Making the Case for Information Governance 10 Reasons Why IG Makes Sense
Barclay T. Blair
P a g e | 2
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
Preface........................................................................................................................ 3
Introduction ................................................................................................................ 4 Defining Information Governance ........................................................................................ 4 Learn to Tell the IG Story ..................................................................................................... 5 Be Practical .......................................................................................................................... 6 IG is Change Management ................................................................................................... 8
1. We Can’t Keep Everything Forever...................................................................... 10
2. We Can’t Throw Everything Away....................................................................... 12
3. E-‐Discovery......................................................................................................... 13
4. Your Employees are Begging for It – Just Listen................................................... 15
5. It Ain’t Gonna Get Any Easier.............................................................................. 16
6. The Connected Thinking of IG is the Future of Business Success.......................... 18
7. The Courts Will Come Looking for IG................................................................... 20
8. Manage Risk: Information Is a Big One ............................................................... 21
9. Email: Reason Enough ........................................................................................ 22
10. IG Provides Certainty........................................................................................ 23
P a g e | 3
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
Preface
The Economist Intelligence Unit, in a recent study on information governance, found that the single biggest worldwide challenge to successful adoption of information governance is the difficulty of identifying its benefits and costs.1 In other words, the difficulty of making the case for IG.
This eBook, in a small way, is designed to help readers with this big problem. There is no magic formula, no perfect argument for information governance. But, there are many reasons why IG makes sense today, and will make sense well into the future.
This piece doesn’t try to advance an airtight argument, nor does it propose a detailed financial model. The former doesn’t exist, and the latter is beyond the scope of this work. This doesn’t mean that you shouldn’t develop and use such models at your organization, as they are essential.
This eBook is based on a series of observations that I have made as a consultant, advisor, and author in this space over the course of the last decade. I hope to point out some simple reasons we need information governance. I hope it helps you on your journey to manage information better.
Barclay
[email protected] 646 450 4468
P a g e | 4
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
Introduction
This eBook is divided into two sections. The first, this introductory section, lays the groundwork for the book and provides some tips and ideas that have helped our clients. The second section focuses on a series of specific reasons why IG makes sense. Read them in the order that works best for you.
Defining Information Governance
"If you think compliance is expensive, try noncompliance.”
Deputy US Attorney General Paul McNulty2
Information governance is a relatively recent term for a set of activities that have been around for a long time. I like the term because it’s simple -‐ it places the emphasis of the activity (i.e., governance) on the thing we want to act on (i.e., information). The simplicity of this phrase belies the complexity of a field that borrows ideas and practices from a variety of specialties and packages them together to address a difficult problem in a holistic manner.
For example, information governance is not synonymous with corporate governance, but it incorporates elements of corporate governance (some have called information governance “GRC for information” i.e., governance, risk management, and compliance for information). The same goes for information protection, records management, compliance, and so on. Some of the other fields that are part of information governance include:
Information Management
IT Governance
Privacy
Knowledge Management
Enterprise Content
Document Management
Enterprise Risk Management
Archiving
Business Continuity, Disaster Recover
Storage Management
E-‐Discovery
Enterprise search
So how exactly should we define information governance (IG)?
P a g e | 5
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
The Economist defines IG as the “strategically created enterprise-‐wide frameworks that define how information is controlled, accessed and used,” and the mechanisms that enforce those frameworks.3
AIIM International defines it as “the establishment of enterprise wide policies and procedures and the execution and enforcement of these to control and manage information as an enterprise resource.”4
These definitions are pretty similar and they illustrate two key points.
First, IG is about building a foundation of rules (in the form of policies, procedures, practices, etc.) that guide information management across an enterprise. Second, IG requires enforcement – in the form of technology and human-‐focused programs -‐ to be successful. IG rules themselves don’t solve any problems and in fact can create problems if they are not properly enforced.
At the highest level, IG is about managing information better. Sometimes we want to manage it better because an outside party – such as a government body or court – is telling us we have to, and sometimes we want to mange it better simply because it helps us be a better business.
Learn to Tell the IG Story
“At first sight, legal compliance would seem to be the major driver for taking better control of emails. However . . . ROI from efficiency improvement is a genuine justification.”
AIIM Industry Watch: Email Management, The Good, The Bad and The Ugly5
To be successful with IG, you must learn to tell the IG story. More correctly, you must learn to tell IG stories as different audiences need to hear different versions of the IG story.
At a large financial services company I worked with for many years, the chief “evangelist” for IG understood this implicitly. I tagged along with her to many meetings and listened to her tell the IG story. There was one story for the lawyers who were going to have to defend the company’s practices in court. There was another story for the corporate chiefs who were going to have to pay for it. And yet another story for the heads of business units and departments who were going to have to live with the IG program everyday in the real world.
