Information management and privacy haven’t historically been aligned. Managing information through its life cycle—from creation through sharing and collaborating, to disposition—hasn’t been something privacy professionals (and the information security function in general) have cared about. They’ve tended to be more concerned with preventing bad actors, both internal and external, from gaining access to sensitive content and taking it outside the organization.
In the last few years, however, due in part to high-profile breaches at Target, Home Depot, Premera, Anthem, Sony, and others, privacy and information security functions have realized that the question of a breach isn’t a matter of if but when, i.e., no matter how much effort they expend on hardening their firewalls and endpoint protection, bad guys are going to get in and internal employees are going to (intentionally or not) take corporate information outside of the firewall. So, their focus has begun to shift to address the state of their corporate information, determining how much junk, stale, and sensitive data they have and how they can reduce it to more easily protect relevant, operationally needed data.
Solving the Information Management ProblemIn doing so, privacy and information security move into what has traditionally been the scope of information management, but where information management has failed in the past, these functions have some advantages, making it likely that they can succeed in solving the information management problem.
First, they have C-level visibility. The costs of a breach are significant and top of mind for leadership at nearly every organization. When a breach happens and sensitive data for millions of customers gets out, heads will roll. At the very least, these executives will have to explain to the Department of Justice, state legislatures, the Federal Trade Administration, or other bodies just why they mismanaged their customer data so poorly. At worst, they face fines and jail time. So, it’s no surprise that they’re highly motivated to solve the problem.
"Privacy and information security hold out the possibility to solve the information management problem—once and for all."
Second, unlike information management, the privacy and information security functions have money. No organizations are reducing their budgets or keeping them flat. After all, when a breach happens, they don’t want to admit that they skimped on security. So, the question isn’t, "Do we have the money to address information management risk?" It’s, "How can we best spend the money we already have?"
Finally, the technology available to address information management risk has matured greatly in the last few years. Through a combination of reliable text analytics and security and access tools, there are a range of software platforms that can help organizations assess their information management risk and, based on this assessment, remediate it. While these tools won’t get an organization to 100% certainty, it can get them 80% of the way there, with minimal human intervention—and certainly without having each end user go through all their documents to determine what to keep and what to purge or having a security analyst go through every folder on shared drives to determine whether the security and access is correct and then fix those that aren’t.
The New Age of Information SecurityInformation management has been a concern for most organizations for more than 15 years now, and despite their best efforts (and often millions of dollars spent to address it), most companies have failed. The information technology (IT), records management, legal, and compliance functions have all tried at one time or another to solve the information management problem; for the most part, they haven’t made much progress. Yet, privacy and information security, for the reasons outlined above, hold out the possibility to solve the information management problem—once and for all. If they do, the result will be beneficial for their organizations and for the customers who’ve entrusted them with stewardship of their information.
With this trend in view, we’ve evolved the Information Management tracks of the DOCUMENT Strategy Forum to include not only world-class information management practitioners but information security and privacy practitioners as well. We’re excited to bring together real-world end users from both disciplines to foster substantive dialogue that will give you tangible, actionable takeaways for addressing information management risk at your organization. We hope you’ll join us in Chicago this May for a great event!
Don’t miss Joe's exclusive Keynote, "The Changing Landscape of Information Management – The Top Trends in 2017 and Beyond," at DSF ’17, May 1-3, 2017 in Downtown Chicago.
Joe Shepley brings more than 20 years of operational and technology experience to his consulting engagements at Doculabs, where he helps organizations get strategic around how they manage their information assets. He also currently serves as the Conference Chair of Information Management for the DOCUMENT Strategy Forum. To contact him, visit www.doculabs.com or follow him on Twitter @joeshepley.