Majestic giant redwood treesThey say that the right time to plant a tree is yesterday.  In a world of data dangers and opportunities, the time to elevate how your business governs its information is now.  That’s easy to say, but with all of the conflicting priorities facing companies today, for many it’s hard to get started, or to push ahead.  Sometimes it helps to revisit why an effort is worthwhile.

So, here are a dozen reasons why your organization should redouble efforts to govern its information, in 2019 and beyond: 

12. Unnecessary business data causes unnecessary litigation costs.

“If your clients don’t have a records management system, they may as well take their money out into the parking lot and set it on fire.”  Former District Court Magistrate Judge John Facciola

11. Thousands of federal and state records retention laws apply to your company.

We know, because we track them.  Your regulators expect you to know them too.

10. It’s a when, not if, world for data breaches.

“You’re going to be hacked.  Have a plan.” Joseph Demarest, FBI Cyber Division

9. Unnecessary business data multiplies data security exposures.

Hacked company systems frequently contain two, three, or even four times more data than was needed for retention compliance or any valid business purpose.  It’s not possible for a breach to compromise the security of information that compliantly no longer exists.

8. How you govern data can build – or bust – your brand.

In our data-driven world, how well your organization manages information tells you, and tells the world, how well you manage your business.

7. Merely adding more storage or more tools won’t solve your data problems.

More storage is simply a reaction, not a strategy.  And adding technology tools, without the right rules, only makes things worse, not better.

6. It’s OK to destroy your data.  Really.

Disposal of data in good faith, pursuant to a compliantly established and legally validated data retention schedule, and absent an applicable litigation preservation duty, is both responsible and defensible.

5. Bad information results in bad decisions.

Actually … data is simply data.  Calling some data “bad” distracts us from the true issue, which is the quality of our business practices in creating, retaining, and using information to make decisions.

4. Your business data is in others’ custody … but you’re still responsible for it.

Your litigation preservation duties do not vanish for information hosted elsewhere but still in your control; your data security obligations do not evaporate when you house protected data with a service provider; your imperatives of data integrity and accessibility have no exceptions based merely on data storage location; and your records retention and destruction rules do not disappear if your data is hosted remotely. You still need to govern information compliance and risk for your data in other’s custody.

3. “Your” data may belong to others … and you’re responsible to take care of it.

Companies commonly possess third-party data.  If your agreements don’t clarify permissible use, ownership of derivative information, retention/disposition, privacy, security, and litigation preservation and production obligations, you have risks and exposures without any rules to protect you.

2. Your information risks, and opportunities are all connected, arising from a single source – your data. Your response strategies should be synchronized too.

Privacy, data security, retention, litigation preservation, and defensible disposition aren’t separate issues. They all interrelate, springing from the data itself.  How you handle information compliance, cost, risk, and value should be integrated as well, in an information governance strategy.   

And that leaves the single most important reason of all:

1. Regardless of industry, you’re in the information business.

It doesn’t matter what products you sell or services you provide.  In today’s world, the success of your business – indeed, its viability – turns upon information.

Consider the attention and resources you apply to your other strategic assets, such as your finances, your facilities and equipment, and your people.  You make those investments because it would be foolish not to manage their value, costs, and risks.  Your information deserves no less.

So … it’s time to plant that tree.