Information Governance

“GarGarbage Dumpbage in, garbage out” – we know that already, right?  Well … what we know about information quality and what we do are not always in sync. Just for kicks, consider information quality through the lens of the industrial quality movement.

Looking down from 30,000 feet, the history of industrial quality goes something like this – Medieval Guild craftsmanship, then Industrial Revolution product inspection, and then the post-World War II focus on quality process management.  It sounds arcane, until one remembers the 1980’s visceral fear that Japanese manufacturers were beating the pants off of U.S. manufacturing in terms of quality and value. Enter W. Edward Deming, who had been deeply influential in Japan’s post-war industrial recovery, and who became the evangelist for quality management practices in U.S. industry.  Deming exhorted American management to adopt product and service quality as the driving force in all business practices.

What’s that got to do with Information Governance?  It’s this – regardless of industry, in today’s world you’re actually in the information business.  So, business quality increasingly means information quality.   Continue Reading Why govern your information? Reason #5: Bad information results in bad decisions.

Dr. Lawrence WeedAmerican architect Louis Sullivan, who coined the iconic phrase “form ever follows function,” was flat wrong – at least when it comes to the relationship of what we do and how we capture it with data.  The reality is instead that the medium shapes the message, and that record-keeping alters the processes it records.  Need a current example?  One only has to consider how the President’s staccato bursts of tweets now drive public attention, media focus, and policy debates, both domestically and abroad.

But a more profound example is the life’s work of Dr. Lawrence Weed, who passed away last week at age 93.   Continue Reading With business processes and records, we have it backwards – function follows form

disk cleanupIn a previous post I suggested that Information Technology is really in a good position to help identify and clean up ROT (redundant, obsolete, and trivial information).  Sometimes, though, IT needs a helping hand to get the attention of those who can approve a budget for clean-up initiatives.  Here’s where Audit comes in.

Over the years, I’ve seen many information governance clean-up programs come to life in the wake of an expensive e-discovery effort, or an embarrassing and costly data breach.  Needless to say, such events draw the attention of the C-suite and boards of directors.  That attention usually translates into emergency funding and action to shut down e-mail retention, delete old files, and generally do what should have been done all along: better manage information.  Audits, whether external or internal, can serve the same function.

Continue Reading InfoSec Audit’s role in cleaning up ROT

When Earth Day rolls around each year, I can’t heEarth in human handslp but think of the picnic scene from Mad Men.  After Don Draper chucks his empty beer can into the pond, Betty snaps the blanket, dumping their litter across the grass, before trundling the kids off to the family car (12 MPG, leaded gas, with no emissions control).

Mad Men‘s magic was culture clash, the shocking contrast between the oblivious then – sexism, homophobia, humans as ashtrays – and our enlightened now.  What makes the picnic scene so memorable is the gobsmacking environmental thoughtlessness of that era, in which the only things green were money and envy.

And my, how far we’ve come.  We reduce, reuse, and recycle. Some of us compost, and others glare at the poor souls who still occasionally litter.  We spend extra money for energy-efficient vehicles and appliances.  We tend to buy local and organic, and we worry about chemicals in our food and water.  Most folks are concerned about climate change and believe we need to change human behavior to slow it.  In short, we devote significant thought, time, effort, and resources to be environmentally responsible.

At the same time, we remain completely oblivious to the swirling plumes of data exhaust we emit every day, and the toxic accumulations of data in the landfills of our devices, servers, and cloud accounts.  When it comes to data pollution, guess what – we’re Don and Betty.

Continue Reading Earth Day and data pollution

Twenty percent solutionOK, IT mavens, listen up…how much better would your life be if you only had to manage and protect 20% of your company’s data? By eliminating 80% of your data you could free up oodles of storage, reduce licensing costs, shorten backup cycles, and drastically cut e-discovery preservation costs, not to mention go home on time for a change.  For most this is an unrealistic pipe dream, but it doesn’t need to be.  The trick is knowing which 20% to manage.

Continue Reading The 20% solution for information management and security

Destroyed CDs - shredded by a shredder.It lingers on – that vaguely guilty feeling that there’s something sanctionable, even illegal, about routinely destroying business data.  That’s nonsense.  It is well-settled United States law that a company may indeed dispose of business data, if done in good faith, pursuant to a properly established, legally valid data retention schedule, and in the absence of an applicable litigation preservation duty.

Even the courts themselves dispose of their data.  Federal courts are required by U.S. law to follow a retention schedule approved by NARA, and to ultimately destroy records or transfer them to the Federal Records Center, as directed by that retention schedule.

