“Rules are for the obedience of fools and the guidance of wise men.” (Douglas Bader)
Information governance refers to the overall management of the availability, usability, integrity, and security of the information and data employed in an enterprise. This is a pretty accurate description, but what's in there for me and my organization? Is it compliance, rules and regulations? Or is it about risks for my organization and how to mitigate them? Or is there more to gain for information governance?
Let's start with a quote about compliance from Elissa Redmiles on the IBM Blog: “Rules guide us in nearly every aspect of our lives, whether or not we consciously realize it. Think about the numerous rules that govern us every day. We obey traffic signals and in return we enjoy the safety that comes with an orderly traffic pattern during our morning commutes.”
Previously, I didn't see rules as a method to reduce safety risks. Obeying the traffic rules reduces the risk of being caught by the police. So should I stop for a red light when nobody is around? Some find this an interesting everyday ethical question, but I know lots of people will just walk on: too little a risk of being fined.
Information Governance is about rules …
A lot of companies approach their Information governance in the same manner. Elissa continues: “Following data (and information, rk) governance rules in the corporate world helps us to reduce our organization’s risks.” What risk? The risk of being caught by privacy watchdogs when violating the new European General Data Protection Regulation (GDPR)? The risk of losing court cases when incriminating documents are found during eDiscovery; or problems with the tax office after you didn’t keep the correct retention periods on documents and data?
Companies and other organizations in general don’t want to break the law. So the business driver has to comply just like how companies comply with so many rules and regulations. Some wholeheartedly and some just because it is obligatory. And few choose not to comply when the risks are too low. So is this enough to start an information governance business case? Or can I just take some ad-hoc measures to comply for high risk rules only? When my organization in into pharmaceuticals or finance I might need full swing governance, but what about when I’m in retail or services?
… and risks
We all know the data risks like intrusions and data theft. Losing face like Sony after the major data theft is exemplary. Or a multi-million bank robbery using a phishing attack- causing a breakdown in customer trust and loyalty.
The risks I mentioned come from the world outside of the organization: people with bad intentions, espionage, watchdogs, theft and so on. You’ll have to take care of those threats and risks. But your behavior, and the carelessness of your employees, can also cause risks for your data. Information governance helps you to stop information leaks. And prevents money draining away.
Risk-analysis techniques will make compliance and security risks around data explicit. Assessing the risks will help you to build a ROI around information governance. But remember, risk reduction is about bringing risks down to an acceptable level with minimum effort. If I can do this without full-blown information governance, that’s fine. Or not? Managers I’ve spoken to saw information governance as a cost without direct financial revenues.
Information governance is more
Here the story ends for lots of people dealing with information governance: compliance and risk mitigation. But is that all? Is it just some a pre-condition I have to fulfill? Or does this really help my business? The question to ask is: Does information governance make innovation possible? And the answer is yes.
- Because “good housekeeping” of your data helps you to get your data in good shape. This implies that all the insights you gain from data, like statistics, (predictive) analytics and so forth, are of good quality. You don’t have to doubt the validity of the data itself.
- Because one of the biggest barriers to new product development is inadequate access to actual data. By integrating multiple data streams into a single view that can be monitored and managed, high quality data management facilitates effective financial modeling and efficient decision making.
- Because business professionals must be at liberty to focus on what they do best -manage assets, products and portfolios. The right data management tools deliver the information your professionals want when they want it - and allow them to make changes in sources, field assignments and reports without the time-consuming intervention of developers or IT technicians.
- Because good quality data improves the decisions made, from operational to strategic level. Better decision mean less errors and less money to correct them. Erroneous decisions lead to bad publicity; better decisions mean for instance improved customer satisfaction and customer retention.
- Because organizations are seeking competitive advantage by leveraging information governance to proactively add value to their business innovations. It is about getting the right information to the right people at the right time and enabling the entire organization to seize new opportunities rather than simply operating in a reactionary way.
Revenue growth increasingly depends on the creation of innovative products that are constructed wholly from information. Effective data management integrates data from multiple sources; multiple markets are multiple asset classes. With accurate, timely data, professionals can craft products that respond to urgent market demands - and anticipate emerging opportunities
You should do this with your precious belongings at your organization: your data. Without a doubt, data has become the raw material, from the information economy to your organization, and data governance is a strategic imperative.