Until recent years, records management has been a behind-the-scenes operation. Today, driven by the plethora of highly visible data breaches, the exponential growth of digital data, regulatory demands and the need for digital transformation to support insight and intelligence, records management has been thrust into the spotlight.
This has not been simply a shift from the back office to the front office, but rather from the back office to the boardroom.
What were once considered records management activities are now part of a broader range of practices and strategies that have been labeled Information Governance (IG).
The IG Umbrella
Coalescing under the Information Governance umbrella are privacy, security, accessibility, lifecycle management, auditability, insight and much more. The information governance stakeholders start at the top with C-level executives and include line-of-business managers, information management professionals, legal, compliance and IT.
In a recent report, Doug Miles, director of market intelligence at AIIM, an organization for information professionals, noted, "This is not just a terminology change. It reflects the importance of governance in all areas, and the need to work together with IT, legal and operations to set policies and initiate good practices.”
In 2015, there were so many data breaches worldwide it would take too long to list and expound on the resulting implications, both financial and reputational.
AIIM confirms that these events have escalated the need for compliance and the need for prevention, and are the biggest business drivers for IG.
IG has rapidly become a strategic imperative that attracts both the support and the participation of C-Level executives. In addition, companies are adopting IG as a way to create searchable and accessible data, which reinforces the growing desire to leverage information as an asset.
Governance of Email
Effective email management has long been an elusive goal for most organizations.
Email remains the most dominant means of business communications and is subject to discovery to demonstrate compliance with legal and regulatory guidelines.
Despite Bernie Sanders’ recent proclamation that the American people don’t care about Hillary Clinton’s emails, the bottom line is the court of law and regulatory bodies do. The bulk of the AIIM survey respondents (41 percent) categorize their governance of emails as “chaotic”.
Non Compliance Issues
There is no industry immune to regulatory requirements nor/or the resulting fines and penalties from a failure to comply. The AIIM survey reports the top non-compliance issues were internal audits (26 percent), information requests (24 percent), data protection and privacy (21 percent) and litigation and discovery (20 percent).
These non-compliance issues will undoubtedly become of even greater concern as the regulatory landscape continues to grow and becomes more complex, and as the number of requests for discovery rises.
Paper Records Persist
While every organization must tackle an onslaught of new content types — social, IM, audio, video — AIIM’s survey reveals that paper remains an issue for many organizations — 60 percent of organizations report the volume of paper remains the same (stable) or is increasing.
Only 10 percent report their volume of paper is decreasing rapidly, which confirms paper persists and paper-reduction must be a core component of IG’s programs. Eliminating paper from all candidate processes may prove to be the critical first step toward governing an organization’s information.
Maturity of Policies
Historically, records management policies have targeted primarily paper-based information. With the move toward IG, there is now a need for policies and procedures to address all enterprise information.
The AIIM survey sought to determine the maturity of IG policies and procedures development. Only 15 percent describe their policies as “mature.”
Elements Covered by IG Policies
IG policies and procedures must address a full gamut of subjects including retention, disposition, access privileges, compliance requirements, audit reporting, backup and recovery for all enterprise information including paper, electronic, audio, and video stored on all company issued or sanctioned devices including desktops, laptops, network servers, mobile devices, USB drives, and cloud services.
The AIIM survey reveals traditional records management functions such as retention, access control, and security are well addressed in governance policies but the policies are falling short in governing information stored on mobile devices and in the cloud.
The top four biggest issues with creating Information Governance policies are very telling:
It is common for organizations to “keep information” just in case.
Historically, they keep as much as 50 percent more information than is necessary. This is often referred to as information hoarding and is a key contributor to what has become known as “information chaos.”
A good IG program will help the organization rid itself of this data debris or ROT – Redundant, Obsolete and Trivial information.
There are many strategies for addressing all the issues associated with today’s information management problems. The top strategy as identified by the AIIM survey is to “implement an ECM/ERM system.”
Implementing ECM/ERM systems enable organization to capture, manage, store, preserve and deliver content. A critical first step is to capture the information that has value and give it structure.
Information capture involves scanning and digitizing any paper-based information, crawling and analyzing all of the organization’s repositories to find relevant and valued information, classifying it and then connecting that information to the right people, processes and systems.
Title image by Benjamin Childs