AIIM information governance in the enterprise 320 x 240.jpg Whatever you think of US National Security Agency leakerEdward Snowden, you have to concede he has done a lot for information governance (IG). He didn't build the ultimate IG technology.

But his behavior over the past 12 months have forced a large number of organizations to sit down and ask themselves, "What if?"

What if your information is not governed properly?

New research from AIIM shows only 10 percent of organizations have an effective IG policy in place, while 21 percent have polices that are mostly ignored. Most of the rest consider IG a work in progress.

Governance is a Challenge

In its recent Industry Watch report, Automating Information Governance assuring compliance (free after registration),  AIIM discovered many organizations are struggling to cope with information governance.

The research was based on 531 responses to a questionnaire sent to AIIM members between March 15 and April 8, excluding organizations with less than 10 employees and suppliers of enterprise content management (ECM) products and services.

Traditionally, there has been a great deal of apathy towards IG by the leadership in many enterprises. But recent security breaches coupled with Snowden's revelations about cyber spying has pushed the topic into the limelight.

Metadata became a household word after Snowden revealed the NSA has been systematically tracking it on a global scale.

Add into the mix the data explosion and the realization that data and the customer insights it can offer means money, along with the regular use of electronic data in the court room coupled with increasingly stringent rigid compliance regimes. You can see how IG has turned into a real devil's brew.

Data Protection

The report covers just about all the bases when it comes to IG. But there are some figures that really stand out, particularly now data protection and privacy rules are under the microscope everywhere.
If there was any doubt as to the need for an IG strategy, one of the most striking figures relates to how companies believe they would perform if they were audited under current legislation.

According to AIIM, 18 percent admitted that if they were audited today, they would probably fail it, while a further 7 percent admitted that they had suffered data or privacy breaches or even lost data. On top of that, 26 percent said they were unable to comment on the likelihood of failing an audit, while 22 percent said they felt they were operating at the very minimum of requirements.

The overall impression is that about half of organizations are incurring considerable risks — and this is based only on what organizations are prepared to admit. It is possible, if not probable, that the risk level is, generally speaking, a lot higher.

AIIM information governance risks.jpg

Small Improvements

The situation appears to be getting slowly better. The research shows that the amount of paper being used in the organization is beginning to stabilize.

This has seen the number of organizations using electronic records jumping to 68 percent while those actually reporting a decrease in the use of paper records rose to 32 percent.

In the next 12 months, another 40 percent plan to move from traditional records management to a wider, all-encompassing IG strategy.

This corresponds with commonly held views of the risks of not implementing an IG strategy as well as the potential benefits.

The responses show that the three biggest perceived risk of failing to introduce IG are loss of intellectual property, damage to reputation and the inevitable litigation costs with 24 percent reporting compliance issues around litigation and discovery over the past two years.

However, for those that do have a coherent IG strategy the rewards are potentially great. According to the research, the three principal benefits from good information governance are a reduction in storage costs, exploiting and sharing knowledge resources, and faster response to events and inquiries. Digging down deeper into figures there are some other notable points:

AIIM mechanism for managing records.jpg

IG and Records Management Policies

The research shows that only 15 percent of respondents felt they that had “robust” IG policies in place, although this rose to 22 percent for larger organizations.

This means that only one in five organizations feel that they have policies that they feel are adequate, although this varies across departments.