Poor data. Though more essential to business than ever before, data is simultaneously frustrating for its inaccessibility, intimidating in its volume and complexity, distrusted for its unreliability, maligned for its management costs, and feared for its litigation, privacy, and security risks.
But let’s not cast business data as the culprit. Data is basically inert. It sits where we store it, goes where we send it, does what we (or some system programmer) tell it to do, and is as secure as the safeguards we provide. Data is not the “actor” – good, bad, or indifferent. We are.
If we’re honest with ourselves, we can see that most every problem we experience with business data has its root in what people do, or fail to do, as individuals, work teams, or organizations:
- Individuals create, send, and keep ill-advised content, while work teams and organizations allow a culture in which such lack of discretion is tolerated.
- Individuals keep e-mail, office documents, and other unstructured data way too long, beyond any legal requirement or business need, while organizations fail to provide clarity about retention rules and straightforward means of compliance.
- Individuals stash data in inconsistent, uncontrolled locations, and can’t find it later, while organizations are largely silent on how and where such data should be stored to best serve the organization’s needs.
- Individuals bypass information security safeguards, use weak passwords, and succumb to phishing, while organizations neglect the human element of data security exposures.
- Individuals misunderstand and misuse powerful technology tools, creating costs and exposures, while organizations provide the tools without adequately clear expectations and accountability for their prudent use.
- Individuals and work teams make decisions about technology systems and information processes based on their own, parochial needs and perspectives, while organizations tolerate a siloed, disjointed approach to information cost, risk, and value.
When we blame data for our problems, we shift responsibility to the data, thereby surrendering our ability to respond. It’s as if the data somehow controls us, rather than the other way around.
People don’t have data problems – people have people problems with data.
This all may sound harsh, even judgmental, yet that’s not the point. The point is actually good news. Because the vast majority of our problems with business data arise from us, rather than some mysterious malevolence of data and technology beyond our control, it follows that solutions for our problems with data are also within our reach. The key is to bring the right perspective, and the right stakeholders, to the table; view information problems and opportunities holistically; and then act strategically. The name for this strategic perspective, and also the means for acting upon it, is information governance. Information governance is an organization’s strategic approach to managing data compliance, cost, and risk while maximizing information value.
This law blog explores how organizations can apply information governance to real-world issues of data privacy, data security, data retention, defensible disposition, and litigation discovery. We’ll also have some fun along the way. Hope you’ll join us.