Three years ago, I sat down in a conference room in Washington, D.C with some really smart people and we quickly realized that we shared a vision for a consortium and think tank devoted to advancing Information Governance. Each of us had seen the incredible value that better information governance could create for their respective clients, but had also witnessed the consequences of information failure first-hand. Without a way for IG practitioners to share their experience across disciplines, it seemed unlikely that the promise of information governance would be fulfilled. Today, thanks to the support of like-minded individuals and organizations, this vision has been realized.
I am so pleased to announce the launch of the Information Governance Initiative (IGI), a cross-disciplinary consortium and think tank focused on advancing information governance. The IGI will publish research, benchmarking surveys, and guidance for practitioners on its website at www.IGInitiative.com. The research will be freely available, and the group will also be providing an online community designed to foster discussion and networking among practitioners.
I am founder and executive director, and it would be great if you would join us.
I believe information can be a positive transformative force in the world – improving business, government, and the lives of people in all walks of life. But I also believe that these benefits are not automatic, and in fact will only be the result of sustained, proactive efforts to understand and manage information in a better way. I believe that there is a need for like-minded people to come together and find this better way. A forum for ideas, facts, and techniques. An initiative that pushes the market forward and builds information literacy.
That’s why we created the Information Governance Initiative – and why we want you to be a part of it.
Who We Are
The IGI Advisory Board is comprised of members drawn from the disciplines that own the facets of information governance including information security, data science and analytics, e-discovery, business management, IT management, compliance, business intelligence, records management, finance and audit, privacy, and risk management. We are also developing a Corporate Council comprised of practitioners working in IG. Contact us if you are interested in participating in the Corporate Council.
At launch, IGI Advisory Board members include Courtney Ingraffia Barton, senior counsel, global privacy at Hilton Worldwide, Inc.; Julie Colgan, president of ARMA International; Leigh Isaacs, VP of the information governance Peer Group at ILTA; and Richard Stiennon, chief research analyst at IT-Harvest and well-known cybersecurity expert. Additional board members are being added on an ongoing basis.
The IGI is launching with broad support from leading providers of information governance products and services, including:
We are also partnering with a variety of organizations to bring IG stakeholders from different disciplines together to work on the information governance problem. For example, we have partnered with The CFO Alliance, a community of over 4,000 senior finance professionals, to bring the IG conversation to the finance community. ARMA International has appointed a representative to the IGI Advisory Board, and the two organizations plan on working together to advance the adoption of information governance. In addition, the IGI will be presenting several sessions on information governance at the Managing Electronic Records conference in Chicago, May 19-21, 2014.
Get Involved in the IGI
Members of the leadership team are speaking about information governance at nine different sessions during the LegalTech NY 2014 conference between February 4-6th. If you are there, come see us and also visit our Charter Supporters in the exhibit halls.
Learn how you can get involved in the IGI at, www.IGInitiative.com
I also invite organizations interested in supporting the advancement of Information Governance to contact me at 646 450 4468 or barclay.blair@IGIniative.com.
Last week I was lucky enough to spend a day working with my friend Jay Brudz (a partner at Drinker Biddle who also runs their e-discovery sub with IG guru Bennett Borden). Whenever we had a spare moment our conversation would drift back to our favorite topic: is Information Governance about risk or value?
The correct answer, of course, is both. But not always, and not at the same time.
First of all, on a macroeconomic level, the pendulum is always swinging between fear and greed/risk and value. Sometimes organizations circle the wagons, trim the fat, and break out a litany of clichés to cloak the fact that they are running scared. At other times, organizations light fat cigars, buy fancy umbrella holders, and spend money like the value of an American house will never decline.
So, there are macroeconomic factors that determine, generally, what motivates corporate spending and where management attention is focused.
This tension between risk and value is also driven by corporate culture. Some companies are simply more conservative than others – even those of similar size in the same vertical – and as such are more concerned about understanding and managing risk. Some companies build this conservatism into their marketing – especially in the financial services industry, where risk management and compliance typically has its own department (although the power of that office varies widely).
