Tagged: regulation

How did we do on the Chief Information Governance Officer (CIGO) Summit?

The single most important industry event I have yet attended; densely packed with immediately useable approaches, methodologies and best practices; staffed by passionate and supremely experienced SMEs – both within and extraneous to the discipline – providing a 360-degree view of the imminent CIGO revolution; overall a grand slam. A definite repeat for next year!

Richard Kessler, Head of Group Information Governance, UBS AG

Most organizations like the Information Governance Initiative do not publicly share the results of post-event surveys, but I work hard to be different and transparent. So, in that spirit, I am going to share results of the May 2015 CIGO Summit participant survey that just came in.

Overall, I’m really happy to see that in almost every metric we exceeded our goals. In one area we could have done better, but I knew that would be the case going in and will explain why. If you missed the CIGO Summit, check out this excellent write-up on the event.

Key results

Overall Event Satisfaction

Screen Shot 2015-06-22 at 12.01.38 PM



So honored to be a part of such a diverse group of IG experts. The ability to collaborate and discuss directly with your speakers is invaluable! Leave it to the IGI to start the trend away from the power point/listen/5-minute Q&A all are accustomed to. Exactly what separates IGI/Barclay and the Gang from the impersonators. (Ok – might need to not be so harsh – I’ve been drinking)


Nearly all participants said they were very satisfied (71%) or satisfied (20%) with the event, proving that our commitment first and foremost to events that provide value to the participants is paying off. As insiders, we have seen with our own eyes that most industry events are actually designed almost exclusively for the sponsors. I believe that this serves neither the sponsors nor the participants. It is a difficult balance to strike, and it is much more work to put the participants first. For the CIGO Summit, we undertook a “by invitation only” model, which meant that I personally invited or approved each and every participant in the room. Believe me, this process is not fun and I had many painful conversations with excellent consultants and experts (personal friends in many cases) as to why they could not attend. Why? Because I wanted to make sure that the room was filled with senior, working IG practitioners. The providers in the room were a select number of excellent subject matter experts from IGI supporters who had funded the event itself. Quite frankly, without those supporters, this event would not have happened. We simply cannot charge attendees enough to cover the costs, much less pay ourselves (see below for more details).

This process was the right process for this event, given its focus and goals. It is not the right, or even necessary, process for other events that we do. For example, our next big event, InfoGovCon15 is inexpensive ($400 or less for 2.5 days), democratic (with session voting), and open to all.

As good as these results were, I have to say it still bothers me personally that 1 person (the 3.2% below) said that they were “very dissatisfied” with the event. Why? What did we do wrong? Were you at the wrong event? If you are reading, please contact me and let me know.

Why Did People Come to the Event?

Screen Shot 2015-06-22 at 12.05.38 PM

It is so important, as we all march down this new road, that we learn from each other and exchange lessons learned. I love that this forum gave me a chance to meet my peers and be educated!

Vicki Lee Clewes

Nearly 100% of participants said that the reason they attended was to “learn what others are doing to advance information governance at their organizations.” It is very rewarding to see this result because so much of what we do at the IGI is focused on connecting our members to other members. You consistently tell us things like, “please just help us understand what other organizations are doing,” a request we have worked to fulfill in multiple ways, including our Annual Report, our online community of thousands of IG practitioners, our IG Boot Camps, our soon-to-be-published Benchmarking Report, and events like CIGO Summit and InfoGovCon. The next most common answer was “to network,” a very closely related concept.

How We Did on the Details

What a great and diverse group of colleagues. The event allowed us to share our IG stories. It is so helpful knowing I’m not alone in my IG pain.

Sharon Keck, Polsinelli, PC

Events live or die based on the details, and I was happy that each aspect of our conference from the smallest detail to the highest-level theme was highly rated. (i.e., in each case, higher than 4 out of 5). For example, participants rated the speakers at 4.45, the registration process 4.6, and the individual interaction at 4.26.


