from IT, records management and legal to put a policy in place and raise collective awareness. Set retention periods for specific types of data and audit the ECM system(s), record management and e-mail archive regularly. Look at running automated metadata correction, duplication and retention policy enforcement across all content systems in order to remove redundant and out-of-date data.
Make sure departments know of the risks involved should a security incident happen. Senior management must be fully briefed on the consequences of a security breach. Governance policies also need to be updated regularly to keep abreast of changing work practices, trends and technology, such as BYOD. Focus efforts on areas where data is the most sensitive, but also where there is governance present, such as e-mail.
Look at day-forward automated classification. This is especially valuable for e-mail, process archives and routine inbound content. Also consider using automation to simplify user-filing accuracy and thus automating ongoing compliance.
Data is now central to the running of most organizations. To make the most of this information, each organization needs a framework in place that addresses all the issues of data quality, standards, management, legal compliances and, above all, security. But as is clear from the results of AIIM’s survey, there are still holes in the system. Without an effective information governance policy in place, organizations are spending more to be less efficient.
Information Governance is now critical, and it is up to senior management to highlight the cause and ensure teams understand its importance, or they will miss out on the benefits and leave themselves highly susceptible to security breaches.
John Mancini is an author, speaker and respected leader of the AIIM global community of information professionals. He believes that in the next five years, a wave of digital transformation will sweep through businesses and organizations, which will face a fundamental choice between information opportunity and information chaos. www.aiim.org