governing the chaos
TRANSCRIPT
The Convergence of
IT, Legal and Records Managers to
Address Unstructured Data
GOVERNING THE CHAOS
The challenges associated with managing data have multiplied by previously-
unfathomable degrees in recent years. Prior to the ubiquitous utilization of
computers and mobile devices, physical records were the only form of data most
organizations dedicated any resources toward organizing. With more legislative
attention to data privacy and enacted compliance regulations, such as the Data
Protection Directive (EU, 1995), HIPAA/HITECH (U.S., 1996) and Sarbanes-
Oxley (U.S., 2002), there were stringent standards organizations must meet or
be subject to fines and other penalties.
A common view of data asserts
that physical and digital assets are
two very distinct entities, but in
terms of compliance and business
continuity, the two formats should
be considered equally valuable.
Why? The laws that govern the
management of physical records
and digital data are the same, so
the real “data distinction” should be
whether it is managed or
unmanaged, irrespective of format.
That said, most unmanaged data
rests on the digital side for two
very clear reasons.
Today, organizations of all
kinds must adhere to
numerous compliance
regulations across industries
and around the world when
managing both physical and
digital data.
First, understanding and adhering to privacy and data compliance
regulations is a relatively new job description for IT managers. Secondly,
digital data is expanding at a rate that outpaces the speed at which IT
practitioners are becoming compliance experts… As a result, Information
Governance (IG) practices pertaining to digital data are still largely
undefined and difficult to enforce.
The rate of unstructured data
growth per year:
62%
Perhaps the most perplexing and pressing challenge related to IG is
governing unstructured data, which is not found within an organized
database. Unstructured data typically includes Word documents,
PowerPoint presentations, PDFs, media text files, emails, audio files and
images. According to reports from IDG and Gartner, unstructured data is
growing at a rate of 62 percent per year, and by 2022, 93 percent of digital
data will be unstructured.
Information Governance policies are still trying to catch up with unstructured
data in many companies, and creating effective policies requires the three
groups responsible for IG strategy—records managers, IT and legal—to come
to the same table and create rules and processes that reduce, classify and
organize it in a manner that easily integrates into the workflow of business
users. Accomplishing this goal will promote easier buy-in and create an
organizational culture with IG adherence in its DNA.
Further complicating the issue is that this data is often created and saved over a
multitude of repositories like ECM systems, shared drives, desktops, cloud
environments, etc.
Records
ManagersLegalI.T.
Understanding the Policy Makers
Records managers, IT and legal perform very different functions and approach
data management with distinct priorities, based on how that data impacts their
department. For Information Governance cooperation between the three to succeed, it is important to better understand each other’s point of view.
Records ManagersPartly due to the changes in the nature of records
themselves, the traditional role of a records manager
(RM) has changed dramatically in recent years. No
longer are RMs admins who reside solely over paper
documents. Instead, they are well-versed in the
intersection of physical and digital data, and their
expertise is vital in creating IG initiatives because the
same rules and regulations apply to both. IT
professionals don’t often have a “rules and regulations”
background, so records managers can offer critical
insight into more effective governance over all data.
IT departments are faced with a universal dilemma: space and security.
Given the expanse of data, it’s no surprise that companies are strapped for
storage. Further, unstructured data has limited rules around classification,
Beyond the space requirements, holding on to unnecessary
information poses a greater security risk. All companies are
open to potential security breaches and the possibility of
sensitive information being leaked or stolen. Limiting the
amount of content that can be hacked through proper IG can
minimize the impact if a breach were to occur.
I.T. Practitioners
storage and retention, so IT practitioners would
rather purchase more space than to accidentally
clear out swaths of data that could place the
organization out of compliance. While cloud storage is
relatively inexpensive, the savings are quickly
overcome by the increased amount of data they need
to store. Because IT is concerned with deleting the
wrong data, documents that have outlived their
usefulness remain on the system, serving no other
purpose than taking up valuable space. Additionally,
retaining certain types of data beyond their legal hold
can also place organizations outside of compliance.