Our Speakers

Information is not an IT problem, but a business problem. The CIGO Summit provided the perfect vehicle for developing a corporate cross-functional information strategy (Marketing, E-Discovery, Compliance, IR, Business Practices investigations, etc.) that balances organizational legal and technical challenges while maintaining business critical information in a consistent and defensible manner in order to deliver critical elements to support sustainable growth. I highly recommend it to those that wish to align themselves with thought leaders in the space. Get out in front of the information conundrum (volume rich, knowledge poor) and become an advocate for change.

Tim Kaufman, UTC

Our speakers, who we chose very careful and curated to fit into the overall theme and goal of the event, were also rated very highly, with each speaker receiving a rating over 4 out of 5. A certain senior level IGI official, who hosted and facilitated the event, received the highest speaker rating (but please don’t tell him that as he is already almost unbearable).

Unlike most industry events, we folded paid, professional speakers into the program because we wanted to expose our participants to fresh, expert viewpoints that would help them grow as IG leaders. Those speakers were also rated highly (4.43 and 4.11). We also put our sponsor speakers through the wringer, asking them to encapsulate their most important messages into a 6 minute and 40 second presentation comprised of 20 slides that auto-advance every 20 seconds. Each one of our sponsor speakers (Sue TrombleyRob HamiltonJulie Colgan, and Trent Livingston) rose to the challenge and did a magnificent job under pressure in providing useful, targeted information for this audience, and they were highly rated as well (an average rating of 4 out of 5).

What Did Participants Like Most About the Event?

Participating in the CIGO Summit was a unique opportunity to engage with many of IG’s leading professionals. The thorough and fast-paced agenda exceeded my expectations, both from a content perspective and as a venue for the frank exchange of ideas.

Susan Wortzman

Here’s what participants told us they liked most about the event:

  • Seniority of delegates.
  • Event size and very interactive.
  • So many senior IG people in one place- there is power in numbers and an agreement on how to move forward.
  • Impactful agenda. Powerful interaction. Brilliantly executed.
  • The interaction with brilliant IG visionaries and practitioners.
  • The care with which it was designed.
  • Being able to interact with so much talent and experience.
  • Being involved with people promoting an emerging field
  • The professionalism with which polarized opinions could be discussed
  • Incredible gathering of IG thought leaders. Great speakers, great activities.
  • I learned a lot, got inspired, and met lots of smart people.
  • Practical insight from practitioners, war stories, gathered a really high-quality group
  • I liked the mix of people who attended and the content was excellent.
  • The constant collaboration and not just a PowerPoint and a person – it was like having a conversation with your speaker.

What Did Participants Like Least About the Event?

When designing this event, I had a pretty good idea what the answer to this question would be:

  • Compressed timeframe.
  • I actually would have liked it to be longer.
  • Intense day – very packed.
  • Not enough time for topic.
  • Not enough time!
  • Time crunch.
  • Very long intense day. Might be better over 1 1/2 days.
  • Went too fast.
  • That it only lasted a day.

I literally cannot think of the last time I went to an event and left thinking that it was too short. If we had to fail in some way, I’m happy to fail in this way. I absolutely acknowledge that that we tried to do too much in one day. But, we had committed to a one-day event (somewhat arbitrarily I suppose, based on the assumption that it would be easier to pull off, which now I realize is not true) a long time ago, and needed to stick with it.

So, I aggressively cut and cut until I arrived at what I though needed to be the minimum topics we needed to cover. I knew it would be intense. I knew it would be too much. But I was more comfortable making a mistake in that direction than the other, which I could not bear: i.e., empty, fluffy, retread content full of the same old platitudes squeezed between hour-long “networking breaks.”

Let’s talk about some of the other things that people did not like:

  • “Having vendors there.”

The market simply does not enable us to host an event like this, with people of this level of seniority, in an accessible major city, with the expected level of fit and finish, without sponsors. Without sponsors, the ticket price of this event just to allow us to break even on the hard costs would have been over $2500, which seems like a lot for a one-day event that does not result in some kind of certification or specific set of marketable skills, or at least promise to change your life forever. If we actually wanted to make money, and cover the thousands of hours of planning and execution time an event like this takes, we would have to charge much more.

