Passive management of electronically stored information is a wasteful, high-risk business decision. What causes information management inertia and how can businesses move toward intentional management of digital data?
Inaction Driver No. 1: Save It—You Never Know!
The digital universe—meaning all the digital data stored on any medium or device anywhere in the world—is increasing at a rate of 8,000 petabytes every day and doubling in size every two years. The vast majority of retained business data has no business value whatsoever. The reality is that most enterprises retain data without assessing its business value because the act of valuing information takes time and enterprisewide coordination and commitment. The path of least resistance is to hoard yesterday, today and tomorrow’s information forever.
Information hoarders will point to the business record from 1995 that made the difference in the 2014 litigation or the seemingly unremarkable but valuable in hindsight customer data that would have been unavailable had the record been subject to routine disposal pursuant to a defensible deletion protocol. In addition, retain-everything advocates argue that data storage is inexpensive and cloud-based options are numerous. In sum, hoarding is touted as a seemingly affordable (albeit if only a temporarily so) approach to information governance that requires little oversight from the enterprise’s management.
Inaction Driver No. 2: It’s Not My (Only) Job
A lack of interdepartmental coordination stymies many an information governance effort. Information technology, legal, records management, compliance, audit, human resources and business units must coordinate to design, build, implement and enforce enterprisewide information governance. Successful information governance efforts require exquisite coordination and, as a result, cannot be one department or one person’s responsibility. Similarly, it is a challenge for management to demand accountability from business units that are primarily responsible for increasing revenue though they are also critical participants in the design, implementation and enforcement of the information management initiative. The “it’s not my (only) job†outlook causes siloed decision-making and risks information management’s success.
Inaction Driver No. 3: What Is Information Risk?
Not all enterprises agree that information risk is a threat to financial security, reputation and legal/regulatory compliance. Commonly identified information risks are potential and the predictable “not us†reaction to data loss and data breach is all too common. To further complicate matters, the information governance effort is admittedly complex and, as a result, many enterprises make a decision to react only if/when an actual data loss or breach occurs.
Action Driver No. 1: The Business Case for Information Management
The simple fact is that risk does not motivate the c-suite to embark on an information governance effort. Instead of pointing to potential security breaches and future data loss, information governance leaders should focus on the dollars-and-cents return on an information governance investment. In other words, demonstrating bottom-line savings is more likely to result in sponsorship of the information governance effort.
Information governance leadership should begin a conversation with enterprise leadership along these lines:
First, it is critical that we reduce our data spend, the path we are on is unsustainable, even wasteful. Data spends are exponentially increasing each year, this is a fact. Our data and IT expenses are a function of the amount of enterprise data, applications, hardware, etc. By choosing to do nothing, we increase our annual storage procurement costs, which necessarily increases storage management staff expenses and server and software costs. We should undertake immediate efforts to halve our storage data infrastructure costs by implementing a defensible disposable initiative. By disposing of information without business value, we can redirect resources to a disaster recovery and business continuity plan.
Second, without information governance, our litigation budget will necessarily increase as, not surprisingly, this expense is largely a function of our retained information volume. Establishing enterprisewide disposal protocol will decrease information volume subject to preservation, collection, review and production.
Finally, legal and compliance risks are not off lurking in the distance. I fear that in the implementation of our legal holds and litigation data collections, potentially relevant information is overlooked, modified or deleted. Similarly, we would be hard-pressed to demonstrate compliance with regulatory record-keeping obligations. The risk of sanctions, penalties and judgments is real.
By first focusing on bottom-line savings, it is more likely the enterprise will take the critical first step, namely, commissioning of an information governance task force to consider how the enterprise currently creates, receives and stores its information. Equipped with that knowledge of the enterprise’s current information life cycle, the task force can then undertake the design, implementation and enforcement of a comprehensive information governance strategy.
Without information governance, enterprises will falter under the weight of their own information. Beginning an information governance effort by focusing management’s attention on future risks has proved not to be an effective method of obtaining approval of the effort. By instead focusing on information mismanagement’s here-and-now cost and the immediate return on the information governance investment, new information governance efforts are more likely to succeed.
Susan M. Usatine is a member of the Litigation Department at Cole, Schotz, Meisel, Forman & Leonard and is the founder and cochairwoman of the firm’s Information Governance Practice Group and Discovery Services Practice Group. Email: [email protected].