The challenges associated with managing data have multiplied by previously unfathomable degrees in recent years. Prior to the adoption of computers and mobile devices, physical records were the only form of data most organizations dedicated any resources toward organizing. With more legislative attention to data privacy and enacted compliance regulations, such as the Data Protection Directive (EU, 1995), Health Insurance Portability and Accountability Act/The Health Information Technology for Economic and Clinical Health Act (US, 1996) and Sarbanes-Oxley Act (US, 2002), there were stringent standards organizations must meet or be subject to fines and other penalties.
A common view of data asserts that physical and digital assets are two very distinct entities, but in terms of compliance and business continuity, the two formats should be considered equally valuable. Why? The laws that govern the management of physical records and digital data are the same, so the real “data distinction” should be whether it is managed or unmanaged, regardless of format. That said, most unmanaged data rests on the digital side for two very clear reasons.
First, understanding and adhering to privacy and data compliance regulations is a relatively new job description for information technology (IT) managers. Secondly, digital data is expanding at a rate that outpaces the speed at which IT practitioners are becoming compliance experts. As a result, information governance (IG) practices pertaining to digital data are still largely undefined and difficult to enforce.
Perhaps the most perplexing and pressing challenge related to IG is governing unstructured data, which is not found within an organized database. Unstructured data typically includes Word documents, PowerPoint presentations, Portable Document Formats (PDFs), media text files, emails, audio files and images. According to reports from IDG and Gartner, unstructured data is growing at a rate of 62% per year, and by 2022, 93% of digital data will be unstructured. Further complicating the issue is that this data is often created and saved over a multitude of repositories, like enterprise content management (ECM) systems, shared drives, desktops, cloud environments, etc.
"Information governance is the specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.”
Information governance policies are still trying to catch up with unstructured data in many companies, and creating effective policies requires the three groups responsible for IG strategy—records managers, IT and legal—to come to the same table and create rules and processes that reduce, classify and organize it in a manner that easily integrates into the workflow of business users. Accomplishing this goal will promote easier buy-in and create an organizational culture with IG adherence in its DNA.
Understanding unstructured data’s impact on information governance
The goal of information governance is to prevent organizational assets from becoming a risk through lack of compliance, resulting in legal fees and other burdens. According to Gartner, IG is “the specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.”
In short, information governance is the process for better managing information–in both physical and digital forms–through its entire life cycle, which is no easy task when examining how quickly information expands today. Consider this: as much information is created every two days than was created from the dawn of civilization through 2003, according to Google’s Eric Schmidt. Add to the mix that so much of this data is unstructured that isn’t properly classified or secured, and you have a ticking time bomb of risk inside your database.
With most businesses’ data doubling almost every two years, and much of it being created in a multitude of repositories, it is exponentially more difficult for organizations to properly govern information. About 90% of information created and used by an organization is unstructured data, according to IDC. The vast amount of unstructured data makes it even more challenging to keep up with compliance regulations. The nature of unstructured data makes it difficult to structure and categorize the information to logically apply rules.
As the recent Sony data breach illustrated, organizations are often unaware of where sensitive data resides and are putting themselves at risk by having no effective structure to find them. Unstructured data is also expensive. In 2011, the Ponemon Institute identified “an average cost of $2.1 million per year to organizations who fail to properly manage their corporate intellectual capital.”
Typically, business users are asked to categorize unstructured data themselves. This exercise results in varied accuracy and prompts the need for a smarter, better way to start the structuring process. Because the same rules apply to both digital and physical records, there is an opportunity for different groups–each experienced in information management–to combine approaches to implement governance.
IG initiatives with the business user in mind
Business users and C-level both desire efficiency and productivity, so it is critical that IG implementations impacting unstructured data do not make everyday tasks more cumbersome or they run the risk of being ignored. Very often, employees will find a work-around that allows them to do what they need to do in a way that does not disrupt workflow. Initiatives also need to incorporate input from those who will be responsible for the early stages of data management.
1. Make the process simple and intuitive.
The goal is to increase the probability of IG success, and creating applications that are simple and quick to implement is key. Upfront metadata encoding is a perfect example of how organizations can manage data without compromising efficiency. When creating a new document, it is critical to embed data regarding its purpose, location and life cycle. Systems that allow business users to input that information in an easy, intuitive manner—through simple drop-downs, for example—will ensure that other stakeholders have the necessary information to determine where data is and when it needs to be removed.
2. Offer email alternatives.
Emails represent the most challenging form of unstructured data, as they often contain critical information that is back and forth and take up sizable storage space. Instant message tools, for example, can give business users an even quicker way to getting information they need, while drastically reducing internal emails. File, synch and share systems, with enterprise-grade security, allow business users to securely collaborate without sending large files via email.
3. Better communicate data policies
3. Better communicate data policies
Very often, business users may inadvertently contribute to the mismanagement of data for fear of making a mistake. For example, legal matters require organizations to put a hold on deleting emails or other files that contain information relating to a current or pending case. Because of the consequences business users face for accidentally deleting a piece of discovery, they are more likely to stop deleting emails altogether. Further, the end of legal holds are often not communicated to employees who continue to retain almost all emails. With better communication and defined parameters about legal holds, the amount of saved emails can be reduced.
4. Request and incorporate input.
One of the best ways to get voluntary buy-in for IG policies from business users is to gain input from those creating unstructured data. Get a better understanding of why they create, file, delete/not delete data. Examine the pros and cons of potential processes, and create an environment where supporting IG is part of the corporate DNA. Not all rules can be created with every need in mind, but if employees don’t feel like they’re a part of the process or that rules are created without their day-to-day in mind, IG plans simply will not succeed.
The future of unstructured data
Information governance’s role will become more critical as the expansion of data continues. Likewise, there is no reason to believe that global and industry-based privacy laws will become less prevalent any time soon. The costs associated with lax IG practices (fines, legal costs, loss of business, etc.) will only continue to increase.
In the age of Big Data, the need to wrangle, measure and make sense of information is critical for businesses to gain a competitive advantage. In a 2012 Forrester study, 70% of respondents said that Big Data is or will be a collaborative effort between business and IT. Emerging technologies make it easier for IT departments to quickly and efficiently manage data in all its forms. Working with records managers and legal departments, IT can have the information necessary to create processes that manage information instead of simply storing it.
Rob Hamilton is the global vice president of information governance and records. He joined the Brambles family of companies in 1998, when he accepted a role in customer service for CHEP, Recall’s sister company. He joined the Recall team in 2009 as global director of contract compliance. Mr. Hamilton is an international business leader who has worked in China. He holds a MBA from Pepperdine University’s Graziadio School of Business and Management in leadership and managing organizational change and an undergraduate degree in marketing from Miami University’s Farmer School of Business. Follow Recall on Twitter @recallholdings.