Three years ago, I sat down in a conference room in Washington, D.C with some really smart people and we quickly realized that we shared a vision for a consortium and think tank devoted to advancing Information Governance. Each of us had seen the incredible value that better information governance could create for their respective clients, but had also witnessed the consequences of information failure first-hand. Without a way for IG practitioners to share their experience across disciplines, it seemed unlikely that the promise of information governance would be fulfilled. Today, thanks to the support of like-minded individuals and organizations, this vision has been realized.
I am so pleased to announce the launch of the Information Governance Initiative (IGI), a cross-disciplinary consortium and think tank focused on advancing information governance. The IGI will publish research, benchmarking surveys, and guidance for practitioners on its website at www.IGInitiative.com. The research will be freely available, and the group will also be providing an online community designed to foster discussion and networking among practitioners.
I am founder and executive director, and it would be great if you would join us.
I believe information can be a positive transformative force in the world – improving business, government, and the lives of people in all walks of life. But I also believe that these benefits are not automatic, and in fact will only be the result of sustained, proactive efforts to understand and manage information in a better way. I believe that there is a need for like-minded people to come together and find this better way. A forum for ideas, facts, and techniques. An initiative that pushes the market forward and builds information literacy.
That’s why we created the Information Governance Initiative – and why we want you to be a part of it.
Who We Are
The IGI Advisory Board is comprised of members drawn from the disciplines that own the facets of information governance including information security, data science and analytics, e-discovery, business management, IT management, compliance, business intelligence, records management, finance and audit, privacy, and risk management. We are also developing a Corporate Council comprised of practitioners working in IG. Contact us if you are interested in participating in the Corporate Council.
At launch, IGI Advisory Board members include Courtney Ingraffia Barton, senior counsel, global privacy at Hilton Worldwide, Inc.; Julie Colgan, president of ARMA International; Leigh Isaacs, VP of the information governance Peer Group at ILTA; and Richard Stiennon, chief research analyst at IT-Harvest and well-known cybersecurity expert. Additional board members are being added on an ongoing basis.
The IGI is launching with broad support from leading providers of information governance products and services, including:
We are also partnering with a variety of organizations to bring IG stakeholders from different disciplines together to work on the information governance problem. For example, we have partnered with The CFO Alliance, a community of over 4,000 senior finance professionals, to bring the IG conversation to the finance community. ARMA International has appointed a representative to the IGI Advisory Board, and the two organizations plan on working together to advance the adoption of information governance. In addition, the IGI will be presenting several sessions on information governance at the Managing Electronic Records conference in Chicago, May 19-21, 2014.
Get Involved in the IGI
Members of the leadership team are speaking about information governance at nine different sessions during the LegalTech NY 2014 conference between February 4-6th. If you are there, come see us and also visit our Charter Supporters in the exhibit halls.
Learn how you can get involved in the IGI at, www.IGInitiative.com
I also invite organizations interested in supporting the advancement of Information Governance to contact me at 646 450 4468 or barclay.blair@IGIniative.com.
“Information retrieval is a significant problem for businesses. Further, the extent of the problem worsens with increasing size of the document collection [and] the less formal the information stored.”
Information Retrieval in Business: An Unmet Challenge[i]
Unstructured information, at its simplest, is information that does not reside in the rows and columns of a database. Any database user understands that the meaning of a field in a database is a combination of what the row and the column each mean, such as the price of a widget on a certain date. However, unlike the structured information that resides in databases, unstructured information does not always have a predetermined form, business purpose, use, value, or security classification.
As a result, managing unstructured information is tricky. Many long-established techniques for database administration simply do not apply. This complexity also makes calculating the total cost of unstructured information difficult.
Unstructured information comes in many forms, including word processing documents, spreadsheets, social media posts, and log files automatically generated by computer servers. Some unstructured information has more structure than others (email messages, for example, all have a header, subject line, and message body). Some call this information semi-structured information, but for our purposes, we will use the term unstructured information to include semi-structured information as well.
