Unlike many buzzwords, however, IG is not old concept dressed up in new clothes—it’s a new way of looking at information management that combines the best of what’s come before with new perspectives and approaches to keeping information secure, accessible and available.
Bryn and Samantha do a great job in the latest issue of Legal Technology News describing the emerging executive role for IG professionals in law firms. Bryn has been working with several law firm clients to proselytize the role of the Chief Information Governance Officer, with some success. I would not be surprised to hear from Bryn about a CIGO being appointed in a law firm in 2015.
Law firms are strange creatures. They are not conventional businesses (some might say they are not businesses at all). They are collections of small businesses, each headed by partner with his or her own ideas about how their fiefdom should run. More law firms are trying to modernize their approach to business management, but the incumbent model is dominant.
This makes it particularly challenging to do “enterprise” things at law firms. It is hard – harder even than at traditionally managed corporations – to make anyone do anything. You have the additional challenge that the orthodox impetus for investing in IT – increased efficiency – is often politely acknowledged but bureaucratically resisted in law firms.
Ironically, law firms are organizations who would benefit most from IG. After all the document is the most common and concrete manifestation of what they do everyday. Documents enter in the form of research, evidence, legal instruments, and they go out in the form of pleadings, memos, briefs, and contracts. Improved management, security, access, workflow – the bedrock of content management and other disciplines that form the heart of IG – uniquely benefit law firms.
In addition, law firms have much to lose by not paying attention to IG. Law firms are awash in troves of incredibly sensitive and potentially market-shifting data. The bad guys are starting to wake up to this, as are the regulators.
In the wake of this summer’s massive hack attack at several Wall Street institutions, New York State’s top financial regulator convened a meeting with those institutions to talk about the security holes created by their suppliers – including law firms. In fact, the regulator has requested that the banks provide “any policies and procedures governing relationships with third-party service providers” and has said that banks must describe the process they use to assess the security of those providers.
“It is abundantly clear that, in many respects that a (financial services) firm’s level of cybersecurity is only as good as the cybersecurity of its vendors.”
Benjamin M. Lawsky, New York State financial regulator (as quoted here)
Law firms are called out for special attention, and for good reason. Law firm’s atavistic suspicion of technology must come to an end. When big, powerful clients realize that their gold-plated IG programs have gaping holes skinned only with balsa wood because of poor planning, coordination, and management by their law firm partners, law firms will be in for a shock.
Surely we are all realize that a security breach at Company X does not only affect Company X. The current disaster at Sony which revealed private and sensitive information about hundreds of business partners is a stark reminder of that.
Organizations have little hope of tackling the complex morass of information issues without a central, senior coordinating function.
That is why I believe the only way out of this problem is the Chief Information Governance Officer. That is why the IGI will be focusing heavily on this in 2015 and will be hosting our national Chief Information Governance Officer Summit on May 20-21 2015 in Chicago. Come join us.
We Don’t Know Ourselves
Imagine that you want to lose weight. You have tried cutting back, but it hasn’t really helped. Maybe you should get a little more exercise. Maybe you should eat less fat. Or is it sugar? Greek yogurt is supposed to help. Am I really drinking enough coconut water? Who knows? So you mention it to your doctor, or make an appointment with a dietician, or perhaps sign up with a club or clinic that specializes in weight loss. What is the first thing that they ask you to do? Keep a food log. A diary. Write down what you eat, record the exercise you do, and then report back in a couple of weeks so they can give you a customized recommendation.
Great! You have a made a positive decision to take charge of your health.
The first day you are on top of it, and even pretty honest. That corned beef hash that you accidentally ate at the diner when you stopped in for coffee? In the diary. The late-night bowl of sugary flakes? In the diary. Day two, only the good stuff goes in the diary, and a few days later you are still making a half-hearted attempt until finally, you just find yourself scribbling down a bunch of made up stuff in the waiting room moments before your next appointment.
For decades, the self-reported diary has been the primary research tool for studying and measuring our eating, sleeping, and other behaviors; the foundation of efforts to help us change those behaviors. But, it doesn’t really work. It is a fantasy.
The Quantified Self
New technology offers a different approach. In the past few years we have spent millions of dollars on a host of devices and apps that passively track our behaviors. Products from FitBit, Nike, Jawbone, Garmin and others. The theory of this technology, or movement (called “The Quantified Self” by some), is that more data – and more accurate data – about our behavior will help us understand ourselves better, and thus provide a foundation and methodology for improving ourselves.
Today’s technology tracks our steps, sleep patterns, communication habits, and more. Tomorrow’s technology will automatically log the food we eat, its caloric and nutritional components, and its effect on our bodies. This passive tracking of data clearly is a more realistic approach for us fragile, distracted, willpower-exhausted humans. The machine collects the data in clever way. The algorithms automate the analysis of the data to give us insight into our habits and patterns, and help us track our progress towards a goal.
Of course this approach to problems – any kind of problem – is de rigueur. We know it as Big Data and it is prescribed as a solution to everything from unemployment to world hunger.
We are bringing the Quantified Life philosophy to companies, governments, and to entire nations. Tomorrow we will have the Quantified Organization, with the promise that decisions based on tradition and superstition are replaced by decisions based on facts and evidence.
