Fried egg on the sidewalk
“This is your information, ungoverned.”

2017 was rife with data dangers.  Nary a day passed without headlines of massive data breaches and ransomware attacks; Russian election-meddling through WikiLeaks and social media; fake news; and presidential tweet-storms.  Disruptive information-driven technologies continued to emerge, from block-chain to biometrics, IoT, AI, and robotics.  Meanwhile, the sheer volume of our personal and business data inexorably grew.

What better way to start 2018 than with a renewed commitment to Information Governance?  So, here are a dozen reasons why your organization should govern its information, in 2018 and beyond: 

12. Unnecessary business data causes unnecessary litigation costs.

“If your clients don’t have a records management system, they may as well take their money out into the parking lot and set it on fire.” District Court Magistrate Judge John Facciola

11. Thousands of federal and state records retention laws apply to your company.

We know, because we track them.  Your regulators expect you to know them too.

10. It’s a when, not if, world for data breaches.

“You’re going to be hacked.  Have a plan.” Joseph Demarest, FBI Cyber Division

9. Unnecessary business data multiplies data security exposures.

Hacked company systems frequently contain two, three, or even four times more data than was needed for retention compliance or any valid business purpose.  It’s not possible for a breach to compromise the security of information that compliantly no longer exists.

8. It can build – or bust – your brand.

In our data-driven world, how well your organization manages information tells you, and tells the world, how well you manage your business.

7. Merely adding more storage or more tools won’t solve your data problems.

More storage is simply a reaction, not a strategy.  And adding technology tools, without the right rules, only makes things worse, not better.

6. It’s OK to destroy your data.

Disposal of data in good faith, pursuant to a compliantly established and legally validated data retention schedule, and absent an applicable litigation preservation duty, is both responsible and defensible.

5. Bad information results in bad decisions.

Actually … data is simply data.  Calling some data “bad” distracts us from the true issue, which is the quality of our business practices in creating, retaining, and using information to make decisions.

4. Your information is in others’ custody … but you’re still responsible for it.

Your litigation preservation duties do not vanish for information hosted elsewhere but still in your control; your data security obligations do not evaporate when you house protected data with a service provider; your imperatives of data integrity and accessibility have no exceptions based merely on data storage location; and your records retention and destruction rules do not disappear if your data is hosted remotely. You still need to govern information compliance and risk for your data in other’s custody.

3. “Your” information may belong to others … and you’re responsible to take care of it.

Companies commonly possess third-party data.  If your agreements don’t clarify permissible use, ownership of derivative information, retention/disposition, privacy, security, and litigation preservation and production obligations, you have risks and exposures without any rules to protect you.

2. Your information exposures, risks, and opportunities are all connected, arising from a single source – your data. Your response strategies should be synchronized too.

Privacy, data security, retention, litigation preservation, and defensible disposition aren’t separate issues. They all interrelate, springing from the data itself.  How you handle information compliance, cost, risk, and value should be integrated as well, in an information governance strategy.   

… and that leaves the most important reason of all:

1. Regardless of industry, you’re in the information business.

It doesn’t matter what products you sell or services you provide.  In today’s world, the success of your business – indeed, its viability – turns upon information.

Consider the attention and resources you apply to your other strategic assets, such as your finances, your facilities and equipment, and your people.  You make those investments because it would be foolish not to manage their value, costs, and risks.  Your information deserves no less.