In “Made to Stick,” Dan and Chip Heath6 argue that storytelling is a critical skill for anyone wanting their ideas heard, remembered, and acted upon. According to them, “stories have the amazing dual power to simulate and to inspire,” as they provide a simple, concrete way for others to understand your ideas.
P a g e | 6
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
The ability to tell stories is so important in the IG world because of its complexity and breadth. Despite this complexity, I believe that there are only two basic “plots” to the IG story.
The first is the “faster, better, cheaper” plot. In other words, IG can help organizations make decisions/create products/go to market/ etc. faster. It can also make business processes more efficient (i.e., better), and enable the organization to lower the costs of many business processes (i.e., cheaper).
Steve Bailey, author of “Managing the Crowd: Rethinking Records Management for the Web 2.0 World”7 convincingly argues in his work that the information management community hasn’t done a good job of putting hard numbers behind the “faster, better, cheaper” story. I agree, because aside from some near-‐apocryphal statistics those are frequently used, to my knowledge, the economic case has not been universally made.
However, IG professionals can make solid economic arguments that are specific to their organizations. I have helped many of my clients do this. Some have been financially dramatic (increase profit $300 million over 3 years), some strategically profound (competitive advantage in our market for 2 years), and some have been very practical (cut email costs).
The second basic plot of the IG story is “fear, uncertainty, and doubt.” This story focuses on risk side of IG. This has been a relatively easy story to tell in the past few years, with many massive business failures and high profile court cases tied to IG shortfalls. A note of caution about this plot: don’t overuse it. Many in the IG field are guilty of over-‐relying on the “sky is falling” argument to make their point. I have seen too many presentations in too many dim conference rooms where the IG story starts with the same few slides detailing eye-‐popping court judgments, executives going to jail, and so on. This story can be effective, but it loses is power if it’s overused.
Both IG plots have merit. The key is to tailor the story to the audience and tell it using practical, concrete examples. Business units that drive 80% of the company’s profits may not care as much about risk as the compliance department. The litigation team may not care as much about cutting information management costs as the CFO.
This book tells the IG story using both plots. Take them, make them your own, and tell your own IG story.
Be Practical
Start in the Right Place
P a g e | 7
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
“Organisations become overwhelmed when they start recognising the many risks inherent in information mismanagement. ‘Trying to address them all at once can feel like trying to boil the ocean.’”
“The Future of Enterprise Information Governance,” Economist Intelligence Unit8
Some time ago, I had a client with over 10,000 poorly indexed, improperly stored, and nearly undocumented backup tapes. The metaphorical weight of these tapes around the neck of the poor folks trying to implement an IG program at the company was massive. How could they even begin to think about “easy” things like policy development when they had the problem of 10,000 legacy backup tapes to deal with?
Many organizations are in this position. They have so much unmanaged information in their environment that it effectively paralyzes them. It doesn’t have to be this way. In fact, organizations should focus first on building the foundation for their program (policies, procedures, etc), implementing those foundations (tools, training, etc.) and only then cleaning up their environment. This isn’t the only way to approach IG, but it is a useful framework for organizations that are stuck.
This approach (detailed in Figure 1) encourages organizations to build the “new world” of their IG program, and them bring old content into that world over time. This is a conceptual model; in the real world these things often happen simultaneously, in a different order, and faster or more slowly than we like.
Figure 1: A Practical Approach to Building an IG Program
Start Small
Foundation (policies)
Implementation (tools, training)
Remediation (clean up the past)
Continuous Improvement (audit and adjust)
P a g e | 8
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
“Real transformation takes time. Complex efforts to change strategies or restructure businesses risk losing momentum if there are no sort-term goals to meet or celebrate.”
John P. Kotter, Leading Change9
I had another client with 75,000 employees across the globe involved in vastly different commercial activities. The client had bought into the dogma that IG “must be done on an enterprise level.” However, the complexity of implementing a single email management policy across the enterprise (much less the technology and management programs required to support it) was so great that in effect, nothing was happening.
This is a common mistake. Although the goal of IG should be consistent, defensible practices across an entire enterprise, that doesn’t mean that the entire enterprise needs to get there at once. In fact, the more effective approach is often to start small, and focus on a manageable group in which to try, test, and validate the IG approach. Yes, it is critical that the principles of the IG program can be effectively implemented across the enterprise, but starting small will only make the program better.
So, write the policies, select the technology, design the training with the enterprise in mind, but try it first on a manageable group. What you learn from this approach will make your eventual enterprise program better and increase the likelihood of IG success by giving you powerful, practical IG stories to tell, and thus building credibility and capital with decision makers and stakeholders.