The Quantified Organization
It is easy to be cynical about Big Data. Sometimes I am. But mostly I get it and I believe it. Clearly it raises a host of business, policy, legal, ethical, and societal issues. In any case, it doesn’t matter whether I get it or not: it will be the way that we function as organizations – and increasingly, as individuals – moving forward.
The idea that we should make decisions based on facts or evidence as opposed to tradition, intuition, and superstition of course derives from the Enlightenment and the scientific method itself. But even in areas where you might expect that this approach is already baked in, there has been a push to focus on the evidence. In the 1990s, for example, the concept of “evidence-based medicine” (or “evidence-based practice”) was introduced into the medical field and has since taken hold as an operating philosophy in branches of medicine from optometry to dentistry.
Evidence-based practice is defined as:
Applying the best available research results (evidence) when making decisions about health care. Health care professionals who perform evidence-based practice use research evidence along with clinical expertise and patient preferences. Systematic reviews (summaries of health care research results) provide information that aids in the process of evidence-based practice.
If the practice of medicine – which has embraced the scientific method for over a century – can benefit from a heightened focus on evidence-based decisions and policy, then surely there are other practices that could benefit from it as well. Any come to mind?
How about Information Governance?
Evidence-Based Practice and Information Governance
Today in IG we make so many decisions, and craft so many policies, based on nothing more that tradition and superstition. This is especially prevalent in the records and information management (RIM) facet of IG, but it exists elsewhere as well. Why do we have 1000 categories in our records retention schedule? Because that’s the way the last guy did it. Because we inherited the schedule from a company we acquired. Because Janice liked it that way. Because that’s the right way. Because that’s what makes the most sense to me. Because that’s what my old boss told us to do. Because that is what the consulting company sold us.
Where is the evidence?
What is true?
Are these justifications based on anything more than tradition, superstition, or office politics?
I propose a new focus for IG practitioners – a focus on Evidence-Based Information Governance. This philosophy should be embedded in everything we do in IG. It is egregious that we wave our hands magically and use purely anecdotal evidence to create fear around information risk. The risk of a spoliation charge in a litigation, for example. How often does it happen? What is the risk of it happening? Go look it up for yourself.
We need to bring evidence into the practice of IG. We need evidence to quantify value. To quantify risk. Evidence to make decisions about how much time, money and effort we should put into managing specific kinds of information.
It is shameful that today, in 2014, this is the exception rather than the rule in IG.
Today we have incredible tools that can easily shed light on our information to give us the visibility and the evidence we need to make good decisions. Go take a look at the providers who support the IGI as an example, as a starting point.
Anyway this post is getting a little long.
But I am passionate about this idea, and will write and work to advance this idea.
Let me know what you think.
Yesterday I published my first blog post on LinkedIn about the most fascinating subject known to people-kind: the definition of information governance. Believe me, this wasn’t my first blog post on the topic, just the first time I had published on LinkedIn. Anyway, in the post I discussed the definition we are advancing at the Information Governance Initiative and talked a little about my history with IG. My post came in the midst of some great back and forth among folks like @parapadakis, @piewords, @schellberg, @jimerrifield, @chris_p_walker, and @rlayel on Twitter and great blog posts by George, James, John, Laurence and others about the core concepts of IG. Who knows if anyone outside this circle finds the subject as fascinating as us, but what the hell, long tail and all that.
Anyway, today George published a thoughtful critique of the definition. Earlier in the day I was reading about a back and forth between a New York Times columnist and Walmart that has gone viral. It’s pretty interesting and funny (I mean the exchange, not the underlying issues being discussed) and feels like an important moment in how social media is radically changing the way that organizations interact with the media outlets who cover them. In any case, I was inspired (not that my output is “inspired) to steal the technique, and pulled out my virtual red pencil to respond to George’s post, hopefully with less snark that the Walmart exchange. I’ve never met George but I’m sure we are almost certainly much, much closer in our positions that the NYT columnist and the Walmart PR flack. Below is the relevant portion of George’s post, and my response. You can read the whole post here.
I was invited to participate in the LinkedIn publishing program, so I thought I would give it a shot, with my first post about the definition of information governance developed at the Information Governance Initiative, with the support of 93% of those we surveyed. Check it out here.
Pretty entertaining, and also from a case that is also interesting from an Information Governance perspective.
Just a quick post – came across this article when trying to fix a configuration issue with Apple Mail and Gmail, and I thought it nicely summed up the attitude I encounter from IT and others in our information governance engagements. Ask an attorney sometime if there really is “no harm in keeping tiny emails around in this age of ever-expanding storage space.” The drug dealers of the IG world have really done an incredible job convincing the addicts that the drug has no downside.
One of Gmail’s perks is a ridiculous amount of storage space, so Google has set it up to highly encourage archiving your email instead of having to make the decision to delete just some of it. After all, you never know if that rainy day will come next month or four years from now, and there’s no harm in keeping tiny emails around in this age of ever-expanding storage space.
More often that not, here’s what happens on that “rainy day,” in a depressing office park somewhere in the suburbs:
The company spent $900,000 to produce an amount of data that would consume less than one-quarter of the available capacity of an ordinary DVD.
RAND study on e-discovery, 2012
Now, folks outside of the IG and e-discovery bubble might reasonably think that, hey if there is ever a problem, I can just start deleting emails then, right?
Here’s a couple more quotes to consider.
And, my favorite