CEOs sometimes have a mandate to change existing cultures – including attitudes towards risk – as Paul O’Neill did at Alcoa by announcing, “I intend to make Alcoa the safest company in America,” at his first investor meeting as new CEO (as detailed by Charles Duhigg in “The Power of Habit.”) Sometimes, of course, new CEOs mistake coupon-clipping clothing buyers for Apple fanboys and flame out spectacularly.
Industry vertical and market focus, however, are probably the biggest determinants. Predictably, large, regulated companies who are frequently litigated generally spend more time and money on understanding and managing risk.
But fear only gets you so far, even in the most risk-aware organization. Fear alone will not drive employees to change their information habits. It won’t stop them from hoarding information in “their” shared drive (or shared drive in the cloud) or their email account. It will not stop them from classifying all their documents in the multi-million dollar document management system as “Misc-Other.” It will not stop them from using the cloud service recommended to them by their neighbor to share customer documents with a service provider. Fear will not change information governance behavior in a sustainable way.
So what will?
In Duhigg’s telling it wasn’t fear of safety failures that ultimately changed and sustained the safety culture at Alcoa, but rather the subsequent growth and the success of the company under O’Neill’s reign that corresponded with his focus on safety.
“I knew I had to transform Alcoa . . . but you can’t order people to change. That’s not how the brain works. So I decided I was going to start by focusing on one thing. If I could start disrupting the habits around one thing, it would spread throughout the entire company.” Paul O’Neill, as quoted by Charles Duhigg.
Driving sustainable change is about changing habits, but it is also about appealing to employee self-interest. Providing the employee with tools that help them do their job better, faster, smarter so that they can succeed and be rewarded. But also ensuring that these solutions take care of the company’s business and legal needs – ideally in the background.
I addressed this question recently in the short video below.
As regular readers know, one of my favorite topics is the leadership vacuum in information governance. Who really is steering the ship in most organizations? Is it the CIO? It it the legal department? Is it a new leader like a Chief Digital Officer? This is a critical question, and you should be asking it. I provide some further thoughts on this topic in the video below – check it out.
“It was a profoundly man-made disaster — that could and should have been foreseen and prevented. And its effects could have been mitigated by a more effective human response . . . For all the extensive detail it provides, what this report cannot fully convey — especially to a global audience — is the mindset behind this disaster.”
Kiyoshi Kurokawa, Chairman of the Fukushima Nuclear Accident Independent Investigation Committee, July 2012
“In the first minute after the autopilot disconnection, the failure of the attempt to understand the situation and the disruption of crew cooperation had a multiplying effect, inducing total loss of cognitive control of the situation . . . A review of pilot training did not provide convincing evidence that the associated skills had been correctly developed and maintained.”
French air investigator’s final report on the 2009 crash of Air France Flight 447, resulting in 228 deaths, issued July 2012.
“’Someone was in danger,’ explained Mr. Lopez . . . ‘I wasn’t going to choose my job over someone in danger. My job is to help people in distress. It was a moronic rule in my opinion that they set up. I understand the liability issues, but . . .’ He breached protocol by running to an area outside his beach zone without waiting for his supervisor to arrive to cover his station, posing a potential liability problem.”
Lifeguard Says He Chose Saving Man Over Saving Job, New York Times, July 5, 2012
The most powerful earthquake in Japan’s recorded history. A Tsunami with 130′ waves that penetrate six miles inland. Thousands of lives lost. Reactors in a coastal nuclear power plant start to melt down. Radioactive gas is released into the atmosphere. It’s a nuclear disaster. The cause? Obvious: forces of nature.
Wrong. Organizational culture.
On an Air France flight from Rio de Janeiro to Paris, instruments designed to measure airspeed fail, causing some autopilot systems to fail. The crew, confused about their speed and angle of flight, put the plane into a stall and it crashes into the ocean, killing everyone on board. The cause? Obvious: mechanical failure.
