At first glance, information governance may seem like just another buzzword phrase, competing for attention in...
the vast landscape of similar terms covering similar topics. If information is data, how does information governance differ from data governance? And where do information management, enterprise information management (EIM), enterprise content management (ECM), knowledge management (KM), e-discovery, governance, risk and compliance (GRC), records management, IT governance and master data management (MDM) enter the information governance picture?
In practical use, information governance is somewhat of an umbrella term, covering multiple elements of related data and governance disciplines. It starts from a perspective of controlling information-related risk in an enterprise, beginning with structured data (data in databases) and extending to unstructured information governance (documents, email, instant messages, images). In short, information governance looks at the larger issue of governing all types of corporate content.
To cover that broad swath of content, an information governance framework must extend beyond hardware and software into management policies, procedures and decision rights that shape how an organization creates, uses, stores and deletes information – all the while minimizing legal and regulatory risk.
In short, any definition of information governance ends up becoming the sum of many, sometimes seemingly incongruent, elements of information management.
“The worlds of data governance and content governance are not at all aligned,” said Rob Karel, principal analyst for data management at Forrester Research Inc. “How do people access data when they are trying to answer a question through reporting or business intelligence? They ask a very structured question and they get the right answer.
“Now, how do people access information with content? They go do a search and they get 100,000 potential answers and they are OK with that, flipping through it until they find the answer for them. There are very different cultures in how these kinds of information are managed,” Karel added.
Functional data like customer data, product data or financial data is very structured and process-centric.
“Data, by definition, is already being governed by the physical structure that it is in,” Karel said. “With unstructured, anyone with a laptop can create new content. So governing it – it’s a different set of stakeholders, and it requires a different set of competencies, so spanning across both may result in biting off more than you can chew.”
Drivers not lacking for an information governance framework
There are lots of drivers for information governance initiatives, according to Jill Dyche, a partner and co-founder of Baseline Consulting Group Inc.
“Many of them are normal company evolution issues like risk management, compliance, revenue management, and policy-making around customer information,” she said. “Many are also industry-specific, like state reporting in the pharmaceutical industry or an enterprise master patient index in health care.”
Meanwhile, understanding the processes for decision-making and oversight around corporate data is becoming a C-level and board-level mandate.
A number of factors have contributed to the rise in information governance initiatives, said Debra Logan, an enterprise information management and governance analyst at Gartner Inc. While IT has faced increasing storage requirements the solutions has been buying more drive space. Additionally, in highly regulated industries, compliance mandates led to archiving systems, followed by the rise of e-discovery laws and the recent global recession.
As costs and complexity mounted for compliance, regulation and e-discovery people began to realize they had neglected the information governance process.
“People were never deleting anything, taking care of email, or teaching people how to use things, and nobody was in charge of information except IT, and IT was basically just in charge of the physical infrastructure, not how the business uses information,” Logan said. “Now in the regulated industries, you’ve got a lot of legal focus, risk focus and privacy compliance issues that have really brought information governance into focus – people are now starting to see it as a larger problem and not just IT’s problem.”
Legal costs associated with e-discovery have been one of the biggest drivers.
“You see judges having almost zero-tolerance policies about organizations being ignorant about their duties,” said Barry Murphy, an information governance consultant and CEO of the online publication eDiscovery Journal. “For many organizations, it’s because of issues like e-discovery that they are putting information governance on the fast track.”
Expanding vision helps fuel information governance push
The big push for information governance isn’t all focused on reducing risk and deleting content to save on storage costs – some CEOs are looking ahead.
CEOs surveyed by Gartner indicated that IT is going to be more important in the next decade because they’re making a strategic push to unlock the value of information in the enterprise. That demands data quality, data governance and ultimately an overall information governance strategy, said Anne Lapkin, another Gartner analyst.
“Technology only plays a small part. So you can have a policy engine, but it won’t write the policies for you. The point of your governance process is to ensure that the right decisions are being made around how your information is captured and the quality is maintained,” Lapkin said. “So anyone who talks about information governance is really talking about information management overall, which is essentially the way you make decisions about information.”
Better information management might enable enterprises to better understand their customers. For example, Lapkin said, insurance companies have big data-quality problems.
“Your insurance company doesn’t know that the life insurance policy and the three car policies and the summer home and boat policy is owned by the same person because they have tended to be very product-centric with each type of policy having its own underwriting and systems,” she said. “For insurance companies to pull together a consistent view of their customer and who you are in terms of their relationship to you is very difficult.”
With consistent customer information, an insurance company should be able to more easily sell additional policies to customers or create entirely new policies.
Management challenges abound within an information governance framework
“Enterprises can’t even decide who is responsible for data,” Logan said. “Who gets to give the go-ahead to delete things? People are asking, ‘Do we need to save instant messages? For how long?’ Lawyers refuse to make decisions. . . . So who takes responsibility and who doesn’t? ‘Why can’t we just search this stuff and put it in nice buckets?’ People don’t really understand the semantic issues, so there’s no easy technology solution.”
Businesses are hungry for answers to these sorts of questions, but even when an information governance policy calls for data to be deleted, new challenges arise.
“People are shocked to learn that they can’t retire systems, that although they put in a new ERP system, they may still have some legacy data and need to have the code to continue running it,” Logan said.
Still, there are methods to tackling information governance. It’s not an impossible task, and there are answers.
What about saving instant messages?
“Our advice is simple,” Logan said. “Don’t.”
Chris Maxcer is a freelance writer.