The volume of unstructured information is growing dramatically. Analysts estimate that, over the next decade, the amount of data worldwide will grow by 44 times (from .8 Zetabytes to 35 Zetabytes: 1 Zetabyte = 1 trillion Gigabytes).[ii] However, the volume of unstructured information will actually grow 50% faster than structured data. Analysts also estimate that fully 90% of unstructured information will require formal governance and management by 2020. In other words, the problem of unstructured information governance is growing faster than the problem of data volume itself.
What makes unstructured information so challenging? There are several factors, including
- Horizontal vs. Vertical. Unstructured information is typically not clearly attached to a department or a business function. Unlike the vertical focus of an ERP database, for example, an email system serves multiple business functions – from employee communication to filing with regulators – for all parts of the business. Unstructured information is much more horizontal, making it difficult to develop and apply business rules.
- Formality. The tools and applications used to create unstructured information often engender informality and the sharing of opinions that can be problematic in litigation, investigations, and audits – as has been repeatedly demonstrated in front page stories over the past decade. This problem is not likely to get any easier as social media technologies and mobile devices become more common in the enterprise.
- Management Location. Unstructured information does not have a single, obvious home. Although email systems rely on central messaging servers, email is just as likely to be found on a file share, mobile device, or laptop hard drive. This makes the application of management rules more difficult than the application of the same rules in structured systems, where there is a close marriage between the application and the database.
- “Ownership” Issues. No employee thinks that they “own” data in an accounts receivable system like they “own” their email, or documents stored on their hard drive. Although such information generally has a single owner, i.e., the organization itself, this mindset can make the imposition of management rules for unstructured information more challenging than structured data.
- Classification. The business purpose of a database is generally determined prior to its design. Unlike structured information, the business purpose of unstructured information is difficult to infer from the application that created or stores the information. A word processing file stored in a collaboration environment could be a multi-million dollar contract or a lunch menu. As such, classification of unstructured content is more complex and expensive than structured information.
Taken together, these factors reveal a simple truth: managing unstructured information is a separate and distinct discipline from managing databases. Moreover, determining the costs and benefits of owning and managing unstructured information is a unique – but essential – challenge.
[i] Michael D. Gordon, “Information Retrieval in Business: An Unmet Challenge,” The University of Michigan, 1991. Online at, http://deepblue.lib.umich.edu/handle/2027.42/35654
[ii] International Data Corporation, “The 2011 Digital Universe Study,” June 2011. Online at, http://www.emc.com/collateral/demos/microsites/emc-digital-universe-2011/index.htm
I will be providing the keynote address on a half-day seminar hosted by Sita Corp, SAP, and HP at New York Athletic Club, on October 15, 2013 from 8:30-10:30 am.
I am going to be talking about the challenges of Information Governance in a Big Data world.
Register now at: http://ow.ly/po2mm
A few weeks ago, I mentioned that I was working on new feature article for Law Technology News about about how making more and more data “easily accessible” is both essential for Big Data to fulfill its promise and also a huge risk to privacy, intellectual property, and so on.
The promise of Big Data is based on a central assumption: that information will be easily, quickly, and cheaply available, on a grand scale. The plumbing of Big Data — the technology infrastructure — is designed to bring internet scale to enterprise data. Some of the surprising insights that data scientists hope to gain from Big Data analytics come from correlating information from disparate sources, in a context that was never imagined when the information was first created — such as correlating the type of computer used to book a trip with how much a traveler is willing to pay for a hotel room. Or using prescription drug history to screen health insurance applicants.
The problem of protecting privacy, intellectual property, and other rights will only grow more complex as our ability to access and process information becomes more sophisticated.
I also write about how these issues came to the forefront in the wake of the shooting tragedy at Sandy Hook Elementary school in Newton, CT. I also explore emerging technology that allows electronic content to “self-destruct.”
The article has now been published, and you can read it here (free registration required).
I was also interviewed about the article by Monica Bay, Editor-In-Chief of LTN, on Law Technology Now. You can listen to our discussion on the embedded podcast below.
