TheSupe87 - Fotolia
As information governance grows more complicated in the digital age, persistent myths continue to cloud how companies approach data management strategy, according to Jeffrey Ritter, Esq. In this two-part Q&A, Ritter seeks to debunk these commonly held myths that he says lead companies to struggle with 21st-century information governance.
In part two, Ritter discusses common misconceptions about data storage costs and information governance training.
Myth #3: Cheap storage costs make information disposition no longer a concern.
Jeffrey Ritter: It comes back to the same concept coming out of the 20th century: store everything, store forever -- we can always find it with search tools. The reality is that whenever we store data today, it has a cost. Even when we outsource to cloud service providers or use other long-term storage methodologies, it still has an expense. As data volumes go up, then by definition the storage costs rise as well. What is making storage even more expensive today is we have to apply these new rules: rules of security, rules of data access and use, rules of distributed storage where the data might be out in the cloud and in multiple countries.
When we look at those storage costs, there is one other hidden expense: If the records are still there and the records are still stored, they may be called upon in investigations or in searches that are conducted to find the truth of historical behavior. Those costs are enormous. Effective information governance should reduce the data being stored, and therefore reduce storage costs and add to the company's wealth. Storing everything forever just doesn't work anymore. Information governance is much more cost-effective.
Myth #4: Information governance has become a buzzword that now requires lawyers to get involved.
Ritter: I can certainly see from the explosion of e-discovery spending that people have that concern. What we are seeing with effective governance is a lot of rules for the systems, devices and security controls that are applied to information. These are not legal rules. The only key development that has seemed to create a sense that lawyers are essential is the concept of having to preserve information that becomes directly relevant to litigation.
The basic rules of retaining records with value have not changed. What is changing is the regulatory interest, both in the United States and in other countries. Regulators want to see the supporting technical documentation that allows them to validate the integrity of the information systems and information itself.
One area where lawyers prove useful to information governance ties back to my earlier point about antiquated data disposal. There is true legal risk involved when getting rid of information that may still have value for pending legal action. It's probably good to have lawyers involved to ensure the deletion processes those companies embrace are, in fact, legally defensible. But most information governance merely requires functional excellence in governing your systems, not legal expertise.
Myth #5: Information governance requires new training costs.
Ritter: One of the truths we often face with any technology, innovation or evolution is the need to train, or retrain, or spend new money so that our employees and our associates can interact with whatever the new digital innovation is. To a certain extent, that's always going to be true.
But information governance itself is not where the driving demand for what we think of as new, conventional training is going to be placed. First, executives need to be trained to understand the returns on investment they can achieve with effective information governance. The lawyers need to be trained to understand that any commercial transaction or relationship concerns information governance issues, whether it's a joint venture, a merger and acquisition, a commercial licensing agreement, or even a real estate transaction or lease. Service providers in the cloud are a third category that needs to be trained because we are asking them as corporations to assume some or all of our rules for governing information.
From the 10,000-foot level, information governance is not driving new training. If it is done well, the automation of information governance processes reduces the need for training every single email account holder. Systems can execute many of the program and application rules so we don't have to rely on training our staff to learn all our policy regulations.
Information governance needs training, but not at the staff level, or the factory floor level. It's with the people that need to change their recognition of information governance's value, and how to integrate that into the distributed ecosystems of commercial and business relationships.
Proven data management strategies still show value
Mobile data management: The essential rules
The missing links of records management compliance