What was Old is New (Again)… or How Information Governance is Bringing Sexy Back
IGRM Revisited
Two years ago I asked folks from Big 4, cutting edge technologists, staffing mavens and fellow eDiscovery Geeks “What’s next in eDiscovery?“ in 2014 and beyond. The usual suspects kept cropping up – Big Data, technology-leveraged solutions, TAR, BYOD, social media. But, when I took a step further back, envisioning 3, 5 years of evolution one thing stuck out in my mind above all else, Information Governance writ large.
The big picture, in my mind, goes well beyond merely eDiscovery. In the next few years, there will be a unified approach to information management that is not siloed but rather fluidly constructed to manage information proactively, in real-time and reactively across cyber security, eDiscovery, operational and business needs. These multi-disciplinary structures, policies, procedures, processes and controls will be implemented to manage information at an enterprise level, supporting an organization’s immediate and future regulatory, legal, risk, environmental and operational requirements.
At LTNY 2015, I attended several panels where this vision was not only discussed but expanded upon. The need for a Chief Information Governance Officer (CIGO) was debated about at length and Jason Baron had this to say:
“I think the moment has come for one of two things. A designated head of info governance as a sub-function of legal … or a fully mature model where you have a C-suite person who stands as a peer of the CIO of an organization.”
Information Governance was the “belle of the ball” this year, much as Predictive coding, Big Data and the ever present specter of Social media were in previous years. However, a clear concise explanation of what the heck people meant by Information Governance was notably lacking. In a Panel entitled “Information Governance – 2020” Alison North of ARMA summed it up nicely, Big Data and Security are the 2 key components. Corporations are racing to monetize every last bit of data for profit, competitive advantage, and cost-justification of their huge IT investments on the one hand and scrambling to mitigate the exponential cost (both monetary and reputational risk) of security breaches. The Sony Data breech and an $80 Million record breach announced by Anthem just that morning hammered home the cost of poor IG with regards to Personally Identifiable Information (PII) in particular. The latter case is especially egregious in that the records contained names, birthdays and Social Security numbers of countless children who are now at risk of identity theft.
Tim Rohrbaugh, chief experience officer at Identity Guard, calls the Anthem breach “catastrophic”
“Every terrible outcome that can occur as the result of an identity theft will happen to the children who were on that database.”
Information Governance Writ Large
Gartner Inc., defines information governance (IG) as the specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals. For IBM, information governance is a holistic approach to managing and leveraging information for business benefits and encompasses information quality, information protection and information life cycle management.
In essence, information government is the superset encompassing eDiscovery, access controls, cyber security, privacy compliance and the overall architecture for a corporation or government entity’s data. Information governance was given national recognition in November, 2011 with a directive from President Obama to overhaul current records management processes within the government to encompass current needs more comprehensively, this top down support will further advance the integrated view of true IG
The New Vision Integrated IG
In order to support Information Governance (IG) in the widest possible sense, practitioners across all the disciplines that IG touches, need to step back and look at the bigger picture, where there is a deep interconnection between the information access and control needs of an organization.
A Broader View of Information Governance, the EDRM and Cyber
Copyright Cat Casey 2013
Many companies have taken the first step in this transformation comes with re-envisioning how we model the processes associated with reactive information management. The protocols and tools used to proactively and in real-time manage data are unified under one set of controls or series of control within most organizations. However as soon as there is an incident, legal hold, compliance issue, independent experts in cyber, eDiscovery and or audit experts are called in and begin to manage the data without regard for the other future needs associated with the data. Companies and providers alike understand the integration of data throughout the organization and the need to look holistically at the IG. Service providers with solutions along the full spectrum of IG needs will dominate the market and much like the current end-to-end discovery solution providers, provide a seamless approach to all possible IG needs.
There needs to be an ongoing dialogue between internal IT resources and the providers of services that fall under the IG umbrella, and the adversarial relationship between the two in many instances will need to be ameliorated. That being said the forward progress over the last two years towards a collaborative approach to all aspects of data management is a welcomed improvement.
Interesting Graphic on IG
By: Cat Casey, CEDS
Cat Casey
Director KPMG
eDiscovery Cat 