IG is Change Management
“Top-down support is critical to the success of any information governance strategy.”
“The Future of Enterprise Information Governance,” Economist Intelligence Unit10
IG and change management are inseparable. For many years organizations have effectively allowed knowledge workers to create, use, retain, and destroy digital information with almost no (enforced) rules or (effective) controls. IG seeks to change that. It is not an easy change.
Just think about how you personally view your email at work. Even the most enlightened IG practitioners probably feel a stab of angst at the idea of someone -‐ or some policy -‐ dictating how they manage “their” email. Multiply this feeling across hundred or thousands of less IG-‐enlightened employees and the change management challenge becomes clear.
The social and cultural aspects of IG change are often ignored -‐ at an organization’s peril. When implementing IG, you consider the following:
P a g e | 9
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
1) IG change will not happen from the bottom up.
2) IG change will not happen unless we honestly calculate the cost of the change and plan for it.
3) IG change will not happen unless we learn to tell the IG stories.
4) IG change will not happen unless we can create and point to its benefits in the short-‐term.
5) IG change will not happen without the support of all the stakeholders, including legal, IT, records management, and business leaders.
P a g e | 10
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
1. We Can’t Keep Everything Forever
“Information workers, who comprise about 63% of the U.S. work force, are each bombarded with 1.6 gigabytes of information on average every day through emails, reports, blogs, text messages, calls and more. . .”
“Don’t You Dare Email This Story,” Wall Street Journal11
IN BRIEF. IG makes sense because it enables organizations to get rid of unnecessary information in a defensible manner. Organizations need a sensible way to dispose of information in order to reduce the cost and complexity of IT environment. Having unnecessary information around only makes it more difficult and expensive to harness information that has value.
Most statistics on the volume of digital information organizations create contain numbers so large that they are hard to comprehend (for example, “the digital universe” is 281 exabytes in size12). Organizations experience 30, 50, or even 100 per cent annual growth in the volume of information they store. The trend doesn’t seem to be slowing down. Although the cost of storage hardware continues to drop, storage hardware costs are just the beginning. According to International Data Corporation, the total cost of storage ownership “far outweighs the initial purchase price” of the hardware, and includes factors such as migration, outage, performance, information governance, environmental, data protection, maintenance, and staff costs.13
Organizations often claim that they are just keeping a piece of information “for now.” Without a firm plan in place, this really means “keeping it forever.” After all, unless you plan on keeping a piece of information forever, you will need to make a destruction decision about it at some point. Will that destruction decision be easier or more difficult in the future? After all, in three, five, or ten years will:
You have the software that created the information?
You have the hardware to read the media that the information is stored on?
The employee that created it still be working at the company?
The department that the employee worked in still exist?
Anyone remember anything about the project that document was created for?
Litigation be filed that requires the preservation of that information?
IG, with its legal and compliance foundations, provides a defensible approach to disposing of unnecessary information. The combination of good policies around retention of
P a g e | 11
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
information during normal business operations and preservation of information during litigation or regulatory investigation protects your organization. The law doesn’t require us to keep everything forever, but only IG provides a defensible framework to help us get rid of the information we don’t want and aren’t required to keep.
P a g e | 12
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
2. We Can’t Throw Everything Away
“Ensuring the right information is available to users when needed is regarded as the highest business priority for large companies in 2009 . . . and the vast majority of decision-makers believe that an effective information strategy has a very significant impact on this top business goal.”
“Managing Information: Research Study on Customer Priorities and Challenges,” RONIN Corporation14
IN BRIEF. IG makes sense because organizations can’t keep everything forever, nor can they throw everything away. We need information – the right information, in the right place, at the right time. Only IG provides the framework to make good decisions about what information to keep.
If we could throw away every piece of information created and received in our institutions whenever we wanted to, there would be little need for IG. The reality, of course, is much different. Information is how we do business and, to a greater degree each year, business success is influenced by how well we manage that information. Although most information is created by individuals, “enterprises are responsible for the security, privacy, reliability, and compliance of 85%” of it. 15 This is the role of IG.
Some information we keep because of its business value. Some we keep because of legal requirements. By some calculations, there are thousands of laws and regulations in the US alone that speak to the way organizations must manage their information. The role of IG is to parse those laws and regulations into practical policies and retention schedules that guide the organization on its proper management. Without an IG program, organizations are at risk of breaking the law.
