Data proves information governance is a priority for senior management, but research shows senior executives are doing very little to address it.
Data leaks and security breaches have pushed information governance up the corporate agenda, as concerns grow about excess litigation costs, loss of intellectual property and damage to reputation.
But what is happening in enterprises to deal with these issues? Next to nothing, research from AIIM, the professional body for information specialists, reveals.
Only 10% of industry professionals who took part in the global survey confirm they have a respected and enforced information governance policy in place. Meanwhile, 21% say they have a policy in place, but it’s regularly flouted.
Why? Because the volume, velocity and variety of information corporations handle is making it virtually impossible to maintain the metadata needed to automate governance processes.
On the whole, organisations are stabilising the volume of paper records, while the mountain of electronic documents is “increasing rapidly” in 68% of organisations surveyed.
Download more research from AIIM
Why are we behind with metadata automation?
The problem is automation is already a critical requirement needed to ease the burden on the information security team.
The benefits from automated classification are improved ability to find requested information (48%), higher productivity (29%) and sounder approaches to compliance work (29%), according to research participants.
To be successful, automation of metadata tracking needs to go hand in hand with a comprehensive information governance policy.
Creating one of these is a major task, as we know – and the keys to success are senior management endorsement and staff engagement.
If that wasn’t challenge enough, revelations about security in the past year or so – including The US National Security Agency (NSA) surveillance practices, disclosed by whistleblower Edward Snowden – have added the factor of legal requirements to keep safe custody of sensitive data, and the need to maintain the trust of customers.
This has brought the realisation that content either needs to be deleted if it has no value, or governed throughout a defined lifecycle – if it has one. Of course, it’s not always clear which information can be deemed to be of no value and, as a result, many organisations keep everything, increasing both storage costs and potential legal liabilities
Too many ‘works in progress’
That makes a coherent, sensible information governance policy a necessity. However, getting senior-level endorsement and involvement is the biggest issue in creating such a policy.
Despite initial good intent in creating information governance policies, there is generally poor follow through with training, audit and enforcement. A lack of support can lead to these good intentions withering on the vine.
This leaves many organisations at risk. For 55%, information governance policy is very much a work-in-progress. Meanwhile, of those which have information governance roughly outlined, only 19% regularly audit for compliance.
This is the process of scanning all of the existing records of the organisation in preparation for going paper-free.
By analogy, back-file correction means trawling an existing repository and automatically setting the metadata to a new standard, and/or inserting keyword tags.
Some 40% of organisations do not allocate any staff time to educate them in such policies and, worst of all, only 4% specifically update senior management on what’s happening with this crucial aspect of the business.
We all know it’s too much to expect users to be diligent in following policies, especially given rapidly increasing volumes of information they have to deal with. That’s why we need automated tagging, metadata correction and records classification.
Early adopters of this approach seem to be having success with the technology and a consensus is growing that it's the best way to demonstrate compliance, reduce litigation risk and check on the rapidly growing volumes of stored content.
Time to step up to the metadata plate
A strategy of rules-based metadata application and back-file correction may well be your best friend when it comes to your growing challenges around security validation, compliance audit, retention management and improved search at scale.
Getting metadata handling right could offer valuable protection for your business – so you need to address this sooner rather than later.
Doug Miles is head of the market intelligence division at global information professional body AIIM and is the author of a series of AIIM studies on enterprise content management, records management, Microsoft SharePoint, mobile, cloud, big data and social business.