information management

Am I Drunk signWe’re addicted to information, but we can’t stand to think about it again once we’ve seen it, saved it, hoarded it.  Why?  We collect or create it in the moment, but have no thought or plan for its future.  Even when it was once and briefly useful, neglected information soon becomes the effluvium of our digital landfills.  And, like most landfills, the odor is disagreeable and no one wants to be near it.

Pinterest and the P:\ Drive

There is little doubt that social and cultural factors exacerbate and feed our addiction.  The immediate gratification of social media interactions, and the availability of “productivity” tools and data storage accelerate the accumulation of information.  “People hoard because they believe that an item [information] will be useful or valuable in the future. Or they feel it has sentimental value, is unique and irreplaceable . . . . They may also consider an item [information] a reminder that will jog their memory, thinking that without it they won’t remember an important person or event. Or because they can’t decide where something belongs, it’s better just to keep it.

How to Change

Addiction draws us into information overload, but our aversion to uncertainty keeps us from managing what we save or create.  Part of the challenge is that it’s just too hard to focus on something so big, yet so invisible.  We’ve all read the stats on how much information is created each year, but who understands how much 5 exabytes of information is anyway?   It’s beyond our tactile experience—like knowing how many gallons of water are in the ocean, or stars in the sky.

In thinking about change, Tali Sharot, associate professor of cognitive neuroscience at University College London, proposes, “Messages that tap into basic human desires — such as the need for agency, a craving for hope, a longing to feel part of a group — are more likely to have impact.”

In a previous post I talked about the consequences of allowing our private selves to bleed into our work selves.  The answer comes back to the summary of human desires, “what’s in it for me”?  So, using Dr. Sharot’s examples, I add here to the list of things we can do for ourselves, and ultimately for our organizations: Continue Reading Addiction and aversion … the yin and yang of information

clouds and lightningIf you’re old enough, you’ll remember a time when businesses actually kept their own information (cue my adult children to roll their eyes).  How quaint.  We no longer keep most of our information – providers do that for us.  We store our data in the cloud, through cloud providers.  We outsource business applications to SaaS providers, and even entire systems as PaaS.  And we increasingly use service providers to handle key aspects of our business that we used operate internally, resulting in a robust flow of data out of our businesses to such providers, and also the providers generating, receiving, and retaining huge data troves on our behalf.

But we’re still accountable for our information in others’ hands:

  • Litigation – the scope of permissible discovery, and of the preservation duty, extends not only to data in our possession or custody, but also to data within our control.       
  • Data security – we’re generally responsible for data breaches suffered by our service providers.  Under most breach notification laws, including HIPAA and state breach notification statutes, our service providers must notify us of data breaches, but we are still responsible for providing notice to affected individuals and regulators.  Regardless, in the wake of a service provider data breach, we’re in the hot seat.
  • Business Continuity – if we need to promply restore data due to ransomware or other causes of business interruption, it doesn’t matter who’s the custodian – all that matters at that moment is timely and effective restoration.
  • Retention – third parties retaining information longer (or shorter) than our retention schedule cause us to be at best inconsistent and out of compliance with our information management policies.  At worst?  See Litigation, Data Security, and Business Continuity above.

Our litigation preservation duties do not vanish for information hosted elsewhere but still in our control; our data security obligations do not evaporate when we house protected data with a service provider; our imperatives of data integrity and accessibility have no exceptions based merely on data storage location; and our records retention and destruction rules do not disappear if our data is hosted remotely. In other words, we still need to govern information compliance and risk for our data in other’s custody.

And this is a perfect example of the value of Information Governance. A key benefit of the IG perspective is that it enables organizations to take useful strategies from one established discipline and apply them more broadly. The importance of service provider controls is well-established in the data security discipline. For example: Continue Reading Why govern your information? Reason #4: Your information is in others’ custody … but you’re still responsible for it.

“GarGarbage Dumpbage in, garbage out” – we know that already, right?  Well … what we know about information quality and what we do are not always in sync. Just for kicks, consider information quality through the lens of the industrial quality movement.

Looking down from 30,000 feet, the history of industrial quality goes something like this – Medieval Guild craftsmanship, then Industrial Revolution product inspection, and then the post-World War II focus on quality process management.  It sounds arcane, until one remembers the 1980’s visceral fear that Japanese manufacturers were beating the pants off of U.S. manufacturing in terms of quality and value. Enter W. Edward Deming, who had been deeply influential in Japan’s post-war industrial recovery, and who became the evangelist for quality management practices in U.S. industry.  Deming exhorted American management to adopt product and service quality as the driving force in all business practices.

What’s that got to do with Information Governance?  It’s this – regardless of industry, in today’s world you’re actually in the information business.  So, business quality increasingly means information quality.   Continue Reading Why govern your information? Reason #5: Bad information results in bad decisions.

Business woman screaming at laptopMany years ago, before common sense kicked in, I thought it would be a good idea to rent a storage space for all the extra furniture and other stuff I could not fit in my new house.  Knowing it would only be temporary, I stashed everything from upholstered and leather furniture, to boxes of books.  Fast forward twelve months.  The rental agreement was expiring, and I realized that I would never need nor have room for all that I’d stored, so I decided to have a sale to dispose of it.  When I went to the storage space I was horrified to see that everything was covered in a thin film of mold.  (This was years before climate-controlled storage was widely available.)  I had no choice but to trash it all, which both cost me money and prevented me from converting my goods to profit.

