IT's Time for Information Governance

By Barclay Blair

(Back to article)

In a recent study on information governance, the Economist Intelligence Unit found that the single biggest worldwide challenge to successful adoption of information governance (IG) is the difficulty of identifying its benefits and costs. In other words, the difficulty of understanding and making the case for IG.

Since I will be writing a series of articles on IG, I am going to use my first few columns to help readers address this problem. There is no magic formula, no perfect argument for information governance. But, there are many reasons why IG makes sense today -- and will make even more sense in the future.

Defining IG

IG is a relatively recent term for a set of activities that have been around for a long time. I like the term because it’s simple. It places the emphasis of the activity (i.e., governance) on the thing we want to act on (i.e., information). The simplicity of this phrase, however, belies the complexity of a field that borrows ideas and practices from a variety of specialties and packages them together to address a difficult problem in a holistic manner.

For example, IG is not synonymous with corporate governance, but it incorporates elements of corporate governance (some have called IG “GRC for information” i.e., governance, risk management, and compliance for information). The same goes for information protection, records management, compliance, and so on. Some of the other fields that are part of information governance include: 

So how exactly should we define IG?

The Economist defines IG as the “strategically created enterprise-wide frameworks that define how information is controlled, accessed and used,” and the mechanisms that enforce those frameworks.

AIIM International defines it as “the establishment of enterprise-wide policies and procedures and the execution and enforcement of these to control and manage information as an enterprise resource.”

These definitions are pretty similar and they illustrate two key points:

First, IG is about building a foundation of rules in the form of policies, procedures, practices, etc. that guide information management across an enterprise.

Second, IG requires enforcement in the form of technology and human-focused programs to be successful. IG rules themselves don’t solve any problems and in fact can create problems if they are not properly enforced.

At the highest level, IG is, quite simply, about managing information better.

Telling the IG story

“At first sight, legal compliance would seem to be the major driver for taking better control of emails. However ... ROI from efficiency improvement is a genuine justification.”  -- AIIM Industry Watch: Email Management, The Good, The Bad and The Ugly

To be successful with IG, you must learn to tell the IG story. More correctly, you must learn to tell IG stories as different audiences need to hear different versions of the IG story.

At a large financial services company I worked with for many years, the chief IG evangelist understood this implicitly. I tagged along with her to many meetings and listened to her tell the IG story. There was one story for the lawyers who were going to have to defend the company’s practices in court. There was another story for the corporate chiefs who were going to have to pay for it. And yet another story for the heads of business units and departments who were going to have to live with the IG program everyday in the real world.

In Made to Stick,” Dan and Chip Heath argue that storytelling is a critical skill for anyone wanting their ideas heard, remembered, and acted upon. According to them, “stories have the amazing dual power to simulate and to inspire” because they provide a simple, concrete way for others to understand your ideas.

The ability to tell stories is so important in the IG world because of its complexity and breadth. Despite this complexity, I believe that there are only two basic “plots” to the IG story:

The first is the “faster, better, cheaper” plot. In other words, IG can help organizations make decisions/create products/go to market/etc. faster. It can also make business processes more efficient (i.e., better), and enable the organization to lower the costs of many business processes (i.e., cheaper).

Steve Bailey, author of Managing the Crowd: Rethinking Records Management for the Web 2.0 World convincingly argues in his work that the information management community hasn’t done a good job of putting hard numbers behind the “faster, better, cheaper” story. I agree. Aside from some near-apocryphal statistics that are frequently used, to my knowledge, the economic case has not been universally made.

However, IG professionals can make solid economic arguments that are specific to their organizations. I have helped many of my clients do this. Some arguements have been financially dramatic (increase profit $300 million over 3 years), some strategically profound (competitive advantage in our market for 2 years), and some have been very practical (cut email costs).

The second basic plot of the IG story is “fear, uncertainty, and doubt (FUD).” This story focuses on the risk side of IG. This has been a relatively easy story to tell in the past few years, with many massive business failures, data breaches and high profile court cases tied to IG shortfalls.

A note of caution about this plot: don’t overuse it. Many in the IG field are guilty of over-relying on the “sky is falling” argument to make their point. I have seen too many presentations in too many dimly lit conference rooms where the IG story starts with the same few slides detailing eye-popping court judgments, executives going to jail, and so on. This story can be effective, but it loses is power if it’s overused.

Both IG plots have merit. In fact, a recent survey of the Global 1000 conducted by the Compliance, Governance and Oversight Council found that enterprises expect to “reduce legal risk and enable compliance” as well as “increase IT efficiency and ensure routine data disposal,” as a result of the IG projects they are undertaking now.

Start in the right place

“Organisations become overwhelmed when they start recognising the many risks inherent in information mismanagement. ‘Trying to address them all at once can feel like trying to boil the ocean.’” --“The Future of Enterprise Information Governance,” Economist Intelligence Unit[i]

Some time ago, I had a client with over 10,000 poorly indexed, improperly stored, and nearly undocumented backup tapes. The metaphorical weight of these tapes around the neck of the poor folks trying to implement an IG program at the company was massive. How could they even begin to think about “easy” things like policy development when they had the problem of 10,000 legacy backup tapes to deal with?

Many organizations are in this position. They have so much unmanaged information in their environment that it effectively paralyzes them. It doesn’t have to be this way. In fact, organizations should focus first on building the foundation for their program (policies, procedures, etc), implementing those foundations (tools, training, etc.) and only then cleaning up their environment.

This isn’t the only way to approach IG, but it is a useful framework for organizations that are stuck.

This approach encourages organizations to build the “new world” of their IG program, and then bring old content into that world over time. This is a conceptual model since, in the real world, these things often happen simultaneously, in a different order, and faster or more slowly than we like.

In my next few columns, I’ll be providing several ideas on how you can make the case for IG at your organization. I will focus on the value that managing information can provide, and the way in which it can reduce risk associated with information mismanagement.

Barclay T. Blair is a consultant to Fortune 500 companies, software and hardware vendors, and government institutions, and is an author, speaker, and internationally recognized authority on a broad range information governance issues. He is the founder and principal of ViaLumina Group, Ltd. His blog, http://www.barclaytblair.com, is highly regarded in the information governance community. Barclay is the award-winning author of several books, including Information Nation., and is currently writing Information Governance for Dummies. Barclay is a faculty member of CGOC.