Author: Barclay T. Blair
Update: Interesting article from NY Mag claiming that SnapChat is, “absolutely blowing up right now” on Wall Street because “the chances of incriminating material ending up in the hands of a boss or a compliance officer – or in a Daily Intelligencer story, for that matter – are low.”
This weekend I was finishing up my next opinion piece for the fine Law Technology News. My piece is about how making more and more data “easily accessible” is both essential for Big Data to fulfill its promise and also a huge risk to privacy, intellectual property, and so on. Look for that in the next issue.
Part of what inspired me to write about this was the success of Snapchat, a mobile app that lets users “chat” using photographs instead of text. Neat idea, but the twist is that the images automatically disappear after 1-10 seconds (the time is set by the sender). As you would imagine, Snapchat has gained a reputation as a teenage sexting tool, despite some indications otherwise. I set it up to see what all the fuss was about, and cajoled my wife to install it as well. Frankly I would say that any service that automatically deletes any self-portrait I have taken after turning 40 is doing me a huge favor. Anyway, Snapchat was quickly copied by Facebook, with its Poke application, although Poke seems to be less popular than Snapchat to date.
I did some more digging around in this space, and it turns out there are a number of startups focused on so-called self-destructing messages. For example:
- Vaporstream offers “secure recordless messaging” technology aimed at enterprise users
- A startup involving Phil Zimmerman, crypto-hero and creator of PGP, called Silent Circle offers secure mobile voice and messaging, including “burn notices” for text messages
- Burn Note: self-destructing email
- Wickr: self-destructing texts, pictures, video
- Gryphn: self-destructing text messages, with screenshot capability disabled
- Privnote: web-based, self-destructing notes
- Tigertext: enterprise-focused secure texting with message timers
- Burner: temporary phone numbers for calling and texting (hat tip to Bill Potter at The Cowen Group for pointing me to the last two on this list)
The category of “disappearing email” has been around at least since the late 1990s. In that era, a company called “Disappearing Inc.” got a lot of attention, but was not successful. A similar company called Hushmail from that era is still around, but suffered from some bad press when email that users thought had been “disappeared” was turned over in the course of a lawsuit. In any case, neither company ushered in a new era where email automagically goes away. However, given this new crop of startups, I wonder: were these 90s companies ahead of their time, poorly managed, or just a bad idea?
On the corporate side, I don’t see a large appetite for this kind of technology. I have had this conversation with clients many times, and although they love the idea in concept, they are very worried that using the technology will create the appearance of evil (just as the first thought we naturally have about Snapchat is that is must really be for sexting). Executives in particular feel that the use of the technology creates the impression of having something to hide. Perhaps if email had had this capability from the beginning, the risk would not be there. Corporate culture is conservative by nature, and no company wants to draw attention to itself in this area.
This fear is not without justification. Many general counsels are fearful of deleting any corporate email messages at all, which is why many of the world’s largest and “well-managed” companies have hundreds of terabytes of old email sticking around. Remember that in the world we live in, prosecutors sometimes chastise companies for not keeping all their messages forever because, after all, tape storage is “almost free.” There certainly is a case to be made that spoliation fears are generally overblown, given the number of times spoliation actually leads to a a fine or judgement, but the fear of throwing away the wrong thing is not groundless. Getting rid of junk defensibly requires a logical, justifiable process.
Unless an organization is in a highly classified environment, I think most general counsels and their litigation partners would tremble at the thought of explaining why most of the company used “normal” email but their executives/salespeople/take your pick used “special” email that disappears. It does not pass the smell test. Selective use is problematic.
On top of that, you have users who find operational benefit from having records of their business activities in email. You also have the emerging world of Big Data, where email in aggregate potentially has big value if you get it onto Internet-scale infrastructure and point the right tool at it.
In any case, check out the full piece when it runs in the next issue of Law Technology News.
Author: Barclay T. Blair
“It was a profoundly man-made disaster — that could and should have been foreseen and prevented. And its effects could have been mitigated by a more effective human response . . . For all the extensive detail it provides, what this report cannot fully convey — especially to a global audience — is the mindset behind this disaster.”
