information governance

Subscribe to information governance via RSS

Endless book tunnel in Prague libraryAs the information tide relentlessly rises, many organizations simply see an IT problem, to be fixed with a purely IT solution – more storage capacity, more tools, or both.  But merely adding more storage is a reaction, not a strategy.  And adding technology tools without the right governance rules invariably makes things worse, not better.

This is not a criticism of your IT team.  Instead, the problem lies in a misunderstanding of the fundamental challenge.  Just as you shouldn’t bring a knife to a gun fight, you shouldn’t merely bring more storage capacity and IT tools-without-rules to your fight to regain control over your organization’s information.  What’s needed is governance.

Continue Reading Why govern your information? Reason #7: Merely adding more storage and more tools won’t solve your data problems

Chained wallet. Conception of blockchain, finance security and protection

I had been thinking about writing a post on Blockchain when I happened across the Washington Post’s In/Out List for 2017, and that sealed the deal:

Out:  Not being able to explain Bitcoin.

In:     Not being able to explain Blockchain.

So, feeling up to the challenge, here goes.

Blockchain is really just a distributed, shared database technology. Its use demands that multiple, untrusted entities (such as different companies in a supply chain) write transactions to multiple, duplicate copies of the database that propagate through peer-to-peer protocols.  Each node (or copy) of the database verifies the transaction independently by requiring the transaction to be confirmed in a blockchain.  The blockchain is chronological, and the database can only be changed when there is consensus among the participants.  Most important for the discussion here, however, is that the transactions and the distributed database are claimed to be immutable and permanent.  And that’s a real problem for information governance.Continue Reading Blockchain – “Shiny Object Syndrome”?

Viral Shares and Likes.I put off writing this post for months, because I found the April news item so profoundly disturbing.  But as I reflect on the past year, now that 2016 has finally come to a close, it strikes me that one detail of this news story metaphorically captures a deep and troubling problem in our technology-fueled, dysfunctional relationship with information.

On February 27, in Columbus, Ohio, 18 year-old Marina Lonina used Twitter’s Periscope app on her phone to live-stream the rape of a 17 year-old high school friend.  The live video lasted at least 10 minutes, with no sign of Lonina doing anything of consequence to help her friend.  It took someone viewing live in another state to notify the authorities.

This is not a post about how crimes are increasingly captured through live streaming apps like Periscope.  Instead, what makes this story so chilling is the explanation for why Lonina didn’t try to stop the rape, while her friend was heard repeatedly saying “Please stop,” and “Please no.”

As reported by the New York Times, “Mr. O’Brien, the prosecutor, said Ms. Lonina had apparently hoped that live-streaming the attack would help to stop it, but that she became enthralled by positive feedback online.”  According to the prosecutor, “She got caught up in the likes.”
Continue Reading 2016: Blinded by the Likes

Wild Horses in Pens
https://www.kickstarter.com/projects/wildhorses/wild-horses-0

As a horsewoman, I have followed the plight of the American Mustang in recent years, and I am once again struck by parallels with the management—or lack thereof—of information.   Good intentions, poor execution.  Hopes that the problem would disappear.  Management by crisis.  Inattention leading to untenable yet continuing costs.   Fighting factions with competing agendas and differing views of the facts, with no resolution.

A little background:Continue Reading Roundups and records—it’s still the Wild West in 2016

A metal cattle brand with the word brand as the marking areaThe “business case” for information governance often focuses solely on quantifying specific costs for data management and exposures for data security and ediscovery.  Number crunching is of course important, but it misses something bigger, more strategic, and ultimately more crucial to the organization – its brand.  Companies, regardless of industry, are fundamentally in the information business.  It follows that how an organization manages its information assets reveals how the organization manages itself.  And that matters, a lot, because companies that align themselves with their brand, achieving brand discipline, are more successful.
Continue Reading Why govern your information? Reason #8: It can build – or bust – your brand

One Bullet in Gun Barrel Having too much data causes problems beyond needless storage costs, workplace inefficiencies, and uncontrolled litigation expenses.  Keeping data without a legal or business reason also exacerbates data security exposures.  To put it bluntly, businesses that tolerate troves of unnecessary data are playing cybersecurity roulette … with even larger caliber ammunition.
Continue Reading Why govern your information? Reason #9: Unnecessary business data multiplies data security exposures

Feeling sick and tired. Frustrated young man keeping eyes closed while sitting at his working place in officeMost enterprise information governance initiatives are event-driven: an expensive lawsuit, a system migration, a board or regulatory inquiry, a corporate move, and so on. Though there’s nothing wrong with being opportunistic in making IG progress, it can sometimes be too little, too late when a cybersecurity breach or some catastrophic event shines the light on decades of inattention.  How then do we become more proactive in improving how we manage information—arguably any company’s most valuable asset?

Inertia is a powerful thing. It keeps us from exercising regularly, from cleaning the garage, and myriad other “honey do’s.”  Not to mention the personal distractions of football, basketball, kids’ soccer, social media, Internet surfing, and just plain hanging out.  When we translate this combination of inertia and distraction to the workplace, however, our “home” selves get in the way of our “business” selves and organizational best interest.  It’s just too easy to put off examination of what is an increasingly consequential business need: ensuring compliance, managing risk, and extracting value from our information.  Effort is required.Continue Reading The crystallization of discontent: Finding the uber-ROI for information governance

Woman talking with alphabet letters coming out of her mouth.At least, that is, unless overheard, written, or recorded. Just ask anyone following the presidential campaigns.  Absent concrete evidence, spoken words evaporate and any discussion of them quickly devolves into the type of “he said, she said” game usually seen in low-budget television courtroom dramas and on playgrounds.  A few weeks ago, my colleague Peter Sloan posted All we really need to know about Information Governance we learned in kindergarten.  Let’s ponder an additional learning point from Mr. Fulgham:

When you go out into the world, watch for traffic.

Continue Reading Sticks and stones may break my bones, but words will never hurt me….

Hands pointing towards businessman holding head in hands concept for blame, accusations and bullyingBeing a CISO is a tough gig.  The perpetual deluge of news items on hack after hack, breach after breach, has finally conveyed that data security is an imperative for all companies, large and small.  But the perception still lingers that the Chief Information Security Officer (or the InfoSec team) will single-handedly prevent breaches at “our” company – and if one should occur, will take care of the response.  For some CISOs, it may feel like High Noon, all over again.

This is unfair to the CISO, and wrong on at least two counts.  First, regardless of the CISO’s job description, the full range of cyber risk exceeds the scope of the CISO’s practical control.  Second, effective breach response requires up to ten channels of coordinated activity, and nine of the ten fall outside of the CISO’s authority.Continue Reading Why govern your information? Reason #10: It’s a when, not if, world for data breaches