Proven information governance strategy still useful in the digital age

As the digital age forces businesses to consider new information governance investments, Jeffrey Ritter warns against ignoring established techniques.

During the last decade, the costs associated with managing digital records required for business analysis, regulatory compliance or as evidence in litigation have skyrocketed. For many companies, these expenses exposed some enormous shortfalls in records management investment.

The burden associated with these costs rallied new information governance strategy spending, and vendors responded. Technologies such as enterprise content management systems and data forensic solutions emerged to empower executives with tools that enable full governance of a company's digital information assets.

But in the enthusiasm to embrace new technologies, companies neglect 20th century records management techniques that remain essential. Of course there are old practices that must be thrown out, but new technology only thrives when deployed in an environment that supports it. As companies accelerate their information governance transition, here are four important strategies that should continue.

Make the business case

Information governance strategy champions should always emphasize how they contribute to a company's wealth creation, such as these faster and more efficient tasks:

Note that none of these benefits include the traditional information governance selling points such as compliance or litigation cost reduction. Instead, they focus on how governed information enables companies to create new wealth.

Train, train, train

In the 20th century, records management relied on employees to do much of the classification and management of paper-based information. For that reason alone, employee training was important. Modern information governance emphasizes automated classification, automated access controls/security, cloud-based storage and big data analytics. Many executives mistakenly believe that these innovations reduce the need for training.

In the enthusiasm to embrace new technologies, companies neglect 20th century records management techniques that remain essential.

Information governance training remains essential. For employees that handle manual classification, they need to understand how classification schemes interact with data to know when to intervene and provide alternative treatments. They must know about legal obligations to preserve information not digitally stored in company systems. It's necessary for them to understand how new systems and technologies alter traditional notions of confidentiality and access.

Information governance also creates new training demands for senior executives, legal counsel and auditors. Senior executives should understand information governance's economic impact. Executives and legal counsel need to learn that comprehensive data logs influence how a company protects and defends its legal interests. Quite simply, the breadth and depth of log data that records actions down to individual keystrokes dramatically alters the approach to information governance-related legal proceedings. Training is essential to underscore how information governance controls have made computers superior witnesses, more reliable than any human being testifying under oath.

Identify and preserve the 'records'

In the 20th century, rules and regulations emphasized preservation of paper documents with specific content and commercial functions. Those documents still exist, but in electronic formats and with their content increasingly distributed across different databases and Web servers.

Careful design is required to assure that distributed content can still be preserved in a format that is just as good as the "real thing" for regulatory purposes. Regulators are not pleased with record components that are not preserved with the same level of integrity as original paper records.

At the same time, record preservation processes must be adapted to include log data and related systems metadata. Doing so gives a more complete sense of the record's provenance and history and provides regulators with more detailed data.

More on information governance strategy

Build 'digital trust' to make the most of data assets

Beware these info governance traps during BYOD management

Regulators are catching on that this additional data can help evaluate a specific record's integrity. For example, the U.S. Securities and Exchange Commission specifically requires broker-dealers in Rule 17a-4(f)(vi) to preserve ". . . all information necessary to access records and indexes stored on the electronic storage media; or place in escrow and keep current a copy of the physical and logical file format of the electronic storage media, the field format of all different information types written on the electronic storage media and the source code, together with the appropriate documentation and information necessary to access records and indexes."

Destruction, disposition of antiquated information

The low costs of digital storage, combined with decreasing cloud-based storage service costs, have led companies to keep business records of no value to the company's operations or legal requirements. In other words, storage is so cheap, why spend money to get rid of stuff?

A recent survey by the Compliance, Governance and Oversight Council reported that 75% of respondents said the greatest challenge leading to "massive amounts of legacy data" is the inability to know how to dispose of information in a legally defensible manner. Federal e-discovery rules provide a legally valid means to dispose of information. When data remains accessible, companies can incur significant costs trying to prove the antiquated data is not relevant to litigation or other legal inquiries.

The bottom line is to work with counsel and build a plan that allows data with no further value to be tossed out.

As companies continue to adapt their information governance strategy to the digital age, it's important to remember these proven data management techniques. Information and records management in the 21st century does not require reinventing the wheel, but instead building on tried and true processes to ensure effective governance of regulatory and legal data.

About the author:
Jeffrey Ritter is one of the nation's experts in the converging complexity of information management, e-discovery and the emergence of cloud-based services. He advises companies and governments on successful 21st-century strategies for managing digital information with legal and evidential value. He is currently developing and teaching courses on information governance at Johns Hopkins University's Whiting School of Engineering and Georgetown University Law. Learn more at www.jeffreyritter.com.

Let us know what you think about the story; email Ben Cole, site editor. For more regulatory compliance news and updates throughout the week, follow us on Twitter @ITCompliance.

This was first published in June 2014

Dig deeper on Information technology governance

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Related Discussions

Jeffrey Ritter asks:

What information governance challenges has your organization faced from adapting data management processes to the electronic age?

0  Responses So Far

Join the Discussion

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchHealthIT

SearchCloudComputing

SearchDataCenter

SearchDataManagement

SearchSecurity

Close