Opinion

The challenges of information governance in our increasingly litigious age

Once upon a time records equalled paper. Increasingly, records exist in electronic form all over the business. Businesses therefore need much wider information governance policies to ensure that records are as secure as they were in the company library era – but are much easier to locate.

Organisations will always face the risk of litigation over the poor handling of records – from the Information Commissioner's Office (ICO) and commercial and patent cases to actions by regulators and the state. All actions now include the "e-trail" – the evidence provided by electronic documents, emails, instant messages (IMs), and social network comments.

Big-data-storage-wordle.jpg

These new records need to be “discoverable” and presentable to regulators and lawyers. At the same time, more and more data is being stored and collated in our datacentres.

As a result, we need to examine what shape enterprise records management should take – and how, in the age of big data, we keep a lid on escalating costs of storage. 

A recent AIIM study, Information governance – records, risks and retention in the litigation age, highlights the fact that senior management is ignoring the risks. The study found that 31% admitted their inferior electronic records keeping is causing problems with regulators and auditors, while 14% said they were incurring fines or bad publicity due to bad handling of information.

Why we can't wait for the “paperless office”

The research showed that for 42% of organisations, the volume of paper records is increasing. 

However, as organisations get inundated with more and more content, the issue of retention and deletion has come to the fore to put some restraint on the exponential growth in electronic storage as well as in paper storage. 

This is why, more than ever, good information governance is required.

Risky business

In particular, as information governance is about protecting confidential and customer-related data, it can head off the bad publicity and loss of customer confidence that can result from a data leak.

Security breaches can be highly damaging, leading to fines from data regulators, criminal prosecution, as well as severe reputational damage. The loss of intellectual property is another risk, while an inability to respond to Freedom of Information (FOI) requests can be a serious issue.

Although around two-thirds of organisations will have some level of information governance policy in place, its effectiveness is widely crippled by poor training. Only 16% regularly train all staff while 31% do no training at all.

Retain versus delete options

Meanwhile, in half of those surveyed there is considerable inequality between the practices applied to paper records versus electronic records – and large gaps for both. 

While retention periods are widely set for both media, they are less likely to actually be implemented for electronic records – people hesitate to click the delete button.  

Social content management is not even on the agenda

Most organisations say they record application-generated output, but few record dynamic or personalised content. Collaborative (e.g. SharePoint-based) content and instant messaging are typically not incorporated, but can be implicated in breaches of acceptable use and insider malpractice. Finally, still off the radar, are the staff contributions to social sites, or the unofficial use of cloud-based sharing sites for company data.

The problem regarding social content is the sheer volumes involved. It’s also hard to capture and read. However, 37% of respondents agreed that there are important social interactions that are not being saved or archived. Indeed, less than 15% of organisations include social postings in their retention schedules.

If you don’t tag it how will you know when to delete it?

Even where retention policies exist, monitoring and enforcement is a concern, especially across multiple repositories and other enterprise systems. A related issue is poor classification of content in most enterprise content management (ECM) systems. Automated classification and tagging on a retrospective basis will improve search, help exploit retention periods to decrease storage load, and set things up for big data analytics.

Those users who do apply retention periods may not see the benefits for six or seven years, but some are now reporting a cut in their storage overhead as a result of their retention policies. Deriving the benefit for e-discovery searches still has a way to go, however, with 53% saying they are still reliant on manual processes.

Cloud is not in everyone’s future

Nearly half (46%) of organisations would “definitely not” or “probably not” consider using cloud for managing electronic records, although 23% would consider using an existing paper records outsourcer for cloud services.

Meanwhile, budgets for records management technology continue to increase, with 45% of organisations planning to spend more and only 14% looking to spend less. Automated classification tools, enterprise search and email management are likely to be the biggest growth areas.

Enterprise-wide governance policies and system strategies

If you already have an information governance policy in place, determine ways to monitor compliance, ensure staff are trained and remember your policy needs to evolve to include new media and new content types. Finally, look to systems to help manage and classify content as a way to evolve your storage and provide improved discovery procedures.

In conclusion, get ready for the new era of the post-paper record, or be prepared to face the consequences.


Doug Miles is head of the AIIM Market Intelligence Division and the author of a series of studies on ECM, records management, SharePoint, mobile, cloud and social business for the organisation.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in June 2013

 

COMMENTS powered by Disqus  //  Commenting policy