Certain external events, such as litigation or a regulatory investigations, also create special legal requirements for the management of information. In these situations, even information that could normally be thrown away has to be preserved and properly managed. Failure to do so opens an organization and its employees up to serious criminal and civil penalties, such as those spelled out in Section 802 of Sarbanes Oxley:
“Whoever knowingly . . . destroy[s] . . . any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter . . . shall be fined under this title, imprisoned not more than 20 years, or both.16
We can’t throw everything away. We need some way to determine which information has value -‐ either because of business goals or legal requirements. IG helps us with this.
P a g e | 13
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
3. E-Discovery
“It costs about 20 cents to buy 1GB of storage, however, it costs around $3500 to review 1 GB of storage.”
AIIM International Email Management ROI Calculator17
“87% of lawyers who responded to the survey said electronic discovery is too costly… A fundamental problem stems from companies’ not considering the retention of information.”
Digital Data Drive Up Legal Costs, Wall Street Journal18
IN BRIEF. IG makes sense because it reduces the cost and pain of discovery. Proactively managing information reduces the volume of information exposed to e-discovery and simplifies the task of finding and producing responsive information.
In the past five years, electronic discovery has evolved from a specialized legal issue into a disruptive force in the business, IT, legal, and information management realms. This transformation was kicked off in the US by the 2006 amendments to the Federal Rules of Civil Procedure, and fueled by years of inattention to information management at many organizations, which had allowed vast stockpiles of unnecessary email, documents, and databases to accumulate.
Today, organizations can expect to spend millions of dollars finding, processing, and producing responsive digital information in the course of a major lawsuit. One out of five large organizations spends more than $10 million each year on litigation (excluding settlements and judgments). 19By 2011, it is expected that organizations will spend nearly $5 billion annually on e-‐discovery tools. 20
The expense of e-‐discovery comes from many sources, but one of the most significant is the cost of finding, processing, and reviewing information that has been unnecessarily retained. The law on this point is quite simple: if you possess information at the time you know or suspect it will be responsive to a legal matter, you must preserve it – even if you could have normally disposed of it in accordance with your records management program.21
The proactive nature of IG means that unnecessary information is disposed of as soon as it is no longer needed and all legal requirements for its retention or preservation have been satisfied. IG enables us to get rid of unnecessary information in a defensible manner. As such, it can reduce the amount of information that needs to be reviewed in the course of a legal matter.
P a g e | 14
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
When working with clients, it is not uncommon to find that 75 to 95 percent of the information created by the organization in the email system, for example, has no long-‐term business value or legal retention requirement and can be disposed of in the ordinary course of business. These percentages vary by system and industry, but the amount of “record” content is usually much lower than “non-‐record.” Further, a good IG program reduces the amount of duplicate information stored by an enterprise. Duplication is expensive and wasteful. In our e-‐discovery practice, it is not uncommon to find that 30 percent or more of the data we collect from clients is duplicate information.
The value of IG then, is that it can help organizations defensibly reduce the amount of information stored by orders of magnitude – a benefit that is felt not only in reduced management costs, but also reduced e-‐discovery costs and risks.
P a g e | 15
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
4. Your Employees are Begging for It – Just Listen
“When you start to actively address your organization's information overload challenges and give people the guidance and tools they need to work more effectively, amazing things happen. They start to make better decisions. They finish projects faster. They generate new ideas. And they drive business growth.”
Basex Information Overload Exposure Assessment22
IN BRIEF. IG makes sense because it help knowledge workers separate “signal” from “noise” in their information flows. By helping organizations focus on the most valuable information, IG improves information delivery and improves productivity.
Study after study shows that most knowledge workers feel overwhelmed by the amount of information they have to deal with. One study found that “sheer overload” is the biggest problem with email as a business tool. 23 Another says that most professionals spent way too much time looking for information and feel they could not handle any “increases in information flow.”24 Yet another study claims that companies in the US lose $900 billion each year worth of employee productivity due to information overload.25
Our experience with implementing IG programs has taught me that, after a period of initial resistance, most knowledge workers appreciate the clarity that IG policies and technology provide. Rather than struggling to invent their own “filing system” and worrying about the trouble that they may face if they get it wrong, the majority of employees quickly understand the value of IG and make it part of their daily routine. At one organization the time that employees spent managing information dropped by 50% within three months of program implementation.
The deluge of poorly managed, redundant, irrelevant, and unclassified information that most knowledge workers face today is huge and growing. IG can improve productivity and reduce the impact of information overload by helping organizations:
Classify information better so it can more easily be found
Get rid of unnecessary information so employees don’t have to weed through it
Better target and personalize information for individuals and communities
Provide better access to information while still meeting confidentiality and information protection requirements
Assign resources and technology to information commensurate with its value
P a g e | 16
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
5. It Ain’t Gonna Get Any Easier
“By far the biggest mistake people make when trying to change organizations is to plunge ahead without establishing a high enough sense of urgency in fellow managers and employees. This error is fatal because transformations always fail to achieve their objectives when complacency levels are high.”