The ever-expanding and often complicated nature of
compliance regulations and global consumer privacy laws
have required organizations that weren’t concerned about
data management to make it a priority. As a result, the
relationship between legal and RMs—and now IT—has
Legal
become a necessity to avoid fines,
lawsuits and inefficiencies. It is their
responsibility to be aware of current
compliance regulations and keep an eye
out for new laws that could impact
data management. Legal is also
required to track information for
discovery and e-discovery purposes.
Retaining unnecessary information
opens up documents to more legal holds
and contributes to the problem of
needing more space to store the
information should it become necessary
for a trial.
Bringing Information Experts Together
Records managers, IT and legal perform The old theory was that once a record
was created, it could never be changed; today, the only constant around data is
change. In the digital world, documents can be resaved and transported easily and
quickly. New regulations are continuously emerging and existing ones are
frequently amended, making compliance increasingly challenging. With so many
moving parts, information experts must work together and speak the same
language to achieve the common goal of successful Information Governance.
different functions and approach data management with distinct priorities, based on
how that data impacts their department. For Information Governance cooperation
between the three to succeed, it is important to better understand each other’s
point of view.
Records managers, IT and legal all have a
stake in the outcome of better governing
information for an organization. Each is
experienced in managing data and
information, but approaches it from a
different point of view. The collaboration of
these three groups is the best way to solve
the unstructured data challenge.
With so many
moving parts,
information experts
must work together
What Each Role Brings to the Table
Records managers are expertly aware of the damaging impact
mismanaged data can have on the business. Because records
managers understand the importance of security and
infrastructure that IT practitioners value and are fluent in legal
issues, such as compliance and discovery, they are the most
qualified to bring IT and legal into the IG discussion.
When collaborating on IG strategies, IT can offer critical insight
into storage capacity, how to best protect data and the impact
unstructured data can have on security and infrastructure cost.
Perhaps the most important bit of information IT can assist with is
determining which departments are creating the most
unstructured data and help determine ways to proactively reduce
that amount.
In creating new IG initiatives, the legal department is best suited
to impact rules and processes by offering guidance based on
what may or may not put an organization outside of compliance.
Additionally, their expertise is crucial in determining which IG
strategies require an update. As mentioned, laws change and
new laws are introduced, and being ahead of new regulations that
impact how data is managed is key to avoiding non-compliance.
Understanding Unstructured Data’s Impact on Information Governance
The goal of Information Governance is to prevent
organizational assets from becoming a risk through lack of
compliance, resulting in legal fees and other burdens.
According to Gartner, IG is “the specification of decision rights
and an accountability framework to encourage desirable
behavior in the valuation, creation, storage, use, archival and
deletion of information. It includes the processes, roles,
standards and metrics that ensure the effective and efficient
use of information in enabling an organization to achieve its
goals.”
In short, Information Governance is the process for better
managing information – in both physical and digital forms –
through its entire lifecycle, which is no easy task, when
examining how quickly information expands today. Consider
this: as much information is created every two days than was
created from the dawn of civilization through 2003, according
to Google’s Eric Schmidt. Add to the mix that so much of this
data is unstructured that isn’t properly classified or secured,
and you have a ticking time bomb of risk inside your database.
valuation
creation
storage
use
archival
deletion
Impact of Unstructured Data
With most businesses’ data doubling almost every two years, and
much of it being created in a multitude of repositories, it is exponentially
more difficult for organizations to properly govern information. About 90
percent of information created and used by an organization is
unstructured data, according to IDC. The vast amount of unstructured
data makes it even more challenging to keep up with compliance
regulations. The nature of unstructured data makes it is difficult to
structure and categorize the information to logically apply rules.