Kiyoshi Kurokawa, Chairman of the Fukushima Nuclear Accident Independent Investigation Committee, July 2012
“In the first minute after the autopilot disconnection, the failure of the attempt to understand the situation and the disruption of crew cooperation had a multiplying effect, inducing total loss of cognitive control of the situation . . . A review of pilot training did not provide convincing evidence that the associated skills had been correctly developed and maintained.”
French air investigator’s final report on the 2009 crash of Air France Flight 447, resulting in 228 deaths, issued July 2012.
“’Someone was in danger,’ explained Mr. Lopez . . . ‘I wasn’t going to choose my job over someone in danger. My job is to help people in distress. It was a moronic rule in my opinion that they set up. I understand the liability issues, but . . .’ He breached protocol by running to an area outside his beach zone without waiting for his supervisor to arrive to cover his station, posing a potential liability problem.”
Lifeguard Says He Chose Saving Man Over Saving Job, New York Times, July 5, 2012
The most powerful earthquake in Japan’s recorded history. A Tsunami with 130′ waves that penetrate six miles inland. Thousands of lives lost. Reactors in a coastal nuclear power plant start to melt down. Radioactive gas is released into the atmosphere. It’s a nuclear disaster. The cause? Obvious: forces of nature.
Wrong. Organizational culture.
On an Air France flight from Rio de Janeiro to Paris, instruments designed to measure airspeed fail, causing some autopilot systems to fail. The crew, confused about their speed and angle of flight, put the plane into a stall and it crashes into the ocean, killing everyone on board. The cause? Obvious: mechanical failure.
Wrong. Organizational culture.
A young lifeguard in Florida is fired. Why? Because he disobeyed company procedure to rescue someone he thought was drowning. The procedure had a single purpose: protect his employer from legal liability. He mistakenly believe that he had a single purpose as a LIFEGUARD: guard lives.
I picked each of these three stories from Section A of the New York Times this morning, not because I was looking for them, but because the thread connecting them resonated with me, and some thinking I have been doing about the role of organizational culture in information governance. These are from one section of one newspaper on one day, picked out by someone jostling for a seat on a sweaty F train ride. Not exactly random, but not exactly exhaustive research either.
The hardest part of information governance is changing (or at least challenging) organizational culture.
This is such a glib statement. Borderline tautological. Almost axiomatic. But, there is truth here, somewhere.
For the past twelve years, I have made my living as a subject matter expert. But lately I’ve been wondering which subject matter really matters. Over the dozen years I have thought of myself – and marketed myself – as an expert on a variety of topics (not necessarily at the same time): information security, electronic evidence, privacy, software product marketing, content development, records management, compliance, IT governance, electronic content management, taxonomies, ghost-busting, information architecture, e-discovery, information governance. I’ve always been this way, I guess. In high school I started an business fixing cars. In university I made extra money teaching university-level classes on HTML and hand-coding webpages for professors.
However, I have never thought of myself — nor marketed myself — as an expert on organizational culture. I never set out to become an expert. But, after witnessing the gooey inner workings of dozens and dozens of organizations large and small, in multiple industries, I seem to have learned something. I don’t directly sell what I know corporate disfunction to clients, but it might be the most valuable thing I offer.
Organizational culture is the rocky, rugged shore upon which the bravest barques crash. I have concluded that it is nearly impossible to fundamentally change organizational culture. Not completely impossible, just very difficult.
And yet, the success or failure of most multi-million dollar enterprise software implementations ABSOLUTELY DEPENDS on thousands of individuals changing their behaviour. CRM or sales force automation software mostly fails if sales and marketing people don’t change they way they do their jobs, in dozens of tiny ways, every day. Content management and collaboration software fails if thousands of employees don’t change they way they find, create, and communicate information – assuming you can get them using the platform at all. Enterprise social media fails unless most employees see the rewards of total transparency at work.
This is no secret – those who sell the software will tell you this. For example, here’s a quote from a recent OpenText blog post:
“What’s the biggest barrier you’ll face when deploying collaborative or social software (or even straight document management)? It’s swaying people’s attitudes and behaviors towards their information, knowledge, and content.”