John P. Kotter, “Leading Change,” Harvard Business School Press, 1996, p. 4.
IN BRIEF: IG makes sense because it is a proven way for organizations to respond to new laws and technologies that create new requirements and challenges. The problem of IG will not get easier over time, so organizations should get started now.
Every day the pile of unmanaged information in your organization grows. Every day the habits of your knowledge workers get more ingrained. Every day new technologies enter your enterprise and create new sources of unmanaged risk. Every day technology gets more complex. Every day courts and regulators grow more sophisticated and demanding when it comes to information management. Time will not make the information management problem any easier.
More regulation of information management is expected.
“It’s now ‘inevitable that more regulation will come, forcing companies to be more ethical, more compliant and overall better corporate citizens.’"
Former SEC Chairman Harvey Pitt26
Beginning as early as the 1970s (with privacy law directed at the federal government) and intensifying in the early years of the new millennium (with Sarbanes-‐Oxley and the revised Federal Rules of Civil Procedure), governments, regulators, and standards bodies have demonstrated an increasing appetite for the regulation of IT and information. Increasing federal and state regulation has driven demand for IG products and services. 27
The current administration in the US, as well as regulators in nations across the globe, have demonstrated an increasing appetite for regulation; an appetite that seems only to be increasing in the wake of the recent global economic crisis that is widely seen as having a root cause in inadequate government oversight and regulation. This is likely to drive legal and regulatory changes that will create new IG requirements for organizations.
Information is getting more complex.
P a g e | 17
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
“Using a growing set of free and simple tools and applications, it is easy to create customized, personal web-based environments — a personal web — that explicitly supports one’s social, professional, learning and other activities via highly personalized windows to the networked world.”
The New Horizon Report28
The growing business use of Web 2.0 technologies such as blogs, wikis, and social networking tools, along with other developments such as Internet “cloud” based applications, are making information management more challenging. The emergence of such technologies is a challenge to the “very strong and entrenched ‘command and control’ ethos that is prevalent in the records management world.29
The reality today is that each knowledge worker – like it or not – is his or her own records manager. Responsibility for the creation and management of information has become highly distributed and a new generation of Internet-‐based tools and applications only encourage this trend.
In addition, technologies like “Google Wave”30 create new difficulties. Products that blend together formerly discrete communication, collaboration and content creation tools challenge the long-‐standing focus on “the document” and usher in a world where we no longer manage discrete piece of information. The “wave” of information created by these tools is an ever-‐changing Hydra that pulls information from a variety of sources and blends them together into an environment that cannot be “retained” or managed using traditional approaches.
As technology – and the new forms of information created by that technology – grows more complex, IG provides the foundation from which we can build processes and techniques to properly manage that information. IG isn’t getting any easier -‐ the time to act is now.
P a g e | 18
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
6. The Connected Thinking of IG is the Future of Business Success
“While detailed knowledge of a single area once guaranteed success, today the top rewards go to those who can operate with equal aplomb in starkly different realms.”
Daniel Pink, “A Whole New Mind”31
IN BRIEF. IG makes sense because it reflects the future of organizational culture – diverse groups working together to solve complex problems. IG can help to foster this culture and lead organizational change.
In the bestselling book, “A Whole New Mind,” Daniel H. Pink32 argues that the future belongs to those who can see across boundaries to envision the “connections between diverse, and seemingly separate, disciplines.” He posits that this ability is becoming essential to the success of individuals and organizations.
This theory is directly applicable to information governance. Information governance, with its legal, technology, records management, and business elements, is by nature multi-‐disciplinary. Success in IG is synonymous with the ability to peer beyond the confines of one discipline to understand how each discipline connects with the others to solve the problem.
Steve Bailey suggests that “[r]ecords management has . . . long been defined by the narrowness of its focus”33 But, records management shouldn’t be singled out. Just as records management has clung to the idea that it should only worry about one narrow class of information (i.e., records – often in paper form), IT has largely refused to take management responsibility for the information flowing through its systems. Business leaders and attorneys have their own form of blinders that are a barrier to the connected thinking and problem solving that IG requires.
As a consultant, I have many times sat in windowless rooms drinking terrible coffee and mediating between these groups. Although this is rewarding work, the pattern is always the same: nobody understands that they are all trying to solve the same problem. Each group is more than willing to share their discipline’s view of the problem (often using their “outside voices”), but nobody believes that they “own” the IG problem as a whole.
