Last week I was lucky enough to spend a day working with my friend Jay Brudz (a partner at Drinker Biddle who also runs their e-discovery sub with IG guru Bennett Borden). Whenever we had a spare moment our conversation would drift back to our favorite topic: is Information Governance about risk or value?
The correct answer, of course, is both. But not always, and not at the same time.
First of all, on a macroeconomic level, the pendulum is always swinging between fear and greed/risk and value. Sometimes organizations circle the wagons, trim the fat, and break out a litany of clichés to cloak the fact that they are running scared. At other times, organizations light fat cigars, buy fancy umbrella holders, and spend money like the value of an American house will never decline.
So, there are macroeconomic factors that determine, generally, what motivates corporate spending and where management attention is focused.
This tension between risk and value is also driven by corporate culture. Some companies are simply more conservative than others – even those of similar size in the same vertical – and as such are more concerned about understanding and managing risk. Some companies build this conservatism into their marketing – especially in the financial services industry, where risk management and compliance typically has its own department (although the power of that office varies widely).
CEOs sometimes have a mandate to change existing cultures – including attitudes towards risk – as Paul O’Neill did at Alcoa by announcing, “I intend to make Alcoa the safest company in America,” at his first investor meeting as new CEO (as detailed by Charles Duhigg in “The Power of Habit.”) Sometimes, of course, new CEOs mistake coupon-clipping clothing buyers for Apple fanboys and flame out spectacularly.
Industry vertical and market focus, however, are probably the biggest determinants. Predictably, large, regulated companies who are frequently litigated generally spend more time and money on understanding and managing risk.
But fear only gets you so far, even in the most risk-aware organization. Fear alone will not drive employees to change their information habits. It won’t stop them from hoarding information in “their” shared drive (or shared drive in the cloud) or their email account. It will not stop them from classifying all their documents in the multi-million dollar document management system as “Misc-Other.” It will not stop them from using the cloud service recommended to them by their neighbor to share customer documents with a service provider. Fear will not change information governance behavior in a sustainable way.
So what will?
In Duhigg’s telling it wasn’t fear of safety failures that ultimately changed and sustained the safety culture at Alcoa, but rather the subsequent growth and the success of the company under O’Neill’s reign that corresponded with his focus on safety.
“I knew I had to transform Alcoa . . . but you can’t order people to change. That’s not how the brain works. So I decided I was going to start by focusing on one thing. If I could start disrupting the habits around one thing, it would spread throughout the entire company.” Paul O’Neill, as quoted by Charles Duhigg.
Driving sustainable change is about changing habits, but it is also about appealing to employee self-interest. Providing the employee with tools that help them do their job better, faster, smarter so that they can succeed and be rewarded. But also ensuring that these solutions take care of the company’s business and legal needs – ideally in the background.
I addressed this question recently in the short video below.