Information increasingly has become a commodity at modern organizations, a vital tool for maintaining business processes and protecting assets. Data helps business leaders make and ultimately evaluate decisions -- but that data can also be a huge source of risk if it's not handled properly.
Jeffrey Ritter, an attorney and technology law expert, says this risk requires organizations to change how they look at and develop information governance strategy. In this excerpt from a Q&A with SearchCompliance.com editor Ben Cole, Ritter provides advice on how companies should approach corporate information governance in the digital age.
What exactly does it mean for a company to govern its digital information?
Jeffrey Ritter: You really can't be in business without having transparency and accessibility to the information around which your company runs every day. Information is the fuel for business -- it is what informs business decisions, it's what we use to evaluate the performance of the business. And if it's not of a quality and adequacy and accessibility to allow you to compete in an increasingly dynamic, volatile and accelerated global environment, then it's not worth the paper it's printed on or even the magnetic media on which it's stored.
Information is the fuel for business -- it is what informs business decisions, it's what we use to evaluate the performance of the business.
attorney and technology law expert
I offer a definition of information governance that is fairly simple. It has two components: Information governance is, No. 1, managing information by the rules that have been established to do so, and No. 2, creating the documentation of the manner in which those rules have been executed.
To build information governance today is to author a set of rules that enable us to leverage technology around digital information and be able to govern it so that we make better decisions, make fewer mistakes in business, and so that we can access the information where and when we need to.
It sounds like an information governance strategy is a complicated process for the modern company. What departments and organizational positions need to be involved in building a data governance strategy?
Ritter: The case can be made that virtually every department needs to be involved. But the reality is [that] unless you have senior executive leadership of the kind of reforms and evolution that information governance requires, it's going to fail. To set the rules in place for how information is to be governed requires management leadership and management direction.
For example, you might not think of the chief financial officer [CFO] as being an important player in data governance strategy. But for the CFO, information is fundamental to how they preserve and create the wealth, which is the objective of the organization. To make those judgments requires information that's reliable, that's trustworthy and that has been managed according to the rules. The chief executive wants to be there because the transparency and accountability that effective information governance delivers enables him or her to manage the business differently, with greater efficiency, with greater confidence.
What you haven't heard me mention are the most obvious. The CIO or CTO [chief technology officer] became the "box jocks" in the 20th century. They were responsible for the servers, the infrastructure, the wiring -- more of a technology manager than an officer responsible for the quality of information. In many companies, the CIO's role has been so diminished by the assignment of responsibility for the hardware and infrastructure that they don't have functional control over the digital information and its management. That has to change. We truly need, in the 21st century, C-level responsibility for the information that is to be governed.
Bottom line: Everybody at the corporate board table involved with the governance of the organization needs to be involved, because they all have a stake in data quality.
What are some of the must-have characteristics of records management processes?
Ritter: There has to be some person, some operation that takes responsibility for information governance. The information governance manager must have access to someone at the C-level and the executive suite, an engagement with the IT department and the authority to participate in governance decisions.
More information governance strategy Q&As with Jeffrey Ritter
Using information governance as a corporate asset
Information governance complicated by social media, compliance
The second thing you need is the mechanisms for classification. In order to apply rules to digital information, we have to give it a label -- we have to be able to characterize what this information is in order to apply the rules. This has become challenging because we used to be able to manage our records based on the fact that it was a piece of paper labeled on the top of the page -- it was pretty easy to classify. Today the same information may be distributed around five or six different databases, so it's important to figure out how to collect and tag that information so you can follow the rules.
Information governance requires access and security controls, systems management, replacement policies, interaction with cloud, interaction with mobile devices. All of those are part of the rules. So, you need the management to lead, a way of classifying and the rules that then govern the information once it has been classified.