Or, we can ask for the support of the providers in our IGI community, which we did. But, we did it in a very considered way. Our sponsors were allowed to send 1 or 2 people (depending on sponsor level) to the event, and not sales and marketing people. They needed to be senior IG subject matter experts who could contribute to the discussion. And that is what we did – we had several of the most recognized provider SMEs in the room who added great value to the discussion.

Also, there is a very clear and obvious reason to “have vendors in the room.” Quite simply, the problem of IG cannot be solved without technology. In my view, information about what technology is available and what it can to is just as valuable as information about experiences, successes, techniques, and tips. At the IGI our mission it to promote IG as far and wide as we can, and that includes promoting awareness of what is possible with technology currently available on the market.

Now the obvious question: why don’t we just do the event at a less expensive location, and let participants pay a lower rate, but one that would cover both the hard and soft costs? Well, if anyone has any ideas on how we attract and satisfy a room of CxO, SVP, VP, and Director-level attendees who already have too much on their plates to an event, venue and location that costs less than half of what a typical venue costs, please call me immediately at 646 450 4468. That being said, the hotel conference business is not a pleasant one, and we are looking at alternative venues and approaches that can both reduce costs and increase attendee value.

Would People Attend Again?

Hard numbers and soft skills: Great case studies, roadmaps and networking toward elevating the information governance stewardship. Thank you.

Mary Mack

84% of people who attended said it was very likely (52%) or likely (32%) that they would attend this event again next year. We will do this event again, and evolve it each time, many more times. The focus of this first event was to introduce the concept of the CIGO, and to build a Playbook that aspiring CIGOs and other in that ecosystem could use to explain the role and help build the case for it (look for the first edition of the Playbook in July). We will continue to provide education, networking, and community around the topic of IG leadership. We got the ball rolling with this event and will continue as a core part of our mission.

Thank you to everyone who attended and to everyone who made this event a success. If you want to participate in or support our next CIGO Summit, please let me know.


Screen Shot 2015-06-22 at 12.06.20 PM


5 Questions about Information Governance in 5 Minutes: Who Should Own Information Governance?

This is the second video in our series, “5 Questions about Information Governance in 5 Minutes.” In  this video IG experts answer the tricky question, “Who Should Own Information Governance?”


5 Questions About Information Governance in 5 Minutes: What is IG?

There is more interest in Information Governance than ever before, but there still continues to be a lack of clarity regarding IG fundamentals. To address this, I’ve produced a video series where I ask 30 IG experts the same 5 questions about information governance. Each interviewee had five minutes to answer the five questions, thus the name of the series: 5 Questions about IG in 5 Minutes. The, we edited the answers into as series of short videos. Watching 30 experts answer these questions rapid-fire is pretty compelling and instructive.

Each day this week I will post a new video, and I will be posting the full-length interviews as well. You will be able to find them here and on our YouTube channel.

Here are the 5 questions I asked:

  1. What is Information Governance?
  2. Who should own Information Governance?
  3. What is the biggest benefit of getting Information Governance right?
  4. What is the best way to fail at Information Governance?
  5. What is your favorite story about Information Governance?

I wanted to thank each one of my interviewees. I really believe the IG community will benefit enormously from your time and insight.

