posted 25 May 2010 in Volume 13 Issue 7
Cleaning up the chaos
Michael Brown on why the time has come to take a closer look at information governance
There is no doubt that the amount of electronic data we have to deal with every day is growing. In fact a 2009 IDC study found that the ‘digital universe’ is expected to double in size every 18 months and, by 2012, five times as much digital information will have been created compared to 2008. At the same time businesses have also faced increasing regulatory pressures requiring them to keep more data for longer periods of time. With over 16,000 regulations worldwide relating to corporate data retention and management, it’s no wonder that organisations are cautious about deleting anything. As a result, we are seeing companies buckling under the strain of handling huge amounts of data. And as the chaos builds, so does the pressure to regain control, get rid of the excess and set proper policies for handling information retention in the future.
The golden chalice for these organisations is information governance. Although it isn’t new, it is something that businesses need to embrace in order to control the ever growing mountains of electronic information. Without it, a business runs the risk of handicapping its organisation by damaging its infrastructure, a risk that no business can take in modern times.
A second benefit that is often cited by advocates of information governance is the positive impact on user productivity. Any change creates a certain level of resistance in the early stages and implementing policies for data management is no exception, but once in place these policies enable workers to know exactly what information they have, so they do not have to wade through mounds of superfluous, antiquated data to find what they need to get their job done.
By definition, information governance encompasses the people, practices and technology needed to proactively manage corporate or organisational information – one of a business’ most important assets – which, managed incorrectly, could also be its biggest liability. Specifically, it is the policy-based management of information that can lower costs, reduce risk and ensure compliance with legal, regulatory standards, and/or corporate governance. By applying these policies and technologies, a business can understand where a specific piece of information is in its lifecycle. It can then apply the appropriate policies including retention, disposition and, as appropriate, long-term preservation. This enables an organisation to gain ongoing visibility into its internal information and therefore gain greater understanding into what information it has, where it is stored and what to do with it.
In order to manage your information correctly, in a way that that is sustainable, repeatable and future-proof, it is vital to establish some considerations to bear in mind when creating a proactive information governance policy.
First and foremost, there is a need to have intelligence into the information, its value and where it is stored. With this knowledge, there are three key steps to defining good information practices.
Step one: Defining policy
In order to implement clear policies and practices, defining which information is required to be kept and why, is the very first step to take.
It is important to understand the difference between ‘high value’ and ‘high volume’ content. The former relates to any high risk or regulated content. High volume, however, is day-to-day content which will have varying value to the business.
Alongside this you must also look at regulatory compliance – set by government, industry bodies and so on – versus internal more generic corporate compliance. This is where visibility is important, as there might be content stored in an office document that should be securely locked as sensitive information – credit card details.
Once the policies and practices are defined a key, yet often overlooked, part of this policy and procedure involves educating the user community on what the policies are, why they are beneficial and how to work within them.
Step two: Controlling – not limiting – access
Information governance requires organisations to clearly set up policies granting access to information. When you think about access, there is the risk mitigation aspect, as well as ongoing user productivity. This is an example case where intelligence into what content is stored in the environment is important – you would treat sensitive financial data differently than a product manual (as an example).
Knowing who has access to the information becomes even more important given international data protection and privacy laws. Adding to the complexity is the need to securely store content for legal hold in an e-discovery context. What is important here is to find a balance between controlling access, so that workers only have access to information relevant to their role, and giving them access to enough information to enhance their productivity.
Step three: Don’t be scared of the delete button
An important aspect of an organisation’s information governance is the policies in place to routinely clean up the information stored and delete what isn’t needed. It is vital to ensure proper end-of-life disposal of content as it expires. The best retention policies won’t matter if the disposal is not carried forward.
Not only does it free up your infrastructure, driving down costs, but efficient deletion also increases employee productivity and in some cases can protect you legally as ‘what you don’t have can’t hurt you’.
Any disposal should be carried out properly in accordance with regulatory policy as part of an information governance strategy.
All in all, information governance isn’t a new concept by any stretch of the imagination, but it is more relevant now than ever. Without it, businesses run the risk of damaging their infrastructure, performance and ultimately their future.
Michael Brown is a SourceOne subject matter expert at EMC.
How technology can help
Foundational to information governance, archiving delivers cost benefits and risk mitigation for high volume digital content, helping you to manage the retention and disposition of such information. This will enable proactive and consistent management of content including files, e-mail and Microsoft SharePoint.
When considering an archiving solution, it is important to look at the end user experience, which should be seamless and transparent. Some archiving products can be disruptive to the end user experience and may make it difficult for users to access historical content in the archive. You also need to consider the cost effectiveness of the archive platform, including support for virtualisation, built-in single instancing and data compression.
Retention management is another foundational element of information governance, which will allow an organisation to manage the lifecycle of information and also enable litigation readiness. This is for high-value content where more granular classification is needed and where more granular retention may be required and is often driven by regulatory obligations, for example.
Records management capabilities complement the high-volume retention management capabilities that would be delivered in an archiving solution. They allow for more granular and sophisticated retention capabilities, such as event-based retention.
The biggest element to consider for a retention management solution is end-user transparency through automation. However few solutions on the market balance sophisticated records and retention with a seamless end-user experience.
As much as we like to brush off e-discovery as a US-centric problem, it is an increasingly global issue. More businesses are being asked to share sensitive information under the Freedom of Information Act, law suits or litigation, for example. By managing high volume and high-value content with the two previous considerations, the time, cost and risk of e-discovery is reduced.
Litigation readiness is a benefit of information governance, making e-discovery tools more effective. When looking for an e-discovery tool, you should consider the sources that it can discover against, its scalability and cost/performance metrics. It should quickly search all of your content repositories, surgically collect the most relevant content and securely hold it for the duration of the case. Another main factor is ease of use, which in this case will affect your less technically savvy legal professional, who needs a simple yet powerful tool to identify, collect, filter, analyse and securely hold content.