They say that the right time to plant a tree is yesterday. In a world of data dangers and opportunities, the time to elevate how your business governs its information is now. That’s easy to say, but with all of the conflicting priorities facing companies today, for many it’s hard to get started, or to push ahead. Sometimes it helps to revisit why an effort is worthwhile.
So, here are a dozen reasons why your organization should redouble efforts to govern its information, in 2019 and beyond:
“If your clients don’t have a records management system, they may as well take their money out into the parking lot and set it on fire.” Former District Court Magistrate Judge John Facciola
We know, because we track them. Your regulators expect you to know them too.
“You’re going to be hacked. Have a plan.” Joseph Demarest, FBI Cyber Division
Hacked company systems frequently contain two, three, or even four times more data than was needed for retention compliance or any valid business purpose. It’s not possible for a breach to compromise the security of information that compliantly no longer exists.
In our data-driven world, how well your organization manages information tells you, and tells the world, how well you manage your business.
More storage is simply a reaction, not a strategy. And adding technology tools, without the right rules, only makes things worse, not better.
Disposal of data in good faith, pursuant to a compliantly established and legally validated data retention schedule, and absent an applicable litigation preservation duty, is both responsible and defensible.
Actually … data is simply data. Calling some data “bad” distracts us from the true issue, which is the quality of our business practices in creating, retaining, and using information to make decisions.
Your litigation preservation duties do not vanish for information hosted elsewhere but still in your control; your data security obligations do not evaporate when you house protected data with a service provider; your imperatives of data integrity and accessibility have no exceptions based merely on data storage location; and your records retention and destruction rules do not disappear if your data is hosted remotely. You still need to govern information compliance and risk for your data in other’s custody.
Companies commonly possess third-party data. If your agreements don’t clarify permissible use, ownership of derivative information, retention/disposition, privacy, security, and litigation preservation and production obligations, you have risks and exposures without any rules to protect you.
Privacy, data security, retention, litigation preservation, and defensible disposition aren’t separate issues. They all interrelate, springing from the data itself. How you handle information compliance, cost, risk, and value should be integrated as well, in an information governance strategy.
And that leaves the single most important reason of all:
1. Regardless of industry, you’re in the information business.
It doesn’t matter what products you sell or services you provide. In today’s world, the success of your business – indeed, its viability – turns upon information.
Consider the attention and resources you apply to your other strategic assets, such as your finances, your facilities and equipment, and your people. You make those investments because it would be foolish not to manage their value, costs, and risks. Your information deserves no less.
So … it’s time to plant that tree.