Executing on Information Governance

I had the pleasure of attending the Information Governance Exchange in Washington, DC last week. It was a different conference from many that I have attended in the past. Attended by senior people that own Information Governance at their organizations, there were a lot of discussions about how to execute strategies to making Information Governance work.

This was not theory, it was hard advice and grounded discussions. In fact, it was the most BS free Information Governance event I had ever attended.

In addition to business owners, regulators were present, talking about what they are looking for when they request information. What sets off trigger alarms for them and what is going to lead to a ‘smooth’ discovery process. That in itself was very insightful and made the conference worthwhile.

The panels were the best part as it allowed experts to talk about what they were doing and avoid generic, word-heavy, presentations that would have fit in at a conference 10 years ago.

Key lessons from the week included:

  • Be Transparent: Talk to regulators. If delivering the requested information is going to be challenging, share why and explain early in the process. The more specific you are, the more likely they are to be understanding.
  • Make eDiscovery a Process: Get a project manager and process experts on your eDiscovery team and make it a defined, repeatable, process. I met a lot of Six Sigma Black Belts last week who were not afraid of responding to their next discovery request.
  • Technology is not Absolute: The key is to have a consistent approach regardless of the technology that is used. If your technologies cannot do everything, make sure that you have mitigating manual policies that are well documented and followed.
  • Security is a Concern: There were a lot of security executives there worried about the security capabilities of cloud vendors. This was not normal bias, but a view towards specific requirements that were not supported by the cloud vendors. None of the security people I talked to thought that the cloud was inherently less secure, just less mature in their feature set. They were also worried about vulnerabilities as a whole. Home Depot and Target were mentioned multiple times.
  • The Past is a Burden: There was some talk about using Information Governance to add value, but that was minimal. Most of the talk was about saving storage costs, responding to discovery requests, and controlling information.

Adding value to the Information Governance discussion is a goal of many in the industry. Being able to demonstrate value can move the needle in adoption in more organizations. There are many approaches to how this can be done, from tech to education.

The real answer, like it is for so many questions, is both. Technology that is easier to use, helps people do their job, increasing adoption. Increased adoption means more information captured that can be properly governed. The perceived value from the applications also makes people more open to understanding the need to control information in a manner that is balanced with the people’s needs.

We are hitting a tipping point in Information Governance. I would say that we are in danger of not pushing through to the other side, but recent announcements have made me realized that we are going to solve this soon.

That is a post for another day.