Wrong. Organizational culture.
A young lifeguard in Florida is fired. Why? Because he disobeyed company procedure to rescue someone he thought was drowning. The procedure had a single purpose: protect his employer from legal liability. He mistakenly believe that he had a single purpose as a LIFEGUARD: guard lives.
I picked each of these three stories from Section A of the New York Times this morning, not because I was looking for them, but because the thread connecting them resonated with me, and some thinking I have been doing about the role of organizational culture in information governance. These are from one section of one newspaper on one day, picked out by someone jostling for a seat on a sweaty F train ride. Not exactly random, but not exactly exhaustive research either.
The hardest part of information governance is changing (or at least challenging) organizational culture.
This is such a glib statement. Borderline tautological. Almost axiomatic. But, there is truth here, somewhere.
For the past twelve years, I have made my living as a subject matter expert. But lately I’ve been wondering which subject matter really matters. Over the dozen years I have thought of myself – and marketed myself – as an expert on a variety of topics (not necessarily at the same time): information security, electronic evidence, privacy, software product marketing, content development, records management, compliance, IT governance, electronic content management, taxonomies, ghost-busting, information architecture, e-discovery, information governance. I’ve always been this way, I guess. In high school I started an business fixing cars. In university I made extra money teaching university-level classes on HTML and hand-coding webpages for professors.
However, I have never thought of myself — nor marketed myself — as an expert on organizational culture. I never set out to become an expert. But, after witnessing the gooey inner workings of dozens and dozens of organizations large and small, in multiple industries, I seem to have learned something. I don’t directly sell what I know corporate disfunction to clients, but it might be the most valuable thing I offer.
Organizational culture is the rocky, rugged shore upon which the bravest barques crash. I have concluded that it is nearly impossible to fundamentally change organizational culture. Not completely impossible, just very difficult.
And yet, the success or failure of most multi-million dollar enterprise software implementations ABSOLUTELY DEPENDS on thousands of individuals changing their behaviour. CRM or sales force automation software mostly fails if sales and marketing people don’t change they way they do their jobs, in dozens of tiny ways, every day. Content management and collaboration software fails if thousands of employees don’t change they way they find, create, and communicate information – assuming you can get them using the platform at all. Enterprise social media fails unless most employees see the rewards of total transparency at work.
This is no secret – those who sell the software will tell you this. For example, here’s a quote from a recent OpenText blog post:
“What’s the biggest barrier you’ll face when deploying collaborative or social software (or even straight document management)? It’s swaying people’s attitudes and behaviors towards their information, knowledge, and content.”
Organizational culture isn’t much easier to engineer than national culture. Despite being forced by Canadian cultural content laws as a teenager to listen to Rush, Corey Hart, Gowan, and Kim Mitchell, I still think they all suck (sorry, Tamir).
Cultural Engineering is hazardous work. In fact, it is so hard that a certain breed of startup software company is choosing to avoid it altogether by chucking the bitter controls that big companies need to function and focusing instead on the sweet candy users want – willfully ignoring the long-term effects on the organization. What are the long-term effects? At minimum, the creation of new toxic silos of disorganized, neglected, disconnected information bristling with all kinds of business and legal jagged edges. At maximum this strategy sends the customer blissfully skipping down a gilded path that can only lead to loss and theft; privacy disasters; millions of dollars spent in unecessary electronic discovery costs and lawyer fees; and fines and penalties for failing to comply with any number of the thousands of laws and regulations affecting a large corporation’s information.
You don’t have to move very much soil in a large company to find the fossilized relics of systems past that were earlier incarnations of this myopia. To whit: a manufacturing client with 34,000 Lotus Notes databases that nobody knew what to do with — the legacy of an earlier generation’s blind bliss of “empowering users” through self-provisioning and finally, once and for all, freeing them from the machinations of their evil IT overlords. The 34, 000 Lotus Notes databases that were the sweetest e-discovery honey hole for every plaintiffs attorney east of the Mississippi; the glorious user-empowered, next generation environment that caused my client to settle case after case because it was cheaper than extracting data from the wonderful, self-provisioned mess. The amazing, hands-off application building environment that they couldn’t afford to keep around, but that was too expensive to get rid of.