  • Janet B. Heins – Director, Collaboration and IG, Biogen Idec (LinkedIn)
  • Stephen Cohen – Records Manager, MetLife (LinkedIn)
  • Randy Moeller – Global Records Management and Governance, Proctor and Gamble (Twitter)
  • Patrick Cunningham, CRM, FAI – Senior Director, Information Governance, Fortune 500 Electronics Manufacturer (Blog)
  • Laurence Hart  – CIO, AIIM International (Blog)
  • Galina Datskovsky – Chair of the Board, ARMA International (LinkedIn)
  • Darren Lee – VP Governance, Proofpoint (LinkedIn)
  • Arlyce J. Vogel, CRM – Corporate Information Management Project Manager, Large Utility (LinkedIn)
  • Robert Smallwood –  Executive Director, E-Records Institute & Partner, IMERGE Consulting (LinkedIn)
  • Tamir Sigal – VP of Marketing, RSD (Twitter)
  • Bassam Zarkout – Chief Technology Officer, RSD (Twitter)
  • Robert F. Williams – President, Cohasset Associates, Inc. (Website)
  • Conni Christensen – Founding Partner, Synercon Management Consulting (Website)
  • Chris Perram, MBA – Owner, Perram Corporation (Website)
  • Amir Jaibaji – VP, Product Management, StoredIQ (LinkedIn)
  • George Dunn – President, Cre8 Independent Consultants (LinkedIn)
  • Tod Chernikoff, CRM (Twitter)
  • James Morganstern – Business Development Executive, Integro (LinkedIn)
  • Stephen Ludlow – Program Manager, E-Discovery and IG Solutions, OpenText (Twitter)
  • Francis Lambert – CEO, Records Technologies (LinkedIn)
  • John Montana – CEO, Montana and Associates (LinkedIn)
  • Craig Rheinhardt – Director, ECM Product Strategy and Market Development, IBM (LinkedIn)
  • Gordon Rapkin – CEO, Archive Systems (LinkedIn)
  • Keith D. Davis, MBA, CRM – RIM Program Office, Fortune 15 Healthcare Company (LinkedIn)
  • Tom Reding, CRM – Principal, Information Governance, EMC (Twitter)
  • Jill Hearn – Principal Product Marketing Manager, EMC SourceOne (LinkedIn)
  • Matt Hillery – CTO, Fontis International (Website)
  • Gordon E.J. Hoke, CRM – Independent IG Consultant (Twitter)
  • Eugene Stakhov – Senior Solution Architect, Lighthouse ECM Group, LLC (LinkedIn)
  • Beth E. Chiaiese – Director of Loss Prevention, Foley & Lardner LLP (Website)
  • Sue Trombley – Director Consulting, Iron Mountain (Blog)

Today’s IG PowerPoint Slide: What Does Unstructured Information Really Cost Organizations?

Ten Factors Driving the Total  Cost of Owning Unstructured InformationEarly this year I was lucky enough (thanks to a great sponsor) to carve out some significant research and writing time to answer a complicated (and maybe even complex) set of questions: what does unstructured information really cost? How do we answer this question? Which kinds of costs should be included in the answer? Can we use this answer to drive desirable Information Governance behaviors?

I looked at existing models for structured data, studied the emerging Big Data market, talked to clients and experts, and developed some answers to these questions that I think are actually pretty novel. You can download the entire paper here now (at the website of Nuix, the sponsor), and you can also follow along here as I discuss out some of the key ideas and findings over the next few weeks.

A PowerPoint slide (with notes)  is available for download here: IG PowerPoint Slide of the Day from Barclay T Blair-10 Factors Driving Unstructured Information Cost. If you do use it, I would appreciate you letting me know how and where. 

Unstructured information is ubiquitous. It is typically not the product of a single-purpose business application. It often has no clearly defined owner. It is endlessly duplicated and transmitted across the organization. Determining where and how unstructured information generates cost is difficult.

However, it is possible. Our research shows that there are at least ten key factors that drive the total cost of owning unstructured information. These ten factors identify where organizations typically spend money throughout the lifecycle of managing unstructured information. These factors are listed in Figure 1, along with examples of elements that typically increase cost (“Cost Drivers,” on the left side) and elements that typically reduce costs (“Cost Reducers,” on the right hand side).