And, in most cases they are right. Corporate governance structures mostly have not evolved to address the complex issues of IG. The result? When the committees and task forces and working groups have all come and gone, nobody is on the line – in their career and their paycheck -‐ for the success of the IG effort.
P a g e | 19
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
The flipside of this is equally true. When everyone owns a task, nobody in particular owns the task. Thus, nobody can be held accountable. Corporate structures aren’t very good at holding groups responsible -‐ at least at the task level.
In mediating such sessions, I have been most successful when each group has learned – often through a traumatic experience -‐ to empathize with the others (incidentally, another “right brain” quality that Pink points out as essential). Any guesses as to what the catalyst for this empathy is the majority of the time? Lawsuits. Investigations. Major business events that require legal, IT, records management, and business to work together – often under enormous pressure – to solve a problem.
P a g e | 20
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
7. The Courts Will Come Looking for IG
“It is clear that [the] lack of a retention policy and irresponsible data retention practices are responsible for the loss of significant data . . . Information management policies are not a dark or novel art. Numerous authoritative organizations have long promulgated policy guidelines for document retention and destruction.”
Philip M. Adams & Associates, LLC v. Dell, Inc., 200934
IN BRIEF. IG makes sense because courts and regulators will closely examine your IG program. Falling short can lead to fines, sanctions, loss of cases, and other outcomes that have negative business and financial consequences.
There used to be an open secret about IG. Nobody talked about it, but everyone believed it. The secret? If all you did about IG was write a bunch of words on a piece of paper, call it a policy, and put it in a binder on a shelf somewhere, you were good. You had taken care of your problem.
That era is over.
Today, courts, regulators, and other outside parties have grown in sophistication and expertise when it comes to IG. Dead policies on dead trees don’t work. Today, your IG program needs to be comprehensive, funded, enforced, and real. Recent cases demonstrate this. For example, in the case quoted above, the court not only looked for the existence of an IG program, but evaluated the legitimacy of various aspects of the program in detail. It questioned the lack of IG policies, stating that the litigant “did not have a . . . information management policy” and questioned why it offered “no statement from management-‐level persons explaining its practices, or existence of policies.”35
Further, the court made an interesting statement about evaluating IG programs that should put all organizations on notice that they can expect outside parties – including courts and regulators – to evaluate the quality and reasonableness of their IG programs:
“A court-and more importantly, a litigant – is not required to simply accept whatever information management practices a party may have. A practice may be unreasonable, given responsibilities to third parties. While a party may design its information management practices to suit its business purposes, one of those business purposes must be accountability to third parties.
An IG program is not merely an internal, private affair. Rather, an IG program is a statement to the world about how seriously you take your information management obligations. Expect it to be closely examined.
P a g e | 21
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
8. Manage Risk: Information Is a Big One
“Risk doesn’t mean danger—it just means not knowing what the future holds. That insight resides at the core of risk management for companies, whether in managing the potential downside of an investment or putting a value on the option of waiting when making irreversible decisions.”
McKinsey Quarterly, “Peter L. Bernstein on Risk”36
IN BRIEF. Organizations need to do a better job of identifying and managing risk. The risk of information management failures is a critical risk that IG helps to mitigate.
Organizations cannot get an accurate picture of their enterprise risk without including IG in that calculation. The cost of information management failures has grown in recent years, and is only growing as regulation and scrutiny in this area intensifies. The widespread failure of financial institutions to adequately quantify and mange risk is seen by many to be a major contributor to the current economic downturn.
In fact, the Shareholder Bill of Rights Act of 2009, a new law currently being considered by the US Congress states that, “both executive management and boards of directors have failed in their most basic duties, including to . . . appropriately analyze and oversee enterprise risk.”
The way that information is managed can be the difference between winning and losing in litigation. It can dramatically affect the outcome of regulatory investigations. It contributes significantly to the success of mergers and acquisitions. IG needs to be part of every organization’s strategy to measure and mitigate enterprise risk.
P a g e | 22
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
9. Email: Reason Enough
“Workers distracted by phone calls, e-mails and text messages suffer a greater loss of IQ than a person smoking marijuana, a British study shows.”
Emails ‘hurt IQ more than pot,’ CNN.com37
IN BRIEF. IG makes sense because it helps organizations take control of email. Solving email should be a top priority for every organization.
According to the study quoted above, using email can be hazardous to your intelligence. Sometimes I think that the same IQ deficit sets in when companies try to manage email. Everything they have learned about information management seems to be forgotten, and they end up with policies that indiscriminately keep every email message, or throw away every message, regardless of what the message contains. Or, they impose volume limitations without the support of a policy that tells employees that some messages have legal implications and cannot be blown away simply because they violate an arbitrary storage limitation. Or, they just do nothing.