Some observers are criticizing today’s startup software companies for focusing on trivial problems (Nicholas Carr, for example: “An app for making vintage photos isn’t exactly a moonshot”). There’s even a parody website on the subject. I don’t know if this is true, or if it just seems this way (the topic has the smell of a “trend piece,” like the rise of Satanic cults in the 1980s). If it is, maybe there are BIG IMPORTANT sociological reasons for this. But one thing is certain: building software that provides real value to a big organization is hard, if only because cultural engineering is hard.
So, what are the enterprise startups working on? Well, here’s one category: shared drives in the cloud. It just makes me — I don’t know — tired? that some seem to think that putting a shared drive in the cloud is innovative. Or even edgy and “disruptive.” Conceptually, there is nothing innovative about it. Yes, the mobile and the multi-device user gives it legs. But it’s still just a damn shared drive — a great way to share information, but terrible for almost anything else. What happens after that glorious moment that the content is shared? Does the content just disappear? Are we keep supposed to never think about it again? What if we want to keep some information and throw some away? What if some of it needs special treatment because of some pain-in-the-ass law? Why are we pretending that shared drives in the cloud are immune from the problems of old-fashioned Windows networked shared drives? Shared drives stand in the way of every big company’s effort to do something meaningful with their pile of unstructured content. Do you spend millions cleaning them up? Millions migrating them to SharePoint? Even with the best “automated classification tools,” this still costs a large company millions — IF it can get the lawyers to bless the plan in the first place.
A few days before Microsoft purchased the company, I saw a senior executive from Yammer speak. It was a product pitch with the self-laudatory axiom, “adoption is the new ROI” as its centrepiece. Yammer (which some have called “FaceBook for the enterprise”) built its company in large part by offering the service to corporate users for free, then charging IT administrators to manage the resulting mess. The axiom was proven out by the company, as user counts no doubt were a central metric used by Microsoft to justify its $1.2B investment, but as an axiom for enterprise software it is gibberish. And cynical. Companies in this space also seem to love marketing slogans like, “75% of the Fortune 500 use our software,” which tells you about as much about their enterprise penetration as it would if Rovio, the maker of Angry Birds, claimed that “100% of the Fortune 500 use our software.”
Are these companies thinking big? Do they have an enterprise moonshot? Are they tackling the truly complicated information problems of the large enterprise?
Many companies, both old and new, are tackling complicated problems. Bringing Internet scale to enterprise data. Layering massively powerful analytical tools on top of the data. Empowering the messy, risky big decisions that must be made about vast pools of we create. Refusing to be cowed by legal FUD. Cleaning up mind-boggling volumes of junk. Investing the time and money it really takes to understand vertical, business unit, and departmental problems, and deliver unsexy, but truly valuable software and process. Empowering users in a way that balances shiny new toy syndrome with the complex realities of a real-world operating environment.
But, perhaps even these companies are focusing their attention on enterprise problems that do not require cultural change or engineering. Problems that do not require any change in what a user does or does not do. Billions of dollars of enterprise software have been sold over the years because the person writing the checks believed that changing user behaviour was possible. The engineering of organizational culture has been the sine qu non of enterprise software.
Have we now reached the point where it is simply old fashioned to believe that it is possible or desireable to dicate, or at least motivate, a user to do something, or to not do something? Perhaps, but any number of corporate programs, from safety to sales practices to performance reviews, rely on this dynamic. At the same time, it’s obvious that culture engineering adds significant friction to the process of selling and implementing enterprise software, so providers are logically looking for ways to minimize or avoid it altogether.