Organizational culture isn’t much easier to engineer than national culture. Despite being forced by Canadian cultural content laws as a teenager to listen to Rush, Corey Hart, Gowan, and Kim Mitchell, I still think they all suck (sorry, Tamir).
Cultural Engineering is hazardous work. In fact, it is so hard that a certain breed of startup software company is choosing to avoid it altogether by chucking the bitter controls that big companies need to function and focusing instead on the sweet candy users want – willfully ignoring the long-term effects on the organization. What are the long-term effects? At minimum, the creation of new toxic silos of disorganized, neglected, disconnected information bristling with all kinds of business and legal jagged edges. At maximum this strategy sends the customer blissfully skipping down a gilded path that can only lead to loss and theft; privacy disasters; millions of dollars spent in unecessary electronic discovery costs and lawyer fees; and fines and penalties for failing to comply with any number of the thousands of laws and regulations affecting a large corporation’s information.
You don’t have to move very much soil in a large company to find the fossilized relics of systems past that were earlier incarnations of this myopia. To whit: a manufacturing client with 34,000 Lotus Notes databases that nobody knew what to do with — the legacy of an earlier generation’s blind bliss of “empowering users” through self-provisioning and finally, once and for all, freeing them from the machinations of their evil IT overlords. The 34, 000 Lotus Notes databases that were the sweetest e-discovery honey hole for every plaintiffs attorney east of the Mississippi; the glorious user-empowered, next generation environment that caused my client to settle case after case because it was cheaper than extracting data from the wonderful, self-provisioned mess. The amazing, hands-off application building environment that they couldn’t afford to keep around, but that was too expensive to get rid of.
Some observers are criticizing today’s startup software companies for focusing on trivial problems (Nicholas Carr, for example: “An app for making vintage photos isn’t exactly a moonshot”). There’s even a parody website on the subject. I don’t know if this is true, or if it just seems this way (the topic has the smell of a “trend piece,” like the rise of Satanic cults in the 1980s). If it is, maybe there are BIG IMPORTANT sociological reasons for this. But one thing is certain: building software that provides real value to a big organization is hard, if only because cultural engineering is hard.
So, what are the enterprise startups working on? Well, here’s one category: shared drives in the cloud. It just makes me — I don’t know — tired? that some seem to think that putting a shared drive in the cloud is innovative. Or even edgy and “disruptive.” Conceptually, there is nothing innovative about it. Yes, the mobile and the multi-device user gives it legs. But it’s still just a damn shared drive — a great way to share information, but terrible for almost anything else. What happens after that glorious moment that the content is shared? Does the content just disappear? Are we keep supposed to never think about it again? What if we want to keep some information and throw some away? What if some of it needs special treatment because of some pain-in-the-ass law? Why are we pretending that shared drives in the cloud are immune from the problems of old-fashioned Windows networked shared drives? Shared drives stand in the way of every big company’s effort to do something meaningful with their pile of unstructured content. Do you spend millions cleaning them up? Millions migrating them to SharePoint? Even with the best “automated classification tools,” this still costs a large company millions — IF it can get the lawyers to bless the plan in the first place.
A few days before Microsoft purchased the company, I saw a senior executive from Yammer speak. It was a product pitch with the self-laudatory axiom, “adoption is the new ROI” as its centrepiece. Yammer (which some have called “FaceBook for the enterprise”) built its company in large part by offering the service to corporate users for free, then charging IT administrators to manage the resulting mess. The axiom was proven out by the company, as user counts no doubt were a central metric used by Microsoft to justify its $1.2B investment, but as an axiom for enterprise software it is gibberish. And cynical. Companies in this space also seem to love marketing slogans like, “75% of the Fortune 500 use our software,” which tells you about as much about their enterprise penetration as it would if Rovio, the maker of Angry Birds, claimed that “100% of the Fortune 500 use our software.”
Are these companies thinking big? Do they have an enterprise moonshot? Are they tackling the truly complicated information problems of the large enterprise?
