As your organization explores how to thrive in our new coronavirus world and beyond, information governance — that is, how a company gathers, stores, uses, protects and disposes of its records, data and other information — should not be overlooked.
The coronavirus pandemic made clear early on that its effects would accelerate many trends already in place. Of these accelerating trends, greater digitization across all things has been one of the most profound. Pre-pandemic, company servers already were being weighed down by increasing volumes of information. Looking forward, our changing society will certainly result in the amount of information being retained by organizations growing at an even more dizzying pace.
Explosive growth in information should motivate you to think about good information governance
Here are a few statistics to help put into context just how explosive information growth has already become, and emphasize the need to think hard about enterprise-wide information governance. The International Data Corporation estimates that this year alone, the Global Datasphere (considered the summation of all data in the world) will reach 59 trillion gigabytes. That is roughly ten times the size of the Datasphere a mere seven years ago. By 2025, the IDC estimates that the Global Datasphere will be roughly 175 trillion gigabytes, more than ten times the amount of data in 2017.
Yet, roughly 70% of the information retained in most organizations has no business, legal or regulatory value. In other words, nearly three-quarters of the information a company possesses does not contribute to its health or well-being, is not subject to any legal hold and is not necessary for regulatory compliance. Much of this information bloat is duplicative.
But even where the information in an organization’s increasingly vast stocks has value, much of that value often is quickly eliminated, and that information rarely is accessed again. The proliferation of data analytics has contributed to a “hold on to everything forever” mentality. Yet, having a bigger volume of information alone is not what drives better insights from data analytics. Experts agree that it is data’s quality, not quantity, that makes data analytics most useful. And the problem with retaining all this information that no longer has value is that it does not simply sit idly by — it creates risk and expense, and this risk and expense can become huge over time.
Poor information governance is risky business
Perhaps the greatest risk from poor information governance is increased exposure from a data breach, particularly where personal and proprietary data are duplicated and stored in multiple, ill-defined spaces throughout an organization. No cybersecurity program can be perfect, but already hard-to-manage cybersecurity risks simply get compounded when information is disorganized and redundant.
Another chief vulnerability is the increased legal risk. Understanding your information and keeping it tidy will help prevent valueless information from lingering around just long enough to cause legal headaches, including having potentially damaging but otherwise valueless information becoming the subject of an expensive and distracting legal action.
Further, the cost to continue to accumulate and store unneeded information easily becomes exorbitant. While the cost of storage has and will continue to decline, the growth of information and increasing support costs are far outpacing any storage cost savings. This has resulted in companies spending much more to store and manage information than in years past.
And let’s not forget the toll that shoddy information governance has on productivity. Just ask any knowledge worker how much time they regularly spend searching for information that should be easy to find and the answer probably will be shockingly high.
With these factors in mind, the following provide a few good early steps for reworking information governance into an effective strategy at your organization.
Creating a records inventory — knowing what records live in your organization and where
Not being able to answer the questions “what do we have and where is it located?” makes effectively governing information next to impossible. A records inventory accounts for both physical and electronic records. Conducting a records inventory also is crucial for locating information risks and then developing a strategy for making sure information is stored in appropriate places. Later on, this process can be expanded to include creating a map of all data across your company’s various systems.
Good information governance means having a records retention (and disposition) schedule
A records retention (and disposition) schedule allows you to characterize the different kinds of records in your organization and assign ownership of those records to different units. A records retention schedule further gives your organization consistency with how it disposes of records, which helps ensure that disposition remains legally defensible. This is especially critical in heavily regulated industries such as the finance, pharmaceutical, utilities and health care industries, where numerous and often confusing laws and regulations require retaining different records for sometimes lengthy periods of time. A records retention schedule works best in tandem with a well-thought-out records retention policy to help ensure timely disposition (think making sure those terabytes worth of emails that do not constitute business records are regularly deleted).
Good information governance makes good business sense
As a company leader, if you’ve not yet thought hard about information governance, you’re not alone — the perceived cost and complexity of getting your growing information house in order has caused many companies to continue to pass forward this task. As a result, roughly seven in ten organizations still do not have a data minimization or defensible deletion program. But continuing to ignore information governance risks turning a difficult problem into an intractable one.
As you reshape your company’s approach to information governance, keep in mind that this should not be a one-time project to be completed and forgotten about; rather, good information governance must be an ongoing process that evolves based on the changing information landscape in which we all operate.
And be not afraid of the hard work that comes with beginning an information governance program. This work should not be mistaken for something that will stand in the way of your company’s business objectives — quite the opposite. In addition to helping the bottom line by reducing legal risks and costs, maintaining cybersecurity and minimizing storage fees, keeping your company’s information in order helps posture your business to better focus on expanding that business.
Some final thoughts on information governance
The coronavirus has brought uncertainty and rapid change to the forefront of our lives. Organizations that suffer from information excess and disorganization will be ill-equipped to handle such an environment. The pandemic further has exposed just how key innovation is for companies to survive long into the future. Poor information governance is a surefire way to stifle that innovation. Accordingly, the future belongs to organizations that know how to run “lean and mean” when it comes to governing their information.
Will Fletcher is Legal Counsel at Zasio Enterprises, Inc. in Boise. For more than 30 years, Zasio has been a world leader in records retention software solutions and information governance consulting. This article is for information purposes only, and should not be interpreted as constituting any legal or professional advice.i