As the recent Sony data breach illustrated, organizations are often
unaware of where sensitive data resides, and are putting themselves at
risk by having no effective structure to find them. Unstructured data is
also expensive. In 2011, the Ponemon Institute identified “an average
cost of $2.1 million per year to organizations who fail to properly
manage their corporate intellectual capital.”
Typically, business users are asked to categorize unstructured data
themselves. This exercise results in varied accuracy and prompts the
need for a smarter, better way to start the structuring process. Because
the same rules apply to both digital and physical records, there is an
opportunity for different groups – each experienced in information
management – to combine approaches to implement governance.
IG Initiatives with the Business User in Mind
Business users and C-Level both desire efficiency and productivity, so it is critical
that IG implementations impacting unstructured data do not make everyday
tasks more cumbersome or they run the risk of being ignored. Very often,
employees will find a work-around that allows them to do what they need to do in
a way that does not disrupt workflow. Initiatives also need to incorporate input
from those who will be responsible for the early stages of data management.
1
document, it is critical to embed data regarding its purpose, location and
lifecycle. Systems that allow business users to input that information in an easy,
intuitive manner—through simple drop-downs, for example—will ensure that
other stakeholders have the necessary information to determine where data is
and when it needs to be removed.
Make the Process Simple and Intuitive
The goal is to increase the probability of IG success, and creating
applications that are simple and quick to implement is key. Upfront
metadata encoding is a perfect example of how organizations can
manage data without compromising efficiency. When creating a new \
2
3
Offer Email Alternatives
Emails represent the most challenging form of unstructured data,
as they often contain critical information that is back and forth and
take up sizable storage space. Instant message tools, for
example, can give business users an even quicker way to getting
information they need, while drastically reducing internal emails.
File, synch and share systems, with enterprise grade security,
allow business users to securely collaborate without sending large
files via email.
Better Communicate Data Policies
Very often, business users may inadvertently contribute to the
mismanagement of data for fear of making a mistake. For
example, legal matters require organizations to put a hold on
deleting emails or other files that contain information relating to a
current or pending case. Because of the consequences business
users face for accidentally deleting a piece of discovery, they are
more likely to stop deleting emails altogether. Further, the end of
legal holds are often not communicated to employees who
continue to retain almost all emails. With better communication
and defined parameters about legal holds, the amount of saved
emails can be reduced.
4
Request and Incorporate Input
One of the best ways to get voluntary buy-in for IG policies from
business users is to gain input from those creating unstructured
data. Get a better understanding of why they create, file,
delete/not delete data. Examine the pros and cons of potential
processes, and create an environment where supporting IG is part
of the corporate DNA. Not all rules can be created with every
need in mind, but if employees don’t feel like they’re a part of the
process or that rules are created without their day-to-day in mind,
IG plans simply will not succeed.
The expanse of unstructured
data continues with no sign of
stopping, and forward-thinking
organizations are pooling the
expertise of records managers,
IT and legal to institute IG
initiatives that are not only
supported by business users,
but are maintained with very little
additional effort.
Future of Unstructured Data
In the age of Big Data, the need to wrangle, measure and make sense of
information is critical for businesses to gain a competitive advantage. In
a 2012 Forrester study, 70 percent of respondents said that Big Data is
or will be a collaborative effort between business and IT. Emerging
technologies make it easier for IT departments to quickly and efficiently
manage data in all its forms. Working with records managers and legal
departments, IT can have the information necessary to create processes
that manage information instead of simply storing it.
Information Governance’s role will become more critical as the
expansion of data continues. Likewise, there is no reason to believe that
global and industry-based privacy laws will become less prevalent any
time soon. The costs associated with lax IG practices (fines, legal costs,
loss of business, etc.) will only continue to increase.
The task of managing and governing unstructured data will
grow more complicated for organizations of all sizes and
industries. Businesses that bring all three information expert
groups together – records managers, IT and legal
departments – and create an environment that promotes
collaboration between them will have greater success in
creating and implementing effective governance strategies.
To learn how Recall can help solve your Information Governance challenges
CLICK HERE