Email is how we do business today. Our email systems are full of “a significant number of important emails involving the organization in obligations, agreements, contracts, regulations and discussion.”38 At the same time, email mismanagement causes so many problems that it’s amazing we use it at all.
IG helps us take control of the email management problem. IG policies provide rules on how email is managed. Retention schedules guide the retention and disposition of email. Information technology helps us implement and enforce the policies. IG training ensures that everyone understand their responsibilities.
Apply IG to your email system – it’s reason enough to invest in an IG program. When doing so, keep the following in mind:
1) Develop defensible policies that align with your approach to information management in other systems
2) Consider turning off the ability for users to export email to local files
3) Ensure that your Legal Hold process covers email
4) Look at email archiving to reduce volume, duplication, and improve centralized management capabilities
P a g e | 23
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
10. IG Provides Certainty
Less than 10 per cent of respondents claimed that they were “very confident” that “emails relating to document commitments and obligations . . . are recorded, complete, and retrievable.”
AIIM Industry Watch: Email Management, The Good, The Bad and The Ugly39
IN BRIEF: IG provides organizations with certainty that they are properly managing their information assets, and confidence that they won’t be surprised when litigation or investigation hits. Also, IG provides certainty that money and resources are being spent wisely, which is important in an era of increasing shareholder activism.
In “Life Without Lawyers,” Philip K. Howard argues that the structure and application of the law in the US makes it more difficult for businesses and institutions such as schools and hospitals to succeed. “Straining daily choices through a legal sieve basically kills the human instinct needed to get things done,” he writes.40
Managing information is complex, especially for global companies impacted by laws and regulations in multiple jurisdictions. The fear of throwing away the wrong piece of information can be paralyzing – I have seen it first hand at many companies.
When I started working with one of my clients, they proudly showed me a binder full or well-‐written IG policies and procedures. As I read through them, I wondered why they needed me. Then, when I asked how the policies were being enforced, the reason became clear. They were in a fairly litigious industry, and due to multiple, broadly drawn and overlapping Legal Holds notices, the IG policies had in effect been suspended. No information was being disposed of, and it had been this way for over two years. Information systems were under serious strain. Expenses were growing. And yet, the organization still lived in fear that they would be hit with a spoliation (i.e., destruction of evidence) claim. The organization was being slowly strangled.
We helped the client build a better understanding of their information environment, narrow the scope of unnecessarily broad Legal Holds, and build a comprehensive, contemporary IG program. They began to move forward with confidence – even the outside litigators blessed the program.
IG provides certainty that information is being managed in a way that complies with the law and meets business requirements. No program is foolproof. Nothing can totally inoculate you from future problems. But, a well-‐designed and implemented IG program can provide a level of that enables an organization to focus on success.
P a g e | 24
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
Endnotes
1 Elizabeth Bennett, “The Future of Enterprise Information Governance,” Economist Intelligence Unit, October 2008. 2Deputy US Attorney General Paul McNulty, as quoted by Alex B. Howard, “Financial Crimes Resulting in Increased Compliance Enforcement,” SearchCompliance.com, June 8, 2009. Online at, http://searchcompliance.techtarget.com/news/article/0,289142,sid195_gci1358669,00.html?track=NL-‐1166&ad=707674&asrc=EM_NLS_7535574&uid=8552802 3 Elizabeth Bennett, “The Future of Enterprise Information Governance,” Economist Intelligence Unit, October 2008. 4 AIIM International, “AIIM View On Information Governance,” AIIM Market Intelligence, 2008. 5 AIIM International, “AIIM Industry Watch: Email Management, The Good, The Bad and The Ugly,” AIIM International, May 2009. 6 Chip Heath and Dan Heath, “Made to Stick: Why Some Ideas Survive and Others Die,” Random House, 2008. 