I was reminded of this long-ago event when I heard about the latest ransomware attack.  We’ve been reminded countless times of the importance of backup, and ransomware is only the most recent reason.  If you have ever had a hard drive fail, you know the pain that comes with irretrievable data.

So what happens when your backup media fails.? Or your archival media?  Don’t CDs last forever? Continue Reading Backup failure in the age of ransomware

Dr. Lawrence WeedAmerican architect Louis Sullivan, who coined the iconic phrase “form ever follows function,” was flat wrong – at least when it comes to the relationship of what we do and how we capture it with data.  The reality is instead that the medium shapes the message, and that record-keeping alters the processes it records.  Need a current example?  One only has to consider how the President’s staccato bursts of tweets now drive public attention, media focus, and policy debates, both domestically and abroad.

But a more profound example is the life’s work of Dr. Lawrence Weed, who passed away last week at age 93.   Continue Reading With business processes and records, we have it backwards – function follows form

disk cleanupIn a previous post I suggested that Information Technology is really in a good position to help identify and clean up ROT (redundant, obsolete, and trivial information).  Sometimes, though, IT needs a helping hand to get the attention of those who can approve a budget for clean-up initiatives.  Here’s where Audit comes in.

Over the years, I’ve seen many information governance clean-up programs come to life in the wake of an expensive e-discovery effort, or an embarrassing and costly data breach.  Needless to say, such events draw the attention of the C-suite and boards of directors.  That attention usually translates into emergency funding and action to shut down e-mail retention, delete old files, and generally do what should have been done all along: better manage information.  Audits, whether external or internal, can serve the same function.

Continue Reading InfoSec Audit’s role in cleaning up ROT

When Earth Day rolls around each year, I can’t heEarth in human handslp but think of the picnic scene from Mad Men.  After Don Draper chucks his empty beer can into the pond, Betty snaps the blanket, dumping their litter across the grass, before trundling the kids off to the family car (12 MPG, leaded gas, with no emissions control).

Mad Men‘s magic was culture clash, the shocking contrast between the oblivious then – sexism, homophobia, humans as ashtrays – and our enlightened now.  What makes the picnic scene so memorable is the gobsmacking environmental thoughtlessness of that era, in which the only things green were money and envy.

And my, how far we’ve come.  We reduce, reuse, and recycle. Some of us compost, and others glare at the poor souls who still occasionally litter.  We spend extra money for energy-efficient vehicles and appliances.  We tend to buy local and organic, and we worry about chemicals in our food and water.  Most folks are concerned about climate change and believe we need to change human behavior to slow it.  In short, we devote significant thought, time, effort, and resources to be environmentally responsible.

At the same time, we remain completely oblivious to the swirling plumes of data exhaust we emit every day, and the toxic accumulations of data in the landfills of our devices, servers, and cloud accounts.  When it comes to data pollution, guess what – we’re Don and Betty.

Continue Reading Earth Day and data pollution

Twenty percent solutionOK, IT mavens, listen up…how much better would your life be if you only had to manage and protect 20% of your company’s data? By eliminating 80% of your data you could free up oodles of storage, reduce licensing costs, shorten backup cycles, and drastically cut e-discovery preservation costs, not to mention go home on time for a change.  For most this is an unrealistic pipe dream, but it doesn’t need to be.  The trick is knowing which 20% to manage.

Continue Reading The 20% solution for information management and security

Destroyed CDs - shredded by a shredder.It lingers on – that vaguely guilty feeling that there’s something sanctionable, even illegal, about routinely destroying business data.  That’s nonsense.  It is well-settled United States law that a company may indeed dispose of business data, if done in good faith, pursuant to a properly established, legally valid data retention schedule, and in the absence of an applicable litigation preservation duty.

Even the courts themselves dispose of their data.  Federal courts are required by U.S. law to follow a retention schedule approved by NARA, and to ultimately destroy records or transfer them to the Federal Records Center, as directed by that retention schedule.

Here are but a few of the many case decisions on this point:

Continue Reading Why govern your information? Reason #6: It’s OK to destroy your data.

Monster Ant“What if ants were as big as dinosaurs?”  I remember asking my kids that question, forever ago when they were young.  Maybe the thought came from reruns of old monster movies, like the 1954 classic Them! (pictured here).  Anyway, it was a cool game, for as the ant’s size multiplies, the laws of math, physics, and biology play their part:

  • The ant’s exoskeleton wouldn’t be strong enough to support the increased weight, so an internal skeleton is needed.
  • Gravity would play havoc with the ant’s open circulatory system, so a closed system is crucial.
  • The ant’s energy needs would soar, and so a different diet and digestive system are required.
  • The ant’s newfound size would totally alter its place in the food chain (The Lion King, “Circle of Life,” right?), driving fundamental changes in behaviors and capabilities.
  • And on, and on.

Until, we finally end up with an ant the size of a dinosaur … that looks a lot like a dinosaur.

But what’s this have to do with Information Governance?

Continue Reading Ants, Dinosaurs, and Information Governance