SARS-Cov-2 CoronavirusIt’s been a challenging 2020, as each of us adapts to our new pandemic reality.  In the United States as of today, Covid-19 has infected more than 2.4 million and taken the lives of over 124,000, with southern and western states surging ahead of the northeastern states as Covid hot-spots.  Meanwhile, in the wake of state and local stay-at-home orders,  United States unemployment has exploded, businesses (particularly small businesses) remain under stress, and the economy is in recession.

There’s a growing realization that the U.S. response to this pandemic could have been more timely, more organized, and more effective.  So, in the spirit of finding the pony in these strange, troubling times, it’s worthwhile to explore what lessons we can learn from our pandemic response, and how these lessons can be applied to how our organizations manage information.  Doing so reminds us of four fundamental insights about Information Governance.  I’ll be posting on each of these in more detail, but for now, here are the key points:

  • Understanding risk matters.  It’s a fact that novel viruses can proliferate, and it’s a certainty that data proliferates.  At any given moment the risks may seem remote, but the risks are nevertheless there, and the repercussions of simply ignoring those risks can be devastating.
  • Planning matters.  It takes time to assess risks, develop a plan, and put in place the rules, tools, and resources to manage those risks.  Like procrastinating until a virus becomes a pandemic, waiting until there’s a data breach, or a large-litigation preservation duty, or a business continuity or enterprise data system failure, is at best hugely and unnecessarily expensive, and at worst it can be disastrous.
  • Testing the plan matters.  The 2018 Clade X pandemic tabletop exercise, hosted by Johns Hopkins Center for Health Security in Washington D.C., identified significant gaps in our pandemic preparedness, and the U.S. government’s 2019 Crimson Contagion simulation of an influenza epidemic revealed massive holes in our response capabilities. Organizations that test their information governance capabilities with audits, reviews, and tabletop exercises will see how to improve their systems for retaining, securing, and compliantly disposing of information.  Data is not static, and dynamic risks require a dynamic governance response, so reviewing, exercising, and improving the program is essential.
  • Commitment matters.  Though hindsight is 20/20, it seems clear that the U.S. actually unwound and defunded many elements of our pandemic preparedness that were in place before 2020.  There were surely “competing priorities” in 2018 and 2019, but we are now paying a massive price for our lack of commitment to pandemic preparedness.  Similarly, there are always competing priorities for organizations, and it is tempting to lose focus on governing information, especially if all seems like smooth sailing in the moment.  But like pandemic preparedness, the point of managing information is to stay ahead of the curve, so that when data-related risks become today’s reality, the organization is prepared.

How we remember and apply these lessons can make the difference in the long-term success, if not the survival, of our organizations.  Because whether history repeats or merely rhymes, organizations that assess risk, plan, evaluate, and remain committed to Information Governance will do better than those that fail to do so.