  1. E-Discovery. Finding, processing, and producing information to support lawsuits, investigations and audits. Unstructured information is typically the most common target in e-discovery, and a poorly managed information environment can add millions of dollars in cost to large lawsuits. Simply reviewing a gigabyte of information for litigation can cost $14,000.[i]
  2. Disposition. Getting rid of information that no longer has value because it is duplicate, out of date, or has no value to the business. In poorly managed information environments, just “separating the wheat from the chaff” can cost large organizations millions of dollars. For enterprises with frequent litigation, the risk of throwing away the wrong piece of information only increases risk and cost. Better management and smart information governance tools drive costs down.
  3. Classification and Organization. Keeping unstructured information organized so that employees can us it. Also necessary so management rules supporting privacy, privilege, confidentiality, retention, and other requirements can be applied.
  4. Digitization and Automation. Many business processes continue to be a combination of digital, automated steps and paper-based, manual steps. Automating and digitizing these processes requires investment, but also can drive significant returns. For example, studies have shown that automating Accounts Payable “can reduce invoice processing costs by 90 percent.”[ii] 
  5. Storage and Network Infrastructure. The cost of the devices, networks, software, and labor required to store unstructured information. Although the cost of the baseline commodity (i.e., a gigabyte of storage space) continues to fall, for most organizations overall volume growth and complexity means that storage budgets go up each year. For example, between 2000 and 2010, organization more than doubled the amount they spent on storage-related software even though the cost of raw hard drive space dropped by almost 100 times.[iii] 
  6. Information Search, Access, and Collaboration. The cost of hardware, software, and services designed to ensure that information is available to those who need it, when they need it. This typically includes enterprise content management systems, enterprise search, case management, and the infrastructure necessary to support employee access and use of these systems.
  7. Migration. The cost of moving unstructured information from outdated systems to current systems. In poorly-managed information environments, the cost of migration can be very high – so high that some organizations maintain legacy systems long after they are no longer supported by the vendor just to avoid (more likely, to simply defer) the migration cost and complexity.
  8. Policy Management and Compliance. The cost of developing, implementing, enforcing, and maintaining information governance policies on unstructured information. Good policies, consistently enforced will drive down the total cost of owning unstructured information.
  9. Discovering and Structuring Business Processes. The cost of identifying, improving, and routinizing business processes that are currently ad hoc and disorganized. Typical examples include contract management and accounts receivable as well as revenue-related activities such as sales and customer support. Moving from informal, email and document-based processes to fixed workflows drives down cost.
  10. Knowledge Capture and Transfer. The cost of capturing critical business knowledge held at the department and employee level and putting that information in a form that enables other employees and part of the organization to benefit from it. Examples include intranets and their more contemporary cousins such as wikis, blogs, and enterprise social media platforms.
The purpose of this model is primarily to get us thinking about how to account for the cost of unstructured information, in the context of real-world challenges and activities. I view it as a starting point – so let me know what you think.
If you find this graphic useful, you are free to use it in your own presentations under the Creative Commons Attribution-ShareAlike 3.0 Unported License.

[i] Nicholas M. Pace, Laura Zakaras, “Where the Money Goes: Understanding Litigant Expenditures for Producing Electronic Discovery,” RAND Institute for Civil Justice, 2012. Online at, http://www.rand.org/content/dam/rand/pubs/monographs/2012/RAND_MG1208.pdf

[ii] “A Detailed Guide to Imaging and Workflow ROI,” The Accounts Payable Network, 2010

[iii] For detail on the source of this number, see my blog post here.

Observations on AIIM 2010

I’m on my way home from Philadelphia after an interesting and useful AIIM 2010 Expo, and thought I would share some observations. I had many good meetings, saw some good products, learned some new things, and met a bunch of good people. I hope everyone else had a useful trip, and got home safe and sound.


The subject of the weather was replaced by the subject of attendance levels as the de rigueur conference small talk. Although I heard varying opinions, the consensus view seemed to be that attendance and the number of exhibitors was low. I talked to a representative from Questex, the show operator, who claimed that this was not the case, with over 12K attendees expected to show up and exhibitor levels better than last year. Who knows? My observation is that it seemed busier than last year, at the height of the recession. Many exhibitor booths (like EMC’s) seemed to be constantly busy.