Here are but a few of the many case decisions on this point:

Continue Reading Why govern your information? Reason #6: It’s OK to destroy your data.

Monster Ant“What if ants were as big as dinosaurs?”  I remember asking my kids that question, forever ago when they were young.  Maybe the thought came from reruns of old monster movies, like the 1954 classic Them! (pictured here).  Anyway, it was a cool game, for as the ant’s size multiplies, the laws of math, physics, and biology play their part:

  • The ant’s exoskeleton wouldn’t be strong enough to support the increased weight, so an internal skeleton is needed.
  • Gravity would play havoc with the ant’s open circulatory system, so a closed system is crucial.
  • The ant’s energy needs would soar, and so a different diet and digestive system are required.
  • The ant’s newfound size would totally alter its place in the food chain (The Lion King, “Circle of Life,” right?), driving fundamental changes in behaviors and capabilities.
  • And on, and on.

Until, we finally end up with an ant the size of a dinosaur … that looks a lot like a dinosaur.

But what’s this have to do with Information Governance?

Continue Reading Ants, Dinosaurs, and Information Governance

Baby playing with phoneThere’s been a lot of news lately about “secret” messaging in government, including inside the White House and the EPA, and last week’s revelation that Vice President Pence conducted state business with a private email account while Governor of Indiana. So there’s lots of angst right now about under-the-radar communications.  When you think about it, though, it’s really old news tied to new technology.  The only difference is the growing sophistication of the tools in the last few decades.  Old School: clandestine meetings in parking garages.  New School: disappearing messages.

What is really at issue here is not the technology, but rather the implied intent of circumventing rules (if they exist), and whether or not the communications are records. By any measure, if the communication is a record as defined by public or private rules, it must be retained.  Herein lies the problem.

Continue Reading We’re still babes in the wood when it comes to electronic messaging

Vice President Mike PenceSorry to revive ugly memories of last fall’s vituperative presidential campaign, in which bile was spewed over candidate Clinton’s use of a private email server while Secretary of State, and its vulnerability to hacking.  Clinton eventually conceded that her use of a personal email server was a “mistake.”  Which it was, on so many levels.

Now, news reports indicate that Vice President Mike Pence, while Governor of Indiana, used a private email account (AOL, no less) to conduct state business.  And that some of the messages apparently contained sensitive law enforcement and Homeland Security information.  And that, unlike Clinton’s private server, Governor Pence’s personal email account was actually hackedAnd that the hack occurred (wait for it) last summer – in the midst of all of the self-righteous indignation over Clinton’s email practices.  Thankfully, Governor Pence and his wife were NOT stranded in the Philippines, and we did NOT need to wire them emergency funds.

These revelations will no doubt spur cries of bald-faced hypocrisy, and equally heated arguments that Pence’s situation is different than Clinton’s (AOL v. private server, Governor v. Secretary of State, sensitive Homeland Security information v. classified information, and so forth).

But here’s a thought – instead of yet another round of beating ourselves over the head with partisan cudgels, what if we tried something different this time?

Continue Reading So, Governor Pence used his hacked AOL account for state business – can we please now depoliticize data security?

Bean of Chicago Millennium Park, Illinois, USAIt happens every day.  A company spends a huge amount of money on a new technology system, without fully addressing the information implications.  Maybe the decision (to move on-premise operations to a cloud SaaS or PaaS, or to retire and replace an enterprise database, or buy a comprehensive new tool suite) was reactive, driven by an impending crisis.  Maybe the decision-making was siloed, with IT not clearly hearing what the rest of the business truly needs (or more likely, the rest of the business not speaking up).  Or maybe IT just responded literally to a business directive of the moment (let’s get into IoT, or Big Data, or Blockchain!).  Regardless, the green light is lit, the dollars are spent … and problems ensue, painfully multiplying the procurement’s all-in cost.

What was missing? Strategic consideration of repercussions for information compliance, risk, and value for the organization as a whole, including privacy, data security, retention/destruction, litigation discovery, intellectual property, and so forth.  In other words, Information Governance.  And when was it missing?  Before the decision was made and the dollars were spent.

So, what if something could be hard-wired into the procurement process, a trigger that timely prompted decision-makers to call time-out; get focused input from all stakeholders; assess the repercussions for information compliance, risk, and value; and align the procurement requirements and purchase decisions with organizational strategy for governing information?

Continue Reading X Percent for Information Governance