7 Steve Bailey, “Managing the Crowd: Rethinking Records Management for the Web 2.0 World,” Facet Publishing, 2008. 8 Elizabeth Bennett, “The Future of Enterprise Information Governance,” Economist Intelligence Unit, October 2008. 9 John P. Kotter, “Leading Change,” Harvard Business School Press, 1996, p. 11. 10 Elizabeth Bennett, “The Future of Enterprise Information Governance,” Economist Intelligence Unit, October 2008. 11 Andrea Coombes, “Don’t you Dare Email This Story,” Wall Street Journal, May 17, 2009. Online at, http://online.wsj.com/article/SB124252211780027326.html 12 International Data Corporation, “The Diverse and Exploding Digital Universe: An Updated Forecast of Worldwide Information Growth Through 2011,” March 2008. Online at, http://www.emc.com/collateral/analyst-‐reports/diverse-‐exploding-‐digital-‐universe.pdf 13 Nick Sundby, “Storage Economics: Assessing the Real Cost of Storage,” International Data Corporation, December 2008. 14 “Managing Information: Research Study on Customer Priorities and Challenges,” RONIN Corporation, March 2009. 15 International Data Corporation, “The Diverse and Exploding Digital Universe: An Updated Forecast of Worldwide Information Growth Through 2011,” March 2008. Online at, http://www.emc.com/collateral/analyst-‐reports/diverse-‐exploding-‐digital-‐universe.pdf 16 US Federal Public Law 107-‐204, Section 802. 17 AIIM International, Email Management ROI Calculator. Online at, http://www.aiim.org/Membership/article.aspx?IDbb=34769 18 “Digital Data Drive up Legal Costs,” Wall Street Journal, September 6, 2008. 19 “Fifth Annual Litigation Trends Survey Findings: Direction and Dynamics.” Fullbright and Jaworski L.L.P., 2008. Online at, http://www.fulbright.com/mediaroom/files/2008/Fulbright-‐FifthLitTrends.pdf 20 Forrester Research, Inc., “Believe It — eDiscovery Technology Spending to Top $4.8 Billion By 2011,” December, 2006. 21 The duty to preserve evidence arise when the litigant “knows or should know it is relevant to imminent or ongoing litigation.” Jordan F. Miller Corp. v. Mid-‐Continent Aircraft Service, Inc, No. 97-‐5089 1998 WL 68879
P a g e | 25
© 2010, 2011 Barclay T. Blair www.barclaytblair.com [email protected] 646-‐450-‐4468
22 Basex Information Overload Exposure Assessment. Online at, http://www.basex.com/web/tbghome.nsf/pages/ios 23 AIIM International, “AIIM Industry Watch: Email Management, The Good, The Bad and The Ugly,” AIIM International, May 2009. 24 “LexisNexis 2008 National Workplace Productivity Survey, February 2008. Online at, http://www.lexisnexis.com/media/press-‐release.aspx?id=1041.asp 25 Andrea Coombes, “Don’t you Dare Email This Story,” Wall Street Journal, May 17, 2009. Online at, http://online.wsj.com/article/SB124252211780027326.html 26 Alexander B. Howard, “Ex-‐SEC Chief Pitt Decries State of Sarbanes-‐Oxley and Risk Management,” SearchCompliance.com, June 5, 2009. Online at, http://searchcompliance.techtarget.com/news/article/0,289142,sid195_gci1358346,00.html?track=NL-‐1166&ad=707674&asrc=EM_NLS_7535578&uid=8552802 27 Nikki Swartz, “Compliance Boosts Records Management Market,” Information Management Journal, Sept/Oct 2006. 28 L. Johnson, A. Levine and R. Smith, “The 2009 Horizon Report,” The New Media Consortium, 2009. 29 Steve Bailey, “Managing the Crowd: Rethinking Records Management for the Web 2.0 World,” Facet Publishing, 2008, p. 68. 30 Online at, http://wave.google.com/ 31 Daniel Pink, “A Whole New Mind: Why Right-‐Brainers will Rule the Future,” Riverhead Books, 2006, p. 134. 32 Daniel Pink, “A Whole New Mind: Why Right-‐Brainers will Rule the Future,” Riverhead Books, 2006. 33 Steve Bailey, “Managing the Crowd: Rethinking Records Management for the Web 2.0 World,” Facet Publishing, 2008, p. 60.
34 Philip M. Adams & Associates, LLC v. Dell, Inc., 2009 WL 910801 (D. Utah Mar. 30, 2009). 35 Philip M. Adams & Associates, LLC v. Dell, Inc., 2009 WL 910801 (D. Utah Mar. 30, 2009). 36 McKinsey Quarterly, “Peter L. Bernstein on Risk,” January 2008. Online at, http://www.mckinseyquarterly.com/Organization/Strategic_Organization/Peter_L_Bernstein_on_risk_2211 37 Emails ‘hurt IQ more than pot,’ CNN.com, April 22, 2005. Online at, http://www.cnn.com/2005/WORLD/europe/04/22/text.iq/ 38 AIIM International, “AIIM Industry Watch: Email Management, The Good, The Bad and The Ugly,” AIIM International, May 2009. 39 AIIM International, “AIIM Industry Watch: Email Management, The Good, The Bad and The Ugly,” AIIM International, May 2009. 40 Philip K. Howard, “Life Without Lawyers: Liberating Americans from Too Much Law,” W. W. Norton and Company, 2009.