peshkova - Fotolia
Big data creates numerous risks for organizations. Failing to properly track endless amounts of data, for example, creates the potential for legal and compliance risk. The biggest big data risk, however, may be the inability to properly analyze every piece of information for potential value, according to Barclay T. Blair, founder and executive director at the Information Governance Initiative.
Blair was in San Diego last month at the ARMA 2014 International Conference, where he led a session about how effective information governance and analytics can offset big data risk. In this interview conducted at the ARMA 2014 conference, he discusses how the big data age has forced big changes to information governance strategies.
What are some of the biggest risks if companies don't get rid of their data?
Barclay T. Blair: I think the biggest big data risk is not being able to extract insight and value from your data. If an organization doesn't create that capability, they are falling behind because their competitors are doing it. Billions and billions of dollars are flowing into the big data space, and the world has changed. Whether you're an individual or a corporation, so many activities generate data as an incidental part of that activity. When you walk down the street, your cell phone is generating a constant stream of data about where you are. You do anything on your mobile device, it generates data.
There's a couple of options: You can say there is a data deluge and we should try and control and run from that, or you can say this is an incredible resource to help us understand what's going to happen tomorrow. I actually think the biggest big data risk is not finding a way to use your data to drive value.
But the question you're asking is if a company does not get rid of their data, is there a risk that comes with that? Certainly there is. We see evidence of that every day in litigation and investigations. The reality is if you've got it, you need to turn it over. But is the problem the information or is it bad behavior? If you have a problem in your company where people are ripping off customers and bribing officials or they are committing some form of corruption or harassment, then that is the problem. The problem is not just having the information that demonstrates that.
Do you think data retention and deletion schedules can help?
Blair: Here's the lie about retention schedules: I don't know of anyone who is using them to get rid of information. These schedules are something that says, 'We are going to keep everything forever.' That's the default position. The intention of a retention schedule is to provide a tool and give confidence that we can throw stuff away. In reality, it just isn't happening. Here's the problem with getting rid of information: Corporate culture abhors decisions that are irreversible. If you are an executive or a decision maker, the scariest decision is one that is not undoable, because if it fails you're gone, basically. Deletion is that kind of decision.
Let's say you've got an email archive with 10 years of email in it, and somebody in IT comes and says, 'We're spending hundreds of thousands of dollars per year to keep this, why do we have it?' and 'I think we should get rid of everything that's older than three years.' Well, then you go to legal, who says, 'I don't know, there could be information in that archive that could be subject to e-discovery.' You go to records management, who says, 'There could be something in there that is subject to the retention schedule.' You go to the business, who says, 'There's probably stuff in there that I really need.'
Who is going to step up in the midst of all that uncertainty and say, 'Get rid of it?' It's a career-limiting decision. We are not keeping everything forever on purpose. We are doing it because at the real decision-maker level, there is a lack of faith in the process that says, 'We can get rid of data.'
Do you think companies should get rid of information if they don't need it, or they should hang on to information in case they do need it in the future?
Blair: There is obviously information in most companies that [doesn't] have value and never will have value. I think there are clear costs for keeping information that has little value, little upside and a lot of downside. But a slightly different question is whether it is possible to get rid of it in an efficient and effective way, where the cost of getting rid of it is less than the cost of not getting rid of it. I think that's tricky.
Most companies, I believe, when they look at the calculations, they see it's not worth it and just keep it. The other side of it is that if you talk to a data scientist, what they would say is 'I can't tell today whether a piece of information is going to have value to me tomorrow.' So, the only smart thing to do, given the costs of storage, is to keep it. This idea that information value is on a curve that goes down to zero over time I don't think is true, and I think it's less true all the time. That's the conflict.
I think that's really the role of information governance going forward. The lowest value that an information governance professional provides should be' keep this' or 'delete that.' The real value is to allow data-driven business models to happen in a way that complies with the law, complies with best practices and complies with ethics. Without information governance, I don't think a lot of those business models will ever get off the ground.
Often overlooked factors lead to records
Tried and true data governance strategies never go out of style