Many companies, both old and new, are tackling complicated problems. Bringing Internet scale to enterprise data. Layering massively powerful analytical tools on top of the data. Empowering the messy, risky big decisions that must be made about vast pools of we create. Refusing to be cowed by legal FUD. Cleaning up mind-boggling volumes of junk. Investing the time and money it really takes to understand vertical, business unit, and departmental problems, and deliver unsexy, but truly valuable software and process. Empowering users in a way that balances shiny new toy syndrome with the complex realities of a real-world operating environment.
But, perhaps even these companies are focusing their attention on enterprise problems that do not require cultural change or engineering. Problems that do not require any change in what a user does or does not do. Billions of dollars of enterprise software have been sold over the years because the person writing the checks believed that changing user behaviour was possible. The engineering of organizational culture has been the sine qu non of enterprise software.
Have we now reached the point where it is simply old fashioned to believe that it is possible or desireable to dicate, or at least motivate, a user to do something, or to not do something? Perhaps, but any number of corporate programs, from safety to sales practices to performance reviews, rely on this dynamic. At the same time, it’s obvious that culture engineering adds significant friction to the process of selling and implementing enterprise software, so providers are logically looking for ways to minimize or avoid it altogether.
Engineering organizational culture is engineering human behaviour itself, on a large scale. In that sense, it is not mysterious. Show the value of the change to the individual. Use incentives and consequences to create social pressure – the true motivator. Rinse and repeat. Despite the challenges, I don’t think we have moved past the need for organizational change in the world of Information Governance.
Author: Barclay T. Blair
I recently met the former CFO of Radian6, a social media monitoring company that was incubated and grown in New Brunswick, Canada, and we had a great discussion about the role that this kind of technology can play in developing, andvancing, and protecting a brand. He is the former CFO only because the company was recently acquired by SalesForce – an illuminating acquisition.
For those of you new to this technology, the basic idea is that it allows organizations to monitor social media such as Twitter and FaceBook for discussion of a company, its products, its marketing campaigns, and so on. Analytical tools and techniques help companies measure “sentiment” (i.e., do people like or hate your latest product?) and other trends that might be meaningful for sales, marketing, customer support and other purposes.
I recently had a personal encounter with social media monitoring. Last week I did a speaking engagement at an OpenText user group meeting. It was hosted by McDonald’s Corp. at their executive training facility, called “Hamburger University.” No, Hamburger University isn’t just a street name or euphamism for the training center – that is its actual name (see photo below for proof).
Hamburger University is part of McDonald’s campus-style headquarters west of Chicago. I stayed “on campus” at a Hyatt connected by a bridge over an idyllic pond (“Lake Fred”) to the training facility. It’s a beautiful location – 80 acres of lakes and trees and prairie-style architecture.
It was an great event – I presented an “Introduction to Information Governance,” and there were some detailed case studies from OpenText customers like Hyatt about how they are using their digital asset management, social media management, and other products.
Anyway, the morning of the event, I tweeted the following:
Shortly thereafter, the Hyatt tweeted the following, and I replied:
And the McDonald’s Corp tweeted the following, and I replied:
This is social media monitoring software at work, which is cool to see. But there is something even more remarkable happening here, as my friend and enterprise software marketing guru Sean Wilcox (EVP at IT.com) pointed out:
“Such a great way to connect more deeply with customers, partners etc. No wonder Oracle and SFDC are buying companies that help them do this. However, note that, even with all the automation, an individual with a sense of humor created the spark that made this memorable. Praise to the person who replied about Hamburgler.”
This is a great insight: although the technology enabled the interaction, it was the human spark that made it memorable.
We are working on a number of social media governance projects, so this lesson is useful. In some ways, enterprise social media has painted itself into a corner. On the one hand, a key part of its value proposition is its supposed “authenticity,” i.e, its ability to enable “real conversations” among employees, partners, and customers. On the other hand, creating and maintaining authenticity takes a lot of time and effort – too much for many leaders, subject matter experts and other folks with real jobs who might be tapped to represent your brand online. Clearly, any hope of sustaining a new kind of interaction between a brand and its market through social media cannot happen without automation that helps your people find the time to be focused, authentic, and memorable.