None of this answers the question whispered in the hallways of almost any big conference in the last couple of years –  is the trade show still a viable form of marketing and education? Does anybody learn anything? Does anybody sell anything? Is it just a “vendor echo chamber?”  Are we all just going out of some sense of obligation? Do attendees just go to get out of the office, and vendors because they are more afraid of the negative consequences of their absence than they are excited by the ROI of their presence?

I like events like the AIIM Expo for the simple reason that it is energizing and affirming to be surrounded by tangible markers of my profession. I have worked outside a traditional office for a decade, and don’t often have the opportunity to just hang out with people who have the same background or interest in this space. So, I find that rewarding.

But, the biggest reason I find some events useful is that I strive to have a clearly-defined purpose for going. For any event, I define that purpose and use it as a measuring stick: will the event help me achieve my goal, and is achieving my goal worth the cost of going? You goal may be to “get up to date with best practices in my profession,” or “learn what other companies are doing,” or “see the latest technologies” –  it doesn’t matter. But, asking whether or not a particular conference – or conferences in general –  are “worth it” is the wrong question. The right question is: what is my goal, and is attending the event the best way to achieve it?

You’re Not Keeping Everything Forever?

The last message one might expect to hear at a conference devoted to topics such as “the lifecycle of records and related concepts such as Classification Schemes, Metadata, Security, Retention, Preservation and Disposal,” is that companies should simply keep all information forever. But heard it, I did – in not one, but two, separate keynotes. I have written about this topic many times, including here, and it is truly one of my favorite topics. As you may guess I, ahem, beg to differ with this position.

To be fair, the first time I heard it, the speaker actually used the term “data” and she was really mostly talking about “research data” and she was from a research organization. So, I’ll give that one a pass.

The second time I heard it, it came from a senior Google representative who apparently been asked to come to Philly to provide a sixty minute commercial. Because, you know, they have a hard time getting their message out otherwise . . . Anyway, like many others, I’m a fan of many Google services, and they have increasingly become a big part of my personal and business life, from Gmail to the fabulous Google Voice. Clearly they are doing transformative work in the consumer space.

But, do they get the enterprise?

The presentation left little doubt that they have a pretty good understanding of their own enterprise. Cyrus Mistry, the speaker, did a funny and engaging presentation about life at Google. Some of the highlights were:

  • By default (at least, culturally) all information is published to everyone at Google seconds after it is created
  • All information is stored in the cloud and instantaneously available on any platform –  including your smartphone
  • Nothing is ever thrown away, e.g., Cyrus mentioned that he has 200 or 300 GB of email in the Google cloud

But, the primary message was not just, “this is way Google works,” but, this is the obvious and inevitable way that all organizations should work – and will work in the future. Anything less is laughably complex, outdated, stodgy, unnecessarily controlling, and stifling to innovation and to the very soul of the employee.

Apparently, in the coming information utopia:

  • Nobody is lazy.
  • Nobody is malicious.
  • Nobody sues anyone.
  • Nobody creates any information that shouldn’t be shared instantly with everyone in the entire organization.
  • There is no risk associated with information – only value and upside.
  • You are completely free as an organization to manage information as you please – no-one outside the company is dictating this to you.
  • Nobody wants to browse through information to find what is relevant to them.

In this vision, the lifecycle of a record is less of a cycle, and more of an infinity symbol. The content is created, it is shipped to the cloud, and there it resides in a big pile –  forever.

Do I think there are compelling elements to this vision?

Of course.

Do I think this is the way information should be managed inside the developer community of a software company?


I worked for many years in the software business and learned that the high tech world and its engineers often have a charmingly naive view that the way they work is the way that everyone should work. In fact, this tendency has been the downfall of many brilliant software companies as engineers diligently developed the most incredible solutions for problems that didn’t exist – fighting with sales and marketing all the way as they flew the plane into the crash site.

