Content Management Step 4, Protect that Information


Protecting our information is, in many ways, the trickiest concept in making Information Governance profitable. To many people, it is the same as controlling information. After all, how can you protect information if you don’t control it first?

I have a better question. How can you protect information if you don’t capture and organize it? How can you even control something that you aren’t protecting?

The real problem is that too many organizations blend control and protect into one concept or set of rules. They are distinct and need to be treated as such.

To Protect and Preserve

Control was all about making sure that everyone has access to information unless there were specific business reasons why they should not have access. Protection is making sure that the information is there when it is needed, regardless of access.

This is the “management” part of Records Management. Information needs to be kept according to the agreed upon policies of an organization. This means that people cannot delete information unless certain conditions are met.

That does not mean that people should be told that they cannot delete things. That will just upset them. It just means that efforts should be made to protect information, and the organization, from the best intentions of people.

There are a lot of tricks that can be used, which I won’t go into here, but suffice it to say, the illusion of a delete should exist for people when the information is not being protected due to legal reasons.

Educate but Enforce

The illusion of control and ownership by the people is essential. When people feel that they lose control of information once they put it into a system, they stop putting information into the system unless forced to do so.

What will they keep out? Drafts and early stage information that may not need to be shared yet. That information becomes noticeably missed when that person misses a few days or unexpectedly leaves the organization. It also becomes a knowledge gap when trying to gauge the status of the business.

Don’t we have any draft presentations or proposals? Are people selling? Is the pipeline a lie?

People don’t put anything into the system unless it is delivered. They don’t like not being able to remove “useless” content.

Everyone knows what happens next, even all the final content doesn’t make it into the system. People have worked around the capture stage, not because it was hard, but because they felt they lost control.

Education helps people understand the business value of the information, even if it is just drafts. Education should focus on why information should be captured and organized and how that all provides value to the business. Teach them why they don’t want to delete information.

Then the protection of the information becomes easy.