Engineering organizational culture is engineering human behaviour itself, on a large scale. In that sense, it is not mysterious. Show the value of the change to the individual. Use incentives and consequences to create social pressure – the true motivator. Rinse and repeat. Despite the challenges, I don’t think we have moved past the need for organizational change in the world of Information Governance.
Author: Barclay T. Blair
I’m sitting in the Vancouver airport waiting for my flight to Chicago for MER 2011. I just flew here from Anchorage, where I provided a day-long seminar for the Greater Anchorage ARMA Chapter. The seminar went well, and I had a great time in Alaska – thanks to Marty and Glenn and everyone else for hosting me.
I’m looking forward to the MER conference this year – it has been a few years since I attended and the content is always great. Also looking forward to seeing some old friends from the records world. I’m speaking about my current favorite topic, which is how corporate governance is fundamentally, and that’s why information management is a failure.
I’m also excited about the new Information Governance Briefing book that we put together with Open Text. It includes several existing and new IG Briefs that I wrote, along with other information that is designed to help senior management get up to speed quickly with IG. We’re making it available to MER attendees as we think it will help them as they continue to make the case for IG to senior management.
Also, every attendee to the MER Conference this year will receive a copy of my last book, Information Nation, Second Edition. I’m excited to get the book into the hands of 400 or so new people, as it really seems to help them tackle the IG problem. It’s gratifying when people approach me to tell me how much the book has helped them – as a gentleman did on Friday in Anchorage. A few years ago he had been put in charge of a document imaging project for the State, and Information Nation was the first book he read to understand the world he was entering.
In any case, I hope to see you at MER (here’s a photo from AK).
Your poor employees. At home they are social media superstars, posting ironic witticisms and heartfelt sentiments to an audience of adoring “followers” and “friends.” Their iPhones are stuffed with the latest apps. They’ve embraced Google in every aspect of their life, from Google Analytics for their American Idol fan page to Docs for their PTA petitions. But, once they swipe that key card and settle into their cubicle, they are stuck with clunky tools two generations old, and that are, frankly, kind of embarrassing.
Enter “Shadow IT” – the back alley of your computing environment – you can still use it to get where you are going, and it may even provide a shortcut, but it’s not paved or well-lighted. Shadow IT happens when IT departments allow (or even enable) employees to use technology that is not provided nor officially supported by the IT department. Long viewed as a weed to seek out and destroy via the strangling embrace of tough Corporate IT Policies, today in the midst of the “Enterprise 2.0” and social media hype cycle, its is increasingly viewed as a creative, “crowdsourced” way to innovate.
We recently conducted an extensive survey of thousands of stakeholders in the information environment to find out just who loves Shadow IT the most. Here is what we found. [1. Note: No real surveys were performed, just really extensive imaginary ones.]
- Opposing counsel. The lawyers representing the other side in litigation really, really love your willingness to tolerate – or even promote – Shadow IT. After all, it makes life so easy for them. Inconsistencies between what corporate IT policies say and what actually happens are especially useful, as they can really help them raise useful questions about the integrity of your whole program. Its especially great when your own lawyers don’t even know about Shadow IT, so they repeatedly tell the court that they have produced all relevant ESI, even though they haven’t. That really makes opposing counsel happy.
- E-discovery services firms. Unmanaged, uncontrolled IT that your own lawyers don’t even know about can really help to complicate and drag out the e-discovery process, adding up to bigger bills from your service providers. That makes them pretty big fans of Shadow IT.
- Your own IT department. To be fair, this may be more of a love/hate relationship. Hate because it makes their jobs seem easier than they are, and love because well, it kind of does make their jobs easier.
- Outside counsel. Shadow IT = more legal liability = more litigation = more billable hours = happy outside attorneys. Pretty simple formula.
- Consultants like me. The information governance mess created by unmanaged Shadow IT invariably creates a huge problem that has to be cleaned up, often in a very short time – what’s not to like about that?
- Your employees. Shadow IT is often cool and useful and lets employees do their jobs better. That makes them happy too.