Before I write (extensively) about why information governance is so difficult and what has to happen to make it happen, I should tell you what I mean by ‘information governance’. Like the term ‘information’ itself, different people mean different things when they talk about this topic.
There are lots and lots (and lots) of definitions of ‘information’, none of them universally accepted, that finally, once and for all, sort and define the terms ‘data’ ‘information’ ‘knowledge’ and let’s add ‘content’ to that list. You can look in wikipedia if you like, but that too will leave you unsatisfied, as it says ‘Information is a concept that has many meanings’.
Instead of trying to define the word information on its own, its easier if we talk about the whole idea of ‘information governance’. In an organizational context, a few things are implied. First of all, the information in question is always explicit: that means its written or recorded in some way, and these days the media is usually digital, although there is still a lot of paper out there.
Gartner’s own (official, which means we argued about every word) definition of is as follows:
Information governance is the specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.
It is derived from our definition of IT governance which ‘may be defined as the processes that ensure effective and efficient use of IT in enabling an organization to achieve its goals’.
Note that neither definition includes any notion of coercion, but rather ties governance to accountability that is designed to encourage the right behavior. There is something buried in the definition which I think is at the heart of what I consider to be the problem that most of us face when we start talking about information governance. The word that matters most is accountability. The root of all of our problems with information, and we do have lots of problems with it, is the fact that there is no accountability for information as such.
That might sound ridiculous, but think about it. IT owns the systems that we use to create it and store information. That means they own the bits and bytes. But they do not own the ‘information’ or really understand its meaning to the business, beyond who it is created by, what system is used, and various other derived characteristics. Furthermore, ‘IT’ has no idea what data might be useful in a given business context. Why should they? Their job is to manage information technology: hardware, software and networks. There is information that is important to them, technical documentation, project documentation and so on, but as for the spreadsheets used by accountants to forecast quarterly results, IT has no idea, nor should it. Of course, data modelers and other IT types who are focused on defining important system-wide entities for common use need to understand the data they are working with, but its always an interpretive exercise. The overall requirements of any information system must be specified, ultimately, by the business people who define, understand and own the process and its accompanying data.
The people who staff the functions that produce and use the information are the people who know its value, understand what they need to save for recordkeeping purposes, can point out the current version of documents, should know how long a given document or set of data is going to be useful from a business continuity perspective. And while business people may know these things, it is often difficult – or impossible – to get them to articulate their own information needs. Furthermore, they see no reason why they should. The resources they use to produce, store and consume information are owned by and paid for by someone besides themselves. Besides which, the personal hard drive, memory stick, file share, or whatever, are viewed as practically infinite. And indeed, for most of them (us) they are. An individual can pile as much stuff as he or she can create and collect on their personally owned desk top or laptop device, buy auxiliary storage at the local electronics store, and get UNLIMITED FREE email, image, data storage from Yahoo or Google. The very notion that they need to waste their valuable time paying attention to which version of a file is the current one for their project, deleting 10 year old documents from a shared drive or indeed performing any other information management or governance task is viewed as anathema. And so the circular argument begins: its not my job, IT should do it, by which they mean buy more storage and get us that piece of magic software that will fix the problem once and for all.
These days, there is the added complication of ‘compliance’, an all purpose stick with which everyone uses to beat everyone else and mostly has resulted in even more reluctance to manage information in any way other than simply allowing it to accumulate for fear that deleting it is forbidden by some obscure law or regulation. Lawyers have been increasingly dragged into the discussions about information governance and that usually complicates matters, rather than makes them simpler. Most legal counsel do not know exactly what business documents must be preserved, in every case. If there is pending litigation, its easy enough, and that they do understand. Otherwise, they lob the ball back into the business user’s court and the circular arguments begin again.
This is not to imply that either lawyers or business people are uninformed or irresponsible. It’s a matter of domain expertise and a comprehensive lack of clarity in laws and regulations. Although this doesn’t apply to you, unless you work in the Executive Office of the President, read the definitions in the in the Presidential Records Act (of 1978): http://www.archives.gov/about/laws/presidential-records.html.
You only need to read sections two and three. Clear? Ok. Now think about these definitions in relation to e-mail. How would you do if you were asked to separate your ‘personal’ email from ‘official’ email? What system do you know of that would allow this separation to happen automatically? Easy, you say, save it all and sort it out later. And that, as it happens is what most of us do, with e-mail, files, data and everything. We save everything – and lawyers often give this advice – because it’s the easiest thing that we can do that we assume will not get us into any kind of trouble. I suppose its all in how you define trouble and whose trouble it is. Most of us don’t have to deal with the trouble this causes: the wasteful expense, the potential legal repercussions, or the time and energy someone else might have to spend figuring it out one day. Again, we’re back to accountability.
Unless we make information governance someone’s job, its not going to happen. Most people thing about today, and what needs to be accomplished, rather than what will happen in the future. Its only human. We push non-essential decisions off into the future. Even if we intend to organize things or clean them up, its not something we’re going to do today, because today we have to close the books, or write the code or talk to the client, or whatever else it is that we have to do.
After writing all these words, it occurred to me that my point about information governance could be made more easily by one of my favourite characters from a Disney movie, ever: Roz the Slug from Monsters, Inc.
So how do you get information governance to happen? Well, you do need Roz, but you also need to change Wizowski’s objectives.