Now, am I saying that Google’s vision of information management won’t be be successful, or at least highly influential? Hey, I’m not that charmingly naive (well, maybe naive, but certainly not charming). However, the information reality for most of my clients is something more like this:

  • Some people make mistakes.
  • Some people are malicious.
  • They are getting sued all the time, and suing other parties all the time.
  • There are tens of thousands of external regulations, requirements, contractual obligations, industry standards and other factors that dictate they way they need to manage information.
  • Information creates risk – as well as value – and they want to get rid of the stuff that has no value.
  • They create terabytes of information that cannot be shared with everyone all the time  and they will experience serious weeping and gnashing of teeth if even the smallest amount of this information is shared.
  • At least some of the organization wants and needs to browse through information by category.

I want information management to get much much better and much simpler. Innovation and new approaches are needed.  I’m not arguing for complexity and command-and-control. But, I think that information management for many – if not most – large companies is very complex and the problem is not solved by keeping everything forever.

All SharePoint All the Time

The AIIM Expo was a coming out party for SharePoint 2010 in the AIIM community, and generated a lot of interest and discussion. Microsoft bolstered its vision of SharePoint-as-platform by hosting several partners with value-added products and services in stand-up kiosks. In addition, there was a SharePoint-specific track at the show that seemed pretty well attended.

SharePoint continues to rapidly penetrate the information management market, with an increasing number of organizations seeking to leverage the platforms’ records management capabilities –  especially the new features of SharePoint 2010.

I see this causing some pretty interesting conflicts at client organizations.

The success of the product and its growing records management feature set has brought it to the attention of stakeholders that in the past were not likely to be involved in a SharePoint implementation project. These stakeholders include professionals like lawyers who are concerned about e-discovery; records managers concerned about retention schedule compliance; and compliance and governance professionals who see both opportunity and risk in the platform.

In many cases, this new-found interest in SharePoint is not welcome by the IT professionals actually tasked with implementing, configuring, and managing the product. This can result in significant friction that can delay, derail, or otherwise cause a SharePoint project to underachieve. Often, the new stakeholders are looking for centralized control, closed systems, and detailed oversight, whereas IT is seeking to leverage the intuitive information sharing capabilities of the platform and the ease with which end-users can create and self-administer sites.

SharePoint governance will only be successful if these two camps can find a middle ground, and take a practical approach that focuses on maximizing the business value of the platform while minimizing the compliance and business risk.  I advise clients to lock the stakeholders in a room and hammer out the 3-5 governance controls that they can’t live without, and start with that.

Wrap Up

AIIM 2010 was useful for me, and I hope I provided some value here to those that couldn’t make it. To those who did, safe travels, and I will see you soon. In the meantime, let me know what you think of my observations.

10 Reasons Information Governance Make Sense: Reason # 5

It Ain’t Gonna Get Any Easier

“By far the biggest mistake people make when trying to change organizations is to plunge ahead without establishing a high enough sense of urgency in fellow managers and employees. This error is fatal because transformations always fail to achieve their objectives when complacency levels are high.”

John P. Kotter, “Leading Change,” Harvard Business School Press, 1996, p. 4.

In Brief: IG makes sense because it is a proven way for organizations to respond to new laws and technologies that create new requirements and challenges.  The problem of IG will not get easier over time, so organizations should get started now.

Every day the pile of unmanaged information in your organization grows. Every day the habits of your knowledge workers get more ingrained. Every day new technologies enter your enterprise and create new sources of unmanaged risk. Every day technology gets more complex. Every day courts and regulators grow more sophisticated and demanding when it comes to information management. Time will not make the information management problem any easier.

More regulation of information management is expected.

“It’s now ‘inevitable that more regulation will come, forcing companies to be more ethical, more compliant and overall better corporate citizens.’”

Former SEC Chairman Harvey Pitt[1. Alexander B. Howard, “Ex-SEC Chief Pitt Decries State of Sarbanes-Oxley and Risk Management,” SearchCompliance.com, June 5, 2009.]

Beginning as early as the 1970s (with privacy law directed at the federal government) and intensifying in the early years of the new millennium (with Sarbanes-Oxley and the revised Federal Rules of Civil Procedure), governments, regulators, and standards bodies have demonstrated an increasing appetite for the regulation of IT and information. Increasing federal and state regulation has driven demand for IG products and services.[2. Nikki Swartz, “Compliance Boosts Records Management Market,” Information Management Journal, Sept/Oct 2006.]

With the recent swearing-in of a new US president and Democratic control of Congress in the US, it is likely that this appetite will only increase, especially in the wake of a global economic recession that is widely seen as having a root cause in inadequate government oversight and regulation. This is likely to drive legal and regulatory changes that will create new IG requirements for organizations.

Information is getting more complex.

“Using a growing set of free and simple tools and applications, it is easy to create customized, personal web-based environments — a personal web — that explicitly supports one’s social, professional, learning and other activities via highly personalized windows to the networked world.”

The New Horizon Report[3. L. Johnson, A. Levine and R. Smith, “The 2009 Horizon Report,” The New Media Consortium, 2009.]

The growing business use of Web 2.0 technologies such as blogs, wikis, and social networking tools, along with other developments such as Internet “cloud” based applications, are making information management more challenging. The emergence of such technologies is a challenge to the “very strong and entrenched ‘command and control’ ethos that is prevalent in the records management world.[4. Steve Bailey, “Managing the Crowd: Rethinking Records Management for the Web 2.0 World,” Facet Publishing, 2008, p. 68.]

The reality today is that each knowledge worker – like it or not – is his or her own records manager. Responsibility for the creation and management of information has become highly distributed and a new generation of Internet-based tools and applications only encourage this trend.

In addition, technologies like “Google Wave”  create new difficulties. Products that blend together formerly discreet communication, collaboration and content creation tools challenge the long-standing focus on “the document” and usher in a world where we no longer manage discrete piece of information.  The “wave” of information created by these tools is an ever-changing Hydra that pulls information from a variety of sources and blends them together into an environment that cannot be “retained” or managed using traditional approaches.

As technology – and the new forms of information created by that technology – grows more complex, IG provides the foundation from which we can build processes and techniques to properly manage that information. IG isn’t getting any easier – the time to act is now.

What Does Increased Regulatory Enforcement Look Like?

“We recognize the issue of costs to companies to implement robust compliance programs . . . the cost of not being FCPA compliant however can and will be much, much higher.”

Lanny A. Breuer, the assistant attorney general of the DOJ’s criminal division

It seems like everyone with an axe to grind in the information governance world – including yours truly – likes to salt every presentation and whitepaper with the apparent axiom that we are in an era of increasing regulation.

Other than listing a bunch of new-ish laws and proposed laws, it is often hard to quantify what increased regulation looks like. Recently, though, I came across some interesting facts in a speech from an official from the Department of Justice (DOJ), that do just that.[1. You can find the transcript of the speech linked from this WSJ blog post.]  The speech concerns enforcement of the Foreign Corrupt Practice Act (FCPA), a federal law that has been on the books since the 70s and in essence criminalizes bribery of foreign officials by American companies and individuals.

In the past few years, the DOJ has recently focused on aggressively enforcing the FCPA, and the result has been:

  • A record number of trials
  • A record number of individuals charged with violations (” . . . prosecution of individuals is a cornerstone of our enforcement strategy.”)
  • Record corporate fines, including one of $1.6 billion and another of $579 million
  • More enforcement actions between 2005 and 2009 than in the previous 30 years

This is what increased regulatory enforcement looks like. Very respected and senior individuals have gone to jail, name-brand companies have paid millions in fines, and many more individuals and companies have plead guilty to avoid the pain and spectacle of a prolonged investigation or trial.

So, is compliance getting tougher? Factually, in the FCPA world, the answer is clearly yes. However, I think these facts also help to support the larger case that the business operating environment is getting more regulated, and the era of a “compliance program” consisting of a few dusty binders